Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2AA6A175E8 for ; Thu, 10 Sep 2015 12:25:24 +0000 (UTC) Received: (qmail 67697 invoked by uid 500); 10 Sep 2015 12:25:23 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 67645 invoked by uid 500); 10 Sep 2015 12:25:23 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 67633 invoked by uid 99); 10 Sep 2015 12:25:23 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Sep 2015 12:25:23 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id A552BE54B9 for ; Thu, 10 Sep 2015 12:25:22 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.901 X-Spam-Level: ** X-Spam-Status: No, score=2.901 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id SMhNtv80bLBM for ; Thu, 10 Sep 2015 12:25:08 +0000 (UTC) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 6C6FD2162A for ; Thu, 10 Sep 2015 12:25:07 +0000 (UTC) Received: by wiclk2 with SMTP id lk2so26116318wic.0 for ; Thu, 10 Sep 2015 05:25:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=4qxHODwtWthgM+l44xjy3gnfLrsM8xNJWhY7Fkg0RWY=; b=JstMk0HXKBa4JzXs6LCciexCRMj3kg5XUxjoFw1zrYdeMzJn2vNMnhJnxUlKgRuKcK nVva2pDn6bj+jttH/tnUQwI0s89VV9bawOD3iFr3d+DwQ4dVkTfZXob/6MshNnjH1sXu 35EljZdkYQ4vIwar4EioMfc9Zg6kF8uMQXjDA+QIqUxe3F5u+72+uHOoxqcNHo45k+uM Gm90BbRtbG+MnLz0O0WVze/mFgPk/NTwv3tjyJz9xDrJB2xVWKLLqyXX+aXk2htsNnZB jLfdgIp+DBR3JbqVa/q/KHWHPRgC5VtNJMhOFZLS/Q7JJzBccLptQA2z3Ou/vqyvOicg 5Z2Q== MIME-Version: 1.0 X-Received: by 10.194.82.167 with SMTP id j7mr69736361wjy.123.1441887906163; Thu, 10 Sep 2015 05:25:06 -0700 (PDT) Received: by 10.28.189.5 with HTTP; Thu, 10 Sep 2015 05:25:06 -0700 (PDT) In-Reply-To: References: <1440860396179.6716@acentek.net> <2A131CE2-A1D5-4EB4-AF25-5F78F3ED0710@schubergphilis.com> <89552d1af7864cf58ae1b7132ccfe8e3@ACEGROUP-EXCH.acegroup.local> <640550cbfe854211ba4d0a3af8946b15@ACEGROUP-EXCH.acegroup.local> <77FD48C7-F46C-4F75-BAED-03A4B4E54F3E@mistercertified.com> Date: Thu, 10 Sep 2015 14:25:06 +0200 Message-ID: Subject: Re: VPC VPN Connectivity Issues From: Andrija Panic To: "users@cloudstack.apache.org" Content-Type: multipart/alternative; boundary=047d7bb04d2c73f445051f63b09e --047d7bb04d2c73f445051f63b09e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable ok, I also do that, route all traffic over VPN, but in that case, you need to know Internet stops working on your laptop :) not nice, but good security :) On 10 September 2015 at 14:15, Jeremy Peterson wrote: > I first thought of that but he doesn't know root and cannot sudo to add > routes. > > That's why I changed it to a full tunnel pushing all traffic over the VPN= . > > Jeremy > > -----Original Message----- > From: Sam Ceylani [mailto:sam@mistercertified.com] > Sent: Wednesday, September 9, 2015 6:52 PM > To: > Subject: Re: VPC VPN Connectivity Issues > > on windows -- vpn client automatically adds route for your vpc network, > check route -n on mac from terminal to see route is there and add manuall= y > if required... > > Sent from my iPhone > > > On Sep 9, 2015, at 7:47 PM, Jeremy Peterson > wrote: > > > > So I'm still looking into this has anyone ever tried this? > > > > Do you have anyone I can talk to? > > > > I've been asking since 8.29.2015 > > > > I guess the issue is on a Mac since my VPN network is 10.1.2.0/24 and > my VPC network is 192.168.2.0/24 he cannot connect. > > I tested it out on windows 8, 7, 10, 8.1 all work as expected. > > > > I don't have a Mac I can test with so I was hoping someone here would > have any advise. > > > > Jeremy > > > > -----Original Message----- > > From: Jeremy Peterson [mailto:jpeterson@acentek.net] > > Sent: Tuesday, September 8, 2015 8:12 AM > > To: users@cloudstack.apache.org > > Subject: RE: VPC VPN Connectivity Issues > > > > No my issue is not resolved I've been reaching out to the IRC channel > and have not received notification of anyone knowing what my issue could = be. > > > > It would be great to get some traction this week on the issue. I keep > having to open ACL for public access to the servers as this user is unabl= e > to get to the server via VPN. > > > > Jeremy > > > > -----Original Message----- > > From: Remi Bergsma [mailto:RBergsma@schubergphilis.com] > > Sent: Saturday, September 5, 2015 10:11 AM > > To: > > Subject: Re: VPC VPN Connectivity Issues > > > > Hi Jeremy, > > > > Did you already solve your problem? > > > > Not sure if it is possible to use the IPSec tunnels from remote VPN. > Firewall might be too strict, but haven't looked yet. > > > > Regards, Remi > > > > Sent from my iPhone > > > >> On 29 Aug 2015, at 17:00, Jeremy Peterson > wrote: > >> > >> I am not sure if this was asked or answered but googling has led me no > where. > >> > >> > >> I am running cloudstack 4.5.0, XenServer 6.5, Advanced networking w/ > VLAN segmentation. > >> > >> > >> I have a VPC setup which i am using a IPSec tunnel back to a zywall > firewall and a monowall firewall. > >> > >> > >> Monowall Cloustack VPC zywall > >> > >> 192.168.1.0/24 192.168.2.0/24 192.168.71.0/24 > >> > >> > >> Tunnels are setup in vpc for both locations and servers in cloudstack > can connect to the world and connect to the monowall and zywall networks. > >> > >> > >> Everything is fine with that but when I have a remote user that needs > to VPN into the cloudstack VPC is where i am thrown into a whirlwind of > questions. > >> > >> > >> I setup a VPN connection on the VR for the VPC. > >> > >> I setup username/password. > >> > >> > >> The user sets up the connection on his Mac OSX and using split tunnel > can connect to the VPN. > >> > >> > >> My VPN network is 10.1.2.0/24 > >> > >> > >> He receives a 10.1.2.3 ip address. > >> > >> > >> He is unable to ping the IPSec Tunnel gateways 192.168.1.1 and > 192.168.71.1. > >> > >> > >> He can get to the world as his default gateway is his router. > >> > >> > >> I switched to push all traffic over the VPN to remove the split tunnel= . > >> > >> > >> He is able to ping the 10.1.2.1 gateway on the VR > >> > >> > >> He is able to ping his gateway the VPC router 10.1.2.1. > >> > >> > >> He is able to ping the VPC network's gateway 192.168.2.1 > >> > >> He is unable to get to the world. I try to ping google dns 8.8.8.8 an= d > it doesnt' get past the VR 10.1.2.1 in traceroutes. > >> > >> I am looking for help on this as i'm confused. If I change him back t= o > a split tunnel as that would be prefered why is the tunnel not annoucing > all networks know to the VR. > >> > >> I was able to recreate this issue on windows 8.1. > >> > >> ?Jeremy > --=20 Andrija Pani=C4=87 --047d7bb04d2c73f445051f63b09e--