cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cloud List <cloud-l...@sg.or.id>
Subject Re: Site 2 Site VPN on VPC not working after upgrading ACS from 4.2 to 4.8.1.1
Date Sun, 06 Nov 2016 11:04:53 GMT
Hi,

[RESOLVED] Would like to share that I managed to find the workaround to the
problem by emptying the password ipsec_psk field on the entry inside
s2s_customer_gateway table, delete the VPN connection, modify the VPN
customer gateway with the new password (we will notice that the encrypted
format of the password will be populated into the ipsec_psk field), and
then recreate the VPN connection. The VPN connection will then be
established.

Hope the above can help others.

Thank you.

On Sun, Nov 6, 2016 at 6:16 PM, Cloud List <cloud-list@sg.or.id> wrote:

> Hi,
>
> Another issue we noted after upgrading ACS from 4.2 to 4.8.1.1 is that
> site-to-site VPN is not working. From GUI, I cannot even go to Home >
> Network > Select view: VPN customer gateway with below error messages shown
> on the GUI:
>
> ====
> Caught: com.mysql.jdbc.JDBC4PreparedStatement@45ae1e69: SELECT
> s2s_customer_gateway.id, s2s_customer_gateway.uuid,
> s2s_customer_gateway.name, s2s_customer_gateway.gateway_ip,
> s2s_customer_gateway.guest_cidr_list, s2s_customer_gateway.ipsec_psk,
> s2s_customer_gateway.ike_policy, s2s_customer_gateway.esp_policy,
> s2s_customer_gateway.ike_lifetime, s2s_customer_gateway.esp_lifetime,
> s2s_customer_gateway.dpd, s2s_customer_gateway.force_encap,
> s2s_customer_gateway.domain_id, s2s_customer_gateway.account_id,
> s2s_customer_gateway.removed FROM s2s_customer_gateway INNER JOIN account
> ON s2s_customer_gateway.account_id=account.id WHERE
> s2s_customer_gateway.removed IS NULL AND (account.type != 5 ) ORDER BY
> s2s_customer_gateway.id DESC LIMIT 0, 20
> ====
>
> This is the error messages on CloudStack management server:
>
> ====
> 2016-11-06 18:00:30,218 DEBUG [c.c.u.c.DBEncryptionUtil]
> (http-8080-2:ctx-da483727 ctx-695addac) (logid:3d3a6225) Error while
> decrypting: XXXXXXXX
> 2016-11-06 18:00:30,218 ERROR [c.c.a.ApiServer] (http-8080-2:ctx-da483727
> ctx-695addac) (logid:3d3a6225) unhandled exception executing api command:
> [Ljava.lang.String;@
> 6ad8a1d4
> com.cloud.utils.exception.CloudRuntimeException: Caught: com.mysql.jdbc.
> JDBC4PreparedStatement@55edbe9c: SELECT s2s_customer_gateway.id,
> s2s_customer_gateway.uuid, s2s_
> customer_gateway.name, s2s_customer_gateway.gateway_ip,
> s2s_customer_gateway.guest_cidr_list, s2s_customer_gateway.ipsec_psk,
> s2s_customer_gateway.ike_policy, s2s_custo
> mer_gateway.esp_policy, s2s_customer_gateway.ike_lifetime,
> s2s_customer_gateway.esp_lifetime, s2s_customer_gateway.dpd,
> s2s_customer_gateway.force_encap, s2s_customer_g
> ateway.domain_id, s2s_customer_gateway.account_id,
> s2s_customer_gateway.removed FROM s2s_customer_gateway  INNER JOIN account
> ON s2s_customer_gateway.account_id=account
> .id WHERE s2s_customer_gateway.removed IS NULL  AND  (account.type != 5 )
> ORDER BY s2s_customer_gateway.id DESC  LIMIT 0, 20
> ====
>
> Note that on "Error while decrypting: XXXXXXXX", I checked that XXXXXXXX
> is the cleartext IPsec preshared key (ipsec_psk field on
> s2s_customer_gateway table on the database). It seems that CloudStack tries
> to decrypt a clear-text / non-encrypted password? Does the ipsec_psk field
> on the database supposed to store the encrypted IPsec pre-shared key for
> the VPN connection under CloudStack version 4.8.1.1?
>
> I am able to execute the SELECT command on the database directly without
> any issues.
>
> Any help is greatly appreciated.
>
> Thank you.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message