You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ya...@apache.org on 2012/08/07 00:32:52 UTC
[6/6] git commit: S2S VPN: CS-15472: Separate IKE lifetime and ESP
lifetime
S2S VPN: CS-15472: Separate IKE lifetime and ESP lifetime
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/1b5103c5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/1b5103c5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/1b5103c5
Branch: refs/heads/vpc
Commit: 1b5103c5017b7c71d75c817e7900db27a6f97937
Parents: 469e180
Author: Sheng Yang <sh...@citrix.com>
Authored: Mon Aug 6 15:19:26 2012 -0700
Committer: Sheng Yang <sh...@citrix.com>
Committed: Mon Aug 6 15:19:26 2012 -0700
----------------------------------------------------------------------
.../agent/api/routing/Site2SiteVpnCfgCommand.java | 36 ++++++++--
api/src/com/cloud/api/ApiConstants.java | 4 +-
.../api/commands/CreateVpnCustomerGatewayCmd.java | 22 +++++-
.../api/commands/UpdateVpnCustomerGatewayCmd.java | 22 +++++-
.../response/Site2SiteCustomerGatewayResponse.java | 22 +++++-
.../response/Site2SiteVpnConnectionResponse.java | 24 +++++--
.../cloud/network/Site2SiteCustomerGateway.java | 4 +-
.../virtualnetwork/VirtualRoutingResource.java | 10 +++-
.../debian/config/opt/cloud/bin/ipsectunnel.sh | 33 ++++++---
.../xen/resource/CitrixResourceBase.java | 10 +++-
server/src/com/cloud/api/ApiResponseHelper.java | 11 ++-
.../cloud/network/Site2SiteCustomerGatewayVO.java | 43 ++++++++++--
.../router/VirtualNetworkApplianceManagerImpl.java | 6 +-
.../VpcVirtualNetworkApplianceManagerImpl.java | 6 +-
.../cloud/network/vpn/Site2SiteVpnManagerImpl.java | 53 +++++++++++---
15 files changed, 238 insertions(+), 68 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java b/api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
index 6e438f2..f9ec641 100644
--- a/api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
+++ b/api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
@@ -11,7 +11,9 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
private String ipsecPsk;
private String ikePolicy;
private String espPolicy;
- private long lifetime;
+ private long ikeLifetime;
+ private long espLifetime;
+ private boolean dpd;
@Override
public boolean executeInSequence() {
@@ -22,8 +24,8 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.create = false;
}
- public Site2SiteVpnCfgCommand (boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr,
- String peerGatewayIp, String peerGuestCidrList, String ikePolicy, String espPolicy, long lifetime, String ipsecPsk) {
+ public Site2SiteVpnCfgCommand (boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr, String peerGatewayIp,
+ String peerGuestCidrList, String ikePolicy, String espPolicy, String ipsecPsk, Long ikeLifetime, Long espLifetime, Boolean dpd) {
this.create = create;
this.setLocalPublicIp(localPublicIp);
this.setLocalPublicGateway(localPublicGateway);
@@ -33,7 +35,9 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.ipsecPsk = ipsecPsk;
this.ikePolicy = ikePolicy;
this.espPolicy = espPolicy;
- this.lifetime = lifetime;
+ this.ikeLifetime = ikeLifetime;
+ this.espLifetime = espLifetime;
+ this.dpd = dpd;
}
public boolean isCreate() {
@@ -68,12 +72,28 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.espPolicy = espPolicy;
}
- public long getLifetime() {
- return lifetime;
+ public long getIkeLifetime() {
+ return ikeLifetime;
}
- public void setLifetime(long lifetime) {
- this.lifetime = lifetime;
+ public void setikeLifetime(long ikeLifetime) {
+ this.ikeLifetime = ikeLifetime;
+ }
+
+ public long getEspLifetime() {
+ return espLifetime;
+ }
+
+ public void setEspLifetime(long espLifetime) {
+ this.espLifetime = espLifetime;
+ }
+
+ public Boolean getDpd() {
+ return dpd;
+ }
+
+ public void setDpd(Boolean dpd) {
+ this.dpd = dpd;
}
public String getLocalPublicIp() {
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/api/src/com/cloud/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/ApiConstants.java b/api/src/com/cloud/api/ApiConstants.java
index 923385d..825e276 100755
--- a/api/src/com/cloud/api/ApiConstants.java
+++ b/api/src/com/cloud/api/ApiConstants.java
@@ -373,7 +373,9 @@ public class ApiConstants {
public static final String REMOVED = "removed";
public static final String IKE_POLICY = "ikepolicy";
public static final String ESP_POLICY = "esppolicy";
- public static final String LIFETIME = "lifetime";
+ public static final String IKE_LIFETIME = "ikelifetime";
+ public static final String ESP_LIFETIME = "esplifetime";
+ public static final String DPD = "dpd";
public static final String FOR_VPC = "forvpc";
public static final String NICIRA_NVP_DEVICE_ID = "nvpdeviceid";
public static final String NICIRA_NVP_TRANSPORT_ZONE_UUID = "transportzoneuuid";
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java b/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java
index ae0e99c..9754f1c 100644
--- a/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java
+++ b/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java
@@ -58,8 +58,14 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ESP_POLICY, type=CommandType.STRING, required=true, description="ESP policy of the customer gateway")
private String espPolicy;
- @Parameter(name=ApiConstants.LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of vpn connection to the customer gateway, in seconds")
- private Long lifetime;
+ @Parameter(name=ApiConstants.IKE_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 1 VPN connection to the customer gateway, in seconds")
+ private Long ikeLifetime;
+
+ @Parameter(name=ApiConstants.ESP_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 2 VPN connection to the customer gateway, in seconds")
+ private Long espLifetime;
+
+ @Parameter(name=ApiConstants.DPD, type=CommandType.BOOLEAN, required=false, description="If DPD is enabled for VPN connection")
+ private Boolean dpd;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the gateway. Must be used with the domainId parameter.")
private String accountName;
@@ -101,8 +107,16 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
return espPolicy;
}
- public Long getLifetime() {
- return lifetime;
+ public Long getIkeLifetime() {
+ return ikeLifetime;
+ }
+
+ public Long getEspLifetime() {
+ return espLifetime;
+ }
+
+ public Boolean getDpd() {
+ return dpd;
}
public String getAccountName() {
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java b/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java
index 4af4c0d..09b45eb 100644
--- a/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java
+++ b/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java
@@ -59,8 +59,14 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ESP_POLICY, type=CommandType.STRING, required=true, description="ESP policy of the customer gateway")
private String espPolicy;
- @Parameter(name=ApiConstants.LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of vpn connection to the customer gateway, in seconds")
- private Long lifetime;
+ @Parameter(name=ApiConstants.IKE_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 1 VPN connection to the customer gateway, in seconds")
+ private Long ikeLifetime;
+
+ @Parameter(name=ApiConstants.ESP_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 2 VPN connection to the customer gateway, in seconds")
+ private Long espLifetime;
+
+ @Parameter(name=ApiConstants.DPD, type=CommandType.BOOLEAN, required=false, description="If DPD is enabled for VPN connection")
+ private Boolean dpd;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the gateway. Must be used with the domainId parameter.")
private String accountName;
@@ -102,8 +108,16 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
return espPolicy;
}
- public Long getLifetime() {
- return lifetime;
+ public Long getIkeLifetime() {
+ return ikeLifetime;
+ }
+
+ public Long getEspLifetime() {
+ return espLifetime;
+ }
+
+ public Boolean getDpd() {
+ return dpd;
}
/////////////////////////////////////////////////////
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java b/api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java
index 0e2c353..7c706f3 100644
--- a/api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java
+++ b/api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java
@@ -49,8 +49,14 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co
@SerializedName(ApiConstants.ESP_POLICY) @Param(description="IPsec policy of customer gateway")
private String espPolicy;
- @SerializedName(ApiConstants.LIFETIME) @Param(description="Lifetime of IKE and IPsec policy of customer gateway")
- private Long lifetime;
+ @SerializedName(ApiConstants.IKE_LIFETIME) @Param(description="Lifetime of IKE SA of customer gateway")
+ private Long ikeLifetime;
+
+ @SerializedName(ApiConstants.ESP_LIFETIME) @Param(description="Lifetime of ESP SA of customer gateway")
+ private Long espLifetime;
+
+ @SerializedName(ApiConstants.DPD) @Param(description="if DPD is enabled for customer gateway")
+ private Boolean dpd;
@SerializedName(ApiConstants.ACCOUNT) @Param(description="the owner")
private String accountName;
@@ -102,8 +108,16 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co
this.espPolicy = espPolicy;
}
- public void setLifetime(Long lifetime) {
- this.lifetime = lifetime;
+ public void setIkeLifetime(Long ikeLifetime) {
+ this.ikeLifetime = ikeLifetime;
+ }
+
+ public void setEspLifetime(Long espLifetime) {
+ this.espLifetime = espLifetime;
+ }
+
+ public void setDpd(Boolean dpd) {
+ this.dpd= dpd;
}
public void setRemoved(Date removed) {
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java b/api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java
index 44f7c20..1af5017 100644
--- a/api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java
+++ b/api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java
@@ -52,8 +52,14 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont
@SerializedName(ApiConstants.ESP_POLICY) @Param(description="ESP policy of the customer gateway") //from CustomerGateway
private String espPolicy;
- @SerializedName(ApiConstants.LIFETIME) @Param(description="Lifetime of vpn connection to the customer gateway, in seconds") //from CustomerGateway
- private Long lifetime;
+ @SerializedName(ApiConstants.IKE_LIFETIME) @Param(description="Lifetime of IKE SA of customer gateway") //from CustomerGateway
+ private Long ikeLifetime;
+
+ @SerializedName(ApiConstants.ESP_LIFETIME) @Param(description="Lifetime of ESP SA of customer gateway") //from CustomerGateway
+ private Long espLifetime;
+
+ @SerializedName(ApiConstants.DPD) @Param(description="if DPD is enabled for customer gateway") //from CustomerGateway
+ private Boolean dpd;
@SerializedName(ApiConstants.STATE) @Param(description="State of vpn connection")
private String state;
@@ -115,9 +121,17 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont
this.espPolicy = espPolicy;
}
- public void setLifetime(Long lifetime) {
- this.lifetime = lifetime;
- }
+ public void setIkeLifetime(Long ikeLifetime) {
+ this.ikeLifetime = ikeLifetime;
+ }
+
+ public void setEspLifetime(Long espLifetime) {
+ this.espLifetime = espLifetime;
+ }
+
+ public void setDpd(Boolean dpd) {
+ this.dpd= dpd;
+ }
public void setState(String state) {
this.state = state;
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/api/src/com/cloud/network/Site2SiteCustomerGateway.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/Site2SiteCustomerGateway.java b/api/src/com/cloud/network/Site2SiteCustomerGateway.java
index 29f580f..623721b 100644
--- a/api/src/com/cloud/network/Site2SiteCustomerGateway.java
+++ b/api/src/com/cloud/network/Site2SiteCustomerGateway.java
@@ -11,7 +11,9 @@ public interface Site2SiteCustomerGateway extends ControlledEntity {
public String getIpsecPsk();
public String getIkePolicy();
public String getEspPolicy();
- public Long getLifetime();
+ public Long getIkeLifetime();
+ public Long getEspLifetime();
+ public Boolean getDpd();
public Date getRemoved();
String getName();
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
index efd44ba..522ceb8 100755
--- a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
+++ b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
@@ -596,9 +596,17 @@ public class VirtualRoutingResource implements Manager {
args += " -i ";
args += "\"" + cmd.getIkePolicy() + "\"";
args += " -t ";
- args += Long.toString(cmd.getLifetime());
+ args += Long.toString(cmd.getIkeLifetime());
+ args += " -T ";
+ args += Long.toString(cmd.getEspLifetime());
args += " -s ";
args += "\"" + cmd.getIpsecPsk() + "\"";
+ args += " -d ";
+ if (cmd.getDpd()) {
+ args += "1";
+ } else {
+ args += "0";
+ }
} else {
args = "-D";
args += " -r ";
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
index 15eb4c2..74d3119 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
@@ -23,7 +23,7 @@ vpnconfdir="/etc/ipsec.d"
vpnoutmark="0x525"
usage() {
- printf "Usage: %s: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <lifetime> -s <pre-shared secret> \n" $(basename $0) >&2
+ printf "Usage: %s: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime> -T <esp lifetime> -s <pre-shared secret> -d <dpd 0 or 1> \n" $(basename $0) >&2
}
#set -x
@@ -122,7 +122,7 @@ ipsec_tunnel_add() {
logger -t cloud "$(basename $0): creating configuration for ipsec tunnel: left peer=$leftpeer \
left net=$leftnet left gateway=$leftgw right peer=$rightpeer right network=$rightnets phase1 policy=$ikepolicy \
- phase2 policy=$esppolicy lifetime=$time secret=$secret"
+ phase2 policy=$esppolicy secret=$secret"
[ "$op" == "-A" ] && ipsec_tunnel_del
@@ -137,20 +137,23 @@ ipsec_tunnel_add() {
sudo echo " type=tunnel" >> $vpnconffile &&
sudo echo " authby=secret" >> $vpnconffile &&
sudo echo " keyexchange=ike" >> $vpnconffile &&
- sudo echo " pfs=no" >> $vpnconffile &&
- sudo echo " esp=$esppolicy" >> $vpnconffile &&
- sudo echo " salifetime=${time}s" >> $vpnconffile &&
sudo echo " ike=$ikepolicy" >> $vpnconffile &&
- sudo echo " ikelifetime=${time}s" >> $vpnconffile &&
+ sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile &&
+ sudo echo " esp=$esppolicy" >> $vpnconffile &&
+ sudo echo " salifetime=${esplifetime}s" >> $vpnconffile &&
+ sudo echo " pfs=no" >> $vpnconffile &&
sudo echo " keyingtries=3" >> $vpnconffile &&
- sudo echo " dpddelay=30" >> $vpnconffile &&
- sudo echo " dpdtimeout=120" >> $vpnconffile &&
- sudo echo " dpdaction=restart" >> $vpnconffile &&
sudo echo " auto=add" >> $vpnconffile &&
sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile &&
-
sudo chmod 0400 $vpnsecretsfile
+ if [ $dpd -ne 0 ]
+ then
+ sudo echo " dpddelay=30" >> $vpnconffile &&
+ sudo echo " dpdtimeout=120" >> $vpnconffile &&
+ sudo echo " dpdaction=restart" >> $vpnconffile
+ fi
+
enable_iptables_subnets
sudo ipsec auto --rereadall
@@ -192,7 +195,7 @@ Iflag=
sflag=
op=""
-while getopts 'ADl:n:g:r:N:e:i:t:s:' OPTION
+while getopts 'ADl:n:g:r:N:e:i:t:T:s:d:' OPTION
do
case $OPTION in
A) opflag=1
@@ -223,11 +226,17 @@ do
ikepolicy="$OPTARG"
;;
t) tflag=1
- time="$OPTARG"
+ ikelifetime="$OPTARG"
+ ;;
+ T) Tflag=1
+ esplifetime="$OPTARG"
;;
s) sflag=1
secret="$OPTARG"
;;
+ d) dflag=1
+ dpd="$OPTARG"
+ ;;
?) usage
unlock_exit 2 $lock $locked
;;
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index 7c42e76..fd09c8a 100644
--- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -7420,9 +7420,17 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
args += " -i ";
args += "\"" + cmd.getIkePolicy() + "\"";
args += " -t ";
- args += Long.toString(cmd.getLifetime());
+ args += Long.toString(cmd.getIkeLifetime());
+ args += " -T ";
+ args += Long.toString(cmd.getEspLifetime());
args += " -s ";
args += "\"" + cmd.getIpsecPsk() + "\"";
+ args += " -d ";
+ if (cmd.getDpd()) {
+ args += "1";
+ } else {
+ args += "0";
+ }
} else {
args += " -D";
args += " -r ";
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index a9e9910..0340a94 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -3841,7 +3841,10 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIpsecPsk(result.getIpsecPsk());
response.setIkePolicy(result.getIkePolicy());
response.setEspPolicy(result.getEspPolicy());
- response.setLifetime(result.getLifetime());
+ response.setIkeLifetime(result.getIkeLifetime());
+ response.setEspLifetime(result.getEspLifetime());
+ response.setDpd(result.getDpd());
+
response.setRemoved(result.getRemoved());
response.setObjectName("vpncustomergateway");
@@ -3875,7 +3878,9 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIpsecPsk(customerGateway.getIpsecPsk());
response.setIkePolicy(customerGateway.getIkePolicy());
response.setEspPolicy(customerGateway.getEspPolicy());
- response.setLifetime(customerGateway.getLifetime());
+ response.setIkeLifetime(customerGateway.getIkeLifetime());
+ response.setEspLifetime(customerGateway.getEspLifetime());
+ response.setDpd(customerGateway.getDpd());
}
populateAccount(response, result.getAccountId());
@@ -3887,4 +3892,4 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setObjectName("vpnconnection");
return response;
}
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java b/server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java
index 573d5f1..1a46f4c 100644
--- a/server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java
+++ b/server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java
@@ -41,8 +41,14 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
@Column(name="esp_policy")
private String espPolicy;
- @Column(name="lifetime")
- private long lifetime;
+ @Column(name="ike_lifetime")
+ private long ikeLifetime;
+
+ @Column(name="esp_lifetime")
+ private long espLifetime;
+
+ @Column(name="dpd")
+ private boolean dpd;
@Column(name="domain_id")
private Long domainId;
@@ -55,14 +61,17 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
public Site2SiteCustomerGatewayVO() { }
- public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy, String espPolicy, long lifetime) {
+ public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy, String espPolicy,
+ long ikeLifetime, long espLifetime, boolean dpd) {
this.name = name;
this.gatewayIp = gatewayIp;
this.guestCidrList = guestCidrList;
this.ipsecPsk = ipsecPsk;
this.ikePolicy = ikePolicy;
this.espPolicy = espPolicy;
- this.lifetime = lifetime;
+ this.ikeLifetime = ikeLifetime;
+ this.espLifetime = espLifetime;
+ this.dpd = dpd;
this.uuid = UUID.randomUUID().toString();
this.accountId = accountId;
this.domainId = domainId;
@@ -119,12 +128,21 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
}
@Override
- public Long getLifetime() {
- return lifetime;
+ public Long getIkeLifetime() {
+ return ikeLifetime;
+ }
+
+ public void setIkeLifetime(long ikeLifetime) {
+ this.ikeLifetime = ikeLifetime;
+ }
+
+ @Override
+ public Long getEspLifetime() {
+ return espLifetime;
}
- public void setLifetime(long lifetime) {
- this.lifetime = lifetime;
+ public void setEspLifetime(long espLifetime) {
+ this.espLifetime = espLifetime;
}
@Override
@@ -145,6 +163,15 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
this.espPolicy = espPolicy;
}
+ @Override
+ public Boolean getDpd() {
+ return dpd;
+ }
+
+ public void setDpd(boolean dpd) {
+ this.dpd = dpd;
+ }
+
public String getUuid() {
return uuid;
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index cb55578..5ec8108 100755
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -917,8 +917,10 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
}
if (router.getState() != State.Running) {
for (Site2SiteVpnConnectionVO conn : conns) {
- conn.setState(Site2SiteVpnConnection.State.Disconnected);
- _s2sVpnConnectionDao.persist(conn);
+ if (conn.getState() != Site2SiteVpnConnection.State.Error) {
+ conn.setState(Site2SiteVpnConnection.State.Disconnected);
+ _s2sVpnConnectionDao.persist(conn);
+ }
}
continue;
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
index c5ad65d..31aade4 100644
--- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
@@ -1095,10 +1095,12 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
String ipsecPsk = gw.getIpsecPsk();
String ikePolicy = gw.getIkePolicy();
String espPolicy = gw.getEspPolicy();
- Long lifetime = gw.getLifetime();
+ Long ikeLifetime = gw.getIkeLifetime();
+ Long espLifetime = gw.getEspLifetime();
+ Boolean dpd = gw.getDpd();
Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(isCreate, localPublicIp, localPublicGateway, localGuestCidr,
- peerGatewayIp, peerGuestCidrList, ikePolicy, espPolicy, lifetime, ipsecPsk);
+ peerGatewayIp, peerGuestCidrList, ikePolicy, espPolicy, ipsecPsk, ikeLifetime, espLifetime, dpd);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b5103c5/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
index 9fe212b..4658c1e 100644
--- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
+++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
@@ -158,14 +158,28 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
if (!NetUtils.isValidS2SVpnPolicy(espPolicy)) {
throw new InvalidParameterValueException("The customer gateway ESP policy " + espPolicy + " is invalid!");
}
- Long lifetime = cmd.getLifetime();
- if (lifetime == null) {
+ Long ikeLifetime = cmd.getIkeLifetime();
+ if (ikeLifetime == null) {
// Default value of lifetime is 1 day
- lifetime = (long) 86400;
+ ikeLifetime = (long) 86400;
}
- if (lifetime > 86400) {
- throw new InvalidParameterValueException("The lifetime " + lifetime + " of vpn connection is invalid!");
+ if (ikeLifetime > 86400) {
+ throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!");
}
+ Long espLifetime = cmd.getEspLifetime();
+ if (espLifetime == null) {
+ // Default value of lifetime is 1 day
+ espLifetime = (long) 3600;
+ }
+ if (espLifetime > 86400) {
+ throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!");
+ }
+
+ Boolean dpd = cmd.getDpd();
+ if (dpd == null) {
+ dpd = false;
+ }
+
if (_customerGatewayDao.findByGatewayIp(gatewayIp) != null) {
throw new InvalidParameterValueException("The customer gateway with ip " + gatewayIp + " already existed!");
}
@@ -173,7 +187,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
throw new InvalidParameterValueException("The customer gateway with name " + name + " already existed!");
}
Site2SiteCustomerGatewayVO gw = new Site2SiteCustomerGatewayVO(name, owner.getAccountId(), owner.getDomainId(), gatewayIp, guestCidrList, ipsecPsk,
- ikePolicy, espPolicy, lifetime);
+ ikePolicy, espPolicy, ikeLifetime, espLifetime, dpd);
_customerGatewayDao.persist(gw);
return gw;
}
@@ -347,20 +361,35 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
if (!NetUtils.isValidS2SVpnPolicy(espPolicy)) {
throw new InvalidParameterValueException("The customer gateway ESP policy" + espPolicy + " is invalid!");
}
- Long lifetime = cmd.getLifetime();
- if (lifetime == null) {
+ Long ikeLifetime = cmd.getIkeLifetime();
+ if (ikeLifetime == null) {
// Default value of lifetime is 1 day
- lifetime = (long) 86400;
+ ikeLifetime = (long) 86400;
}
- if (lifetime > 86400) {
- throw new InvalidParameterValueException("The lifetime " + lifetime + " of vpn connection is invalid!");
+ if (ikeLifetime > 86400) {
+ throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!");
+ }
+ Long espLifetime = cmd.getEspLifetime();
+ if (espLifetime == null) {
+ // Default value of lifetime is 1 day
+ espLifetime = (long) 3600;
+ }
+ if (espLifetime > 86400) {
+ throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!");
+ }
+
+ Boolean dpd = cmd.getDpd();
+ if (dpd == null) {
+ dpd = false;
}
gw.setGatewayIp(gatewayIp);
gw.setGuestCidrList(guestCidrList);
gw.setIkePolicy(ikePolicy);
gw.setEspPolicy(espPolicy);
gw.setIpsecPsk(ipsecPsk);
- gw.setLifetime(lifetime);
+ gw.setIkeLifetime(ikeLifetime);
+ gw.setEspLifetime(espLifetime);
+ gw.setDpd(dpd);
_customerGatewayDao.persist(gw);
return gw;
}