You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by re...@apache.org on 2016/01/16 19:39:04 UTC
[1/7] git commit: updated refs/heads/4.7 to 5566789
Repository: cloudstack
Updated Branches:
refs/heads/4.7 80703ca33 -> 55667896d
[CORE] Add Force UDP Encapsulation option to Site2Site VPN
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6da3bc12
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6da3bc12
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6da3bc12
Branch: refs/heads/4.7
Commit: 6da3bc123767874fcc58f85a0dd1b51b5c60a497
Parents: 3ee53d3
Author: Michael Andersen <ma...@schubergphilis.com>
Authored: Wed Dec 23 21:12:41 2015 +0100
Committer: Michael Andersen <ma...@schubergphilis.com>
Committed: Thu Jan 7 19:27:37 2016 +0100
----------------------------------------------------------------------
.../com/cloud/network/Site2SiteCustomerGateway.java | 2 ++
api/src/org/apache/cloudstack/api/ApiConstants.java | 3 ++-
.../user/vpn/CreateVpnCustomerGatewayCmd.java | 5 +++++
.../user/vpn/UpdateVpnCustomerGatewayCmd.java | 5 +++++
.../response/Site2SiteCustomerGatewayResponse.java | 6 ++++++
.../api/response/Site2SiteVpnConnectionResponse.java | 9 +++++++++
.../agent/api/routing/Site2SiteVpnCfgCommand.java | 12 +++++++++++-
.../facade/Site2SiteVpnConfigItem.java | 2 +-
.../resource/virtualnetwork/model/Site2SiteVpn.java | 13 +++++++++++--
.../network/dao/Site2SiteCustomerGatewayVO.java | 15 ++++++++++++++-
server/src/com/cloud/api/ApiResponseHelper.java | 3 ++-
.../com/cloud/network/router/CommandSetupHelper.java | 3 ++-
.../cloud/network/vpn/Site2SiteVpnManagerImpl.java | 13 ++++++++++++-
13 files changed, 82 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/api/src/com/cloud/network/Site2SiteCustomerGateway.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/Site2SiteCustomerGateway.java b/api/src/com/cloud/network/Site2SiteCustomerGateway.java
index 2de4ff2..f9a88bd 100644
--- a/api/src/com/cloud/network/Site2SiteCustomerGateway.java
+++ b/api/src/com/cloud/network/Site2SiteCustomerGateway.java
@@ -39,6 +39,8 @@ public interface Site2SiteCustomerGateway extends ControlledEntity, Identity, In
public Boolean getDpd();
+ public Boolean getEncap();
+
public Date getRemoved();
String getName();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index 742d2f4..934972c 100644
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -492,6 +492,7 @@ public class ApiConstants {
public static final String IKE_LIFETIME = "ikelifetime";
public static final String ESP_LIFETIME = "esplifetime";
public static final String DPD = "dpd";
+ public static final String FORCE_ENCAP = "forceencap";
public static final String FOR_VPC = "forvpc";
public static final String SHRINK_OK = "shrinkok";
public static final String NICIRA_NVP_DEVICE_ID = "nvpdeviceid";
@@ -641,4 +642,4 @@ public class ApiConstants {
public enum VMDetails {
all, group, nics, stats, secgrp, tmpl, servoff, diskoff, iso, volume, min, affgrp;
}
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
index 8bd0646..0fb496c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
@@ -75,6 +75,9 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name = ApiConstants.DPD, type = CommandType.BOOLEAN, required = false, description = "If DPD is enabled for VPN connection")
private Boolean dpd;
+ @Parameter(name = ApiConstants.FORCE_ENCAP, type = CommandType.BOOLEAN, required = false, description = "Force Encapsulation for NAT traversal")
+ private Boolean encap;
+
@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "the account associated with the gateway. Must be used with the domainId parameter.")
private String accountName;
@@ -129,6 +132,8 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
return dpd;
}
+ public Boolean getEncap() { return encap; }
+
public String getAccountName() {
return accountName;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
index ceb67d5..3b188b8 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
@@ -81,6 +81,9 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name = ApiConstants.DPD, type = CommandType.BOOLEAN, required = false, description = "If DPD is enabled for VPN connection")
private Boolean dpd;
+ @Parameter(name = ApiConstants.FORCE_ENCAP, type = CommandType.BOOLEAN, required = false, description = "Force encapsulation for Nat Traversal")
+ private Boolean encap;
+
@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "the account associated with the gateway. Must be used with the domainId parameter.")
private String accountName;
@@ -135,6 +138,8 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
return dpd;
}
+ public Boolean getEncap() { return encap; }
+
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/api/src/org/apache/cloudstack/api/response/Site2SiteCustomerGatewayResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/Site2SiteCustomerGatewayResponse.java b/api/src/org/apache/cloudstack/api/response/Site2SiteCustomerGatewayResponse.java
index 2bda8f9..232c3f2 100644
--- a/api/src/org/apache/cloudstack/api/response/Site2SiteCustomerGatewayResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/Site2SiteCustomerGatewayResponse.java
@@ -74,6 +74,10 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co
@Param(description = "if DPD is enabled for customer gateway")
private Boolean dpd;
+ @SerializedName(ApiConstants.FORCE_ENCAP)
+ @Param(description = "if Force NAT Encapsulation is enabled for customer gateway")
+ private Boolean encap;
+
@SerializedName(ApiConstants.ACCOUNT)
@Param(description = "the owner")
private String accountName;
@@ -142,6 +146,8 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co
this.dpd = dpd;
}
+ public void setEncap(Boolean encap) { this.encap = encap; }
+
public void setRemoved(Date removed) {
this.removed = removed;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/api/src/org/apache/cloudstack/api/response/Site2SiteVpnConnectionResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/Site2SiteVpnConnectionResponse.java b/api/src/org/apache/cloudstack/api/response/Site2SiteVpnConnectionResponse.java
index c00a4d4..c5450a6 100644
--- a/api/src/org/apache/cloudstack/api/response/Site2SiteVpnConnectionResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/Site2SiteVpnConnectionResponse.java
@@ -87,6 +87,11 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont
//from CustomerGateway
private Boolean dpd;
+ @SerializedName(ApiConstants.FORCE_ENCAP)
+ @Param(description = "if Force NAT Encapsulation is enabled for customer gateway")
+ //from CustomerGateway
+ private Boolean encap;
+
@SerializedName(ApiConstants.STATE)
@Param(description = "State of vpn connection")
private String state;
@@ -175,6 +180,10 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont
this.dpd = dpd;
}
+ public void setEncap(Boolean encap) {
+ this.encap = encap;
+ }
+
public void setState(String state) {
this.state = state;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/core/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java b/core/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
index 68b3809..685cf40 100644
--- a/core/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
+++ b/core/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
@@ -34,6 +34,7 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
private long espLifetime;
private boolean dpd;
private boolean passive;
+ private boolean encap;
@Override
public boolean executeInSequence() {
@@ -45,7 +46,7 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
}
public Site2SiteVpnCfgCommand(boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr, String peerGatewayIp, String peerGuestCidrList,
- String ikePolicy, String espPolicy, String ipsecPsk, Long ikeLifetime, Long espLifetime, Boolean dpd, boolean passive) {
+ String ikePolicy, String espPolicy, String ipsecPsk, Long ikeLifetime, Long espLifetime, Boolean dpd, boolean passive, boolean encap) {
this.create = create;
this.setLocalPublicIp(localPublicIp);
this.setLocalPublicGateway(localPublicGateway);
@@ -59,6 +60,7 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.espLifetime = espLifetime;
this.dpd = dpd;
this.passive = passive;
+ this.encap = encap;
}
public boolean isCreate() {
@@ -117,6 +119,14 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.dpd = dpd;
}
+ public Boolean getEncap() {
+ return encap;
+ }
+
+ public void setEncap(Boolean encap) {
+ this.encap = encap;
+ }
+
public String getLocalPublicIp() {
return localPublicIp;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/core/src/com/cloud/agent/resource/virtualnetwork/facade/Site2SiteVpnConfigItem.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/facade/Site2SiteVpnConfigItem.java b/core/src/com/cloud/agent/resource/virtualnetwork/facade/Site2SiteVpnConfigItem.java
index 6509b78..5bb466c 100644
--- a/core/src/com/cloud/agent/resource/virtualnetwork/facade/Site2SiteVpnConfigItem.java
+++ b/core/src/com/cloud/agent/resource/virtualnetwork/facade/Site2SiteVpnConfigItem.java
@@ -36,7 +36,7 @@ public class Site2SiteVpnConfigItem extends AbstractConfigItemFacade {
final Site2SiteVpn site2siteVpn = new Site2SiteVpn(command.getLocalPublicIp(), command.getLocalGuestCidr(), command.getLocalPublicGateway(), command.getPeerGatewayIp(),
command.getPeerGuestCidrList(), command.getEspPolicy(), command.getIkePolicy(), command.getIpsecPsk(), command.getIkeLifetime(), command.getEspLifetime(), command.isCreate(), command.getDpd(),
- command.isPassive());
+ command.isPassive(), command.getEncap());
return generateConfigItems(site2siteVpn);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/core/src/com/cloud/agent/resource/virtualnetwork/model/Site2SiteVpn.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/model/Site2SiteVpn.java b/core/src/com/cloud/agent/resource/virtualnetwork/model/Site2SiteVpn.java
index 63b04c5..232e99f 100644
--- a/core/src/com/cloud/agent/resource/virtualnetwork/model/Site2SiteVpn.java
+++ b/core/src/com/cloud/agent/resource/virtualnetwork/model/Site2SiteVpn.java
@@ -23,7 +23,7 @@ public class Site2SiteVpn extends ConfigBase {
private String localPublicIp, localGuestCidr, localPublicGateway, peerGatewayIp, peerGuestCidrList, espPolicy, ikePolicy, ipsecPsk;
private Long ikeLifetime, espLifetime;
- private boolean create, dpd, passive;
+ private boolean create, dpd, passive, encap;
public Site2SiteVpn() {
super(ConfigBase.SITE2SITEVPN);
@@ -31,7 +31,7 @@ public class Site2SiteVpn extends ConfigBase {
public Site2SiteVpn(String localPublicIp, String localGuestCidr, String localPublicGateway, String peerGatewayIp, String peerGuestCidrList, String espPolicy,
String ikePolicy,
- String ipsecPsk, Long ikeLifetime, Long espLifetime, boolean create, Boolean dpd, boolean passive) {
+ String ipsecPsk, Long ikeLifetime, Long espLifetime, boolean create, Boolean dpd, boolean passive, boolean encap) {
super(ConfigBase.SITE2SITEVPN);
this.localPublicIp = localPublicIp;
this.localGuestCidr = localGuestCidr;
@@ -46,6 +46,7 @@ public class Site2SiteVpn extends ConfigBase {
this.create = create;
this.dpd = dpd;
this.passive = passive;
+ this.encap = encap;
}
public String getLocalPublicIp() {
@@ -152,4 +153,12 @@ public class Site2SiteVpn extends ConfigBase {
this.passive = passive;
}
+ public boolean getEncap() {
+ return encap;
+ }
+
+ public void setEncap(boolean encap) {
+ this.encap = encap;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java b/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
index 5bcf361..f1d3ef3 100644
--- a/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
+++ b/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
@@ -70,6 +70,9 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
@Column(name = "dpd")
private boolean dpd;
+ @Column(name = "force_encap")
+ private boolean encap;
+
@Column(name = "domain_id")
private Long domainId;
@@ -83,7 +86,7 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
}
public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy,
- String espPolicy, long ikeLifetime, long espLifetime, boolean dpd) {
+ String espPolicy, long ikeLifetime, long espLifetime, boolean dpd, boolean encap) {
this.name = name;
this.gatewayIp = gatewayIp;
this.guestCidrList = guestCidrList;
@@ -93,6 +96,7 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
this.ikeLifetime = ikeLifetime;
this.espLifetime = espLifetime;
this.dpd = dpd;
+ this.encap = encap;
uuid = UUID.randomUUID().toString();
this.accountId = accountId;
this.domainId = domainId;
@@ -194,6 +198,15 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
}
@Override
+ public Boolean getEncap() {
+ return encap;
+ }
+
+ public void setEncap(boolean encap) {
+ this.encap = encap;
+ }
+
+ @Override
public String getUuid() {
return uuid;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index 5d691c6..c8eb5f4 100644
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -3001,7 +3001,7 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIkeLifetime(result.getIkeLifetime());
response.setEspLifetime(result.getEspLifetime());
response.setDpd(result.getDpd());
-
+ response.setEncap(result.getEncap());
response.setRemoved(result.getRemoved());
response.setObjectName("vpncustomergateway");
@@ -3041,6 +3041,7 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIkeLifetime(customerGateway.getIkeLifetime());
response.setEspLifetime(customerGateway.getEspLifetime());
response.setDpd(customerGateway.getDpd());
+ response.setEncap(customerGateway.getEncap());
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/server/src/com/cloud/network/router/CommandSetupHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/router/CommandSetupHelper.java b/server/src/com/cloud/network/router/CommandSetupHelper.java
index 925961d..04427ba 100644
--- a/server/src/com/cloud/network/router/CommandSetupHelper.java
+++ b/server/src/com/cloud/network/router/CommandSetupHelper.java
@@ -857,9 +857,10 @@ public class CommandSetupHelper {
final Long ikeLifetime = gw.getIkeLifetime();
final Long espLifetime = gw.getEspLifetime();
final Boolean dpd = gw.getDpd();
+ final Boolean encap = gw.getEncap();
final Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(isCreate, localPublicIp, localPublicGateway, localGuestCidr, peerGatewayIp, peerGuestCidrList, ikePolicy,
- espPolicy, ipsecPsk, ikeLifetime, espLifetime, dpd, conn.isPassive());
+ espPolicy, ipsecPsk, ikeLifetime, espLifetime, dpd, conn.isPassive(), encap);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3bc12/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
index deebc6d..3746526 100644
--- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
+++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
@@ -218,6 +218,11 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
dpd = false;
}
+ Boolean encap = cmd.getEncap();
+ if (encap == null) {
+ encap = false;
+ }
+
long accountId = owner.getAccountId();
if (_customerGatewayDao.findByGatewayIpAndAccountId(gatewayIp, accountId) != null) {
throw new InvalidParameterValueException("The customer gateway with ip " + gatewayIp + " already existed in the system!");
@@ -229,7 +234,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
checkCustomerGatewayCidrList(peerCidrList);
Site2SiteCustomerGatewayVO gw =
- new Site2SiteCustomerGatewayVO(name, accountId, owner.getDomainId(), gatewayIp, peerCidrList, ipsecPsk, ikePolicy, espPolicy, ikeLifetime, espLifetime, dpd);
+ new Site2SiteCustomerGatewayVO(name, accountId, owner.getDomainId(), gatewayIp, peerCidrList, ipsecPsk, ikePolicy, espPolicy, ikeLifetime, espLifetime, dpd, encap);
_customerGatewayDao.persist(gw);
return gw;
}
@@ -467,6 +472,11 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
dpd = false;
}
+ Boolean encap = cmd.getEncap();
+ if (encap == null) {
+ encap = false;
+ }
+
checkCustomerGatewayCidrList(guestCidrList);
long accountId = gw.getAccountId();
@@ -488,6 +498,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
gw.setIkeLifetime(ikeLifetime);
gw.setEspLifetime(espLifetime);
gw.setDpd(dpd);
+ gw.setEncap(encap);
_customerGatewayDao.persist(gw);
return gw;
}
[6/7] git commit: updated refs/heads/4.7 to 5566789
Posted by re...@apache.org.
[UI] MADNESS
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9b9272c0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9b9272c0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9b9272c0
Branch: refs/heads/4.7
Commit: 9b9272c019cf8d00846a5211a14ed7ec98ca7002
Parents: 74f670d
Author: Michael Andersen <ma...@schubergphilis.com>
Authored: Wed Jan 6 17:33:03 2016 +0100
Committer: Michael Andersen <ma...@schubergphilis.com>
Committed: Thu Jan 7 19:27:51 2016 +0100
----------------------------------------------------------------------
.../classes/resources/messages.properties | 1 +
.../classes/resources/messages_nl_NL.properties | 1 +
ui/dictionary2.jsp | 3 ++-
ui/scripts/docs.js | 6 +++++-
ui/scripts/network.js | 21 ++++++++++++++++++--
ui/scripts/vpc.js | 6 ++++++
6 files changed, 34 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9b9272c0/client/WEB-INF/classes/resources/messages.properties
----------------------------------------------------------------------
diff --git a/client/WEB-INF/classes/resources/messages.properties b/client/WEB-INF/classes/resources/messages.properties
index e7beaa9..93e73fa 100644
--- a/client/WEB-INF/classes/resources/messages.properties
+++ b/client/WEB-INF/classes/resources/messages.properties
@@ -2258,3 +2258,4 @@ message.please.select.ssh.key.pair.use.with.this.vm=Please select a ssh key pair
message.configure.firewall.rules.allow.traffic=Configure the rules to allow Traffic
message.configure.firewall.rules.block.traffic=Configure the rules to block Traffic
message.ldap.group.import=All The users from the given group name will be imported
+label.vpn.force.encapsulation=Force UDP Encapsulation of ESP Packets
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9b9272c0/client/WEB-INF/classes/resources/messages_nl_NL.properties
----------------------------------------------------------------------
diff --git a/client/WEB-INF/classes/resources/messages_nl_NL.properties b/client/WEB-INF/classes/resources/messages_nl_NL.properties
index 363be5f..a4e1991 100644
--- a/client/WEB-INF/classes/resources/messages_nl_NL.properties
+++ b/client/WEB-INF/classes/resources/messages_nl_NL.properties
@@ -1726,6 +1726,7 @@ label.vpc=VPC
label.VPN.connection=VPN Connectie
label.vpn.customer.gateway=VPN Customer Gateway
label.VPN.customer.gateway=VPN Customer Gateway
+label.vpn.force.encapsulation=Forceer UDP Encapsulatie van ESP Packets
label.VPN.gateway=VPN Gateway
label.vpn=VPN
label.vsmctrlvlanid=Controle VLAN ID
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9b9272c0/ui/dictionary2.jsp
----------------------------------------------------------------------
diff --git a/ui/dictionary2.jsp b/ui/dictionary2.jsp
index 9d68974..4268104 100644
--- a/ui/dictionary2.jsp
+++ b/ui/dictionary2.jsp
@@ -1124,6 +1124,7 @@ under the License.
'message.desc.create.ssh.key.pair': '<fmt:message key="message.desc.create.ssh.key.pair" />',
'message.removed.ssh.key.pair': '<fmt:message key="message.removed.ssh.key.pair" />',
'message.please.select.ssh.key.pair.use.with.this.vm': '<fmt:message key="message.please.select.ssh.key.pair.use.with.this.vm" />',
-'message.ldap.group.import': '<fmt:message key="message.ldap.group.import" />'
+'message.ldap.group.import': '<fmt:message key="message.ldap.group.import" />',
+'label.vpn.force.encapsulation': '<fmt:message key="label.vpn.force.encapsulation" />'
});
</script>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9b9272c0/ui/scripts/docs.js
----------------------------------------------------------------------
diff --git a/ui/scripts/docs.js b/ui/scripts/docs.js
index ed6ab0c..e02cbda 100755
--- a/ui/scripts/docs.js
+++ b/ui/scripts/docs.js
@@ -1118,6 +1118,10 @@ cloudStack.docs = {
desc: 'Check this to make the virtual router query its IKE peer at regular intervals to ensure continued availability. It is recommended to have the same DPD setting on both sides of the VPN connection.',
externalLink: ''
},
+ helpVPNGatewayForceEncapsulation: {
+ desc: 'Force UDP encapsulation for ESP packets even if no NAT situation is detected. This may help to surmount restrictive firewalls. In order to force the peer to encapsulate packets, NAT detection payloads are faked',
+ externalLink: ''
+ },
// Copy template
helpCopyTemplateDestination: {
desc: 'The zone to which you want to copy the template',
@@ -1329,4 +1333,4 @@ cloudStack.docs = {
helpLdapLinkDomainAdmin: {
desc: 'domain admin of the linked domain. Specify a username in GROUP/OU of LDAP'
}
-};
+};
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9b9272c0/ui/scripts/network.js
----------------------------------------------------------------------
diff --git a/ui/scripts/network.js b/ui/scripts/network.js
index 2831aa0..5fd917a 100755
--- a/ui/scripts/network.js
+++ b/ui/scripts/network.js
@@ -6129,6 +6129,14 @@
docID: 'helpVPNGatewayDeadPeerDetection',
isBoolean: true,
isChecked: false
+ },
+
+ forceencap: {
+ label: 'label.vpn.force.encapsulation',
+ docID: 'helpVPNGatewayForceEncapsulation',
+ docID: 'helpVPNGatewayForceEncapsulation',
+ isBoolean: true,
+ isChecked: false
}
}
},
@@ -6140,7 +6148,8 @@
ipsecpsk: args.data.ipsecpsk,
ikelifetime: args.data.ikelifetime,
esplifetime: args.data.esplifetime,
- dpd: (args.data.dpd == "on")
+ dpd: (args.data.dpd == "on"),
+ forceencap: (args.data.forceencap == "on")
};
var ikepolicy = args.data.ikeEncryption + '-' + args.data.ikeHash;
@@ -6196,7 +6205,8 @@
ipsecpsk: args.data.ipsecpsk,
ikelifetime: args.data.ikelifetime,
esplifetime: args.data.esplifetime,
- dpd: (args.data.dpd == "on")
+ dpd: (args.data.dpd == "on"),
+ forceencap: (args.data.forceencap == "on")
};
var ikepolicy = args.data.ikeEncryption + '-' + args.data.ikeHash;
@@ -6465,6 +6475,13 @@
converter: cloudStack.converters.toBooleanText
},
+ forceencap: {
+ label: 'label.vpn.force.encapsulation',
+ isBoolean: true,
+ isEditable: true,
+ converter: cloudStack.converters.toBooleanText
+ },
+
id: {
label: 'label.id'
},
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9b9272c0/ui/scripts/vpc.js
----------------------------------------------------------------------
diff --git a/ui/scripts/vpc.js b/ui/scripts/vpc.js
index 4b10d8b..f7f7329 100644
--- a/ui/scripts/vpc.js
+++ b/ui/scripts/vpc.js
@@ -2904,6 +2904,12 @@
return str ? 'Yes' : 'No';
}
},
+ forceencap: {
+ label: 'label.vpn.force.encapsulation',
+ converter: function(str) {
+ return str ? 'Yes' : 'No';
+ }
+ },
state: {
label: 'label.state'
},
[3/7] git commit: updated refs/heads/4.7 to 5566789
Posted by re...@apache.org.
[MARVIN] Add forceencap field to VpnCustomerGateway class in marvin base
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0b54871f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0b54871f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0b54871f
Branch: refs/heads/4.7
Commit: 0b54871fa3273219910a573fef5e22ce7ac4caaa
Parents: 6da3bc1
Author: Michael Andersen <ma...@schubergphilis.com>
Authored: Wed Dec 23 21:13:40 2015 +0100
Committer: Michael Andersen <ma...@schubergphilis.com>
Committed: Thu Jan 7 19:27:42 2016 +0100
----------------------------------------------------------------------
tools/marvin/marvin/lib/base.py | 4 ++++
1 file changed, 4 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0b54871f/tools/marvin/marvin/lib/base.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/lib/base.py b/tools/marvin/marvin/lib/base.py
index ab15a78..4e04ba8 100755
--- a/tools/marvin/marvin/lib/base.py
+++ b/tools/marvin/marvin/lib/base.py
@@ -3572,6 +3572,8 @@ class VpnCustomerGateway:
cmd.esplifetime = services["esplifetime"]
if "dpd" in services:
cmd.dpd = services["dpd"]
+ if "forceencap" in services:
+ cmd.forceencap = services["forceencap"]
if account:
cmd.account = account
if domainid:
@@ -3599,6 +3601,8 @@ class VpnCustomerGateway:
cmd.esplifetime = services["esplifetime"]
if "dpd" in services:
cmd.dpd = services["dpd"]
+ if "forceencap" in services:
+ cmd.forceencap = services["forceencap"]
return(apiclient.updateVpnCustomerGateway(cmd))
def delete(self, apiclient):
[2/7] git commit: updated refs/heads/4.7 to 5566789
Posted by re...@apache.org.
[ROUTER] Add forceencaps field to python router ipsec config method
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/21acc95d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/21acc95d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/21acc95d
Branch: refs/heads/4.7
Commit: 21acc95d574cf074b22a958946feb34dee9e0c4a
Parents: 4a08dbe
Author: Michael Andersen <ma...@schubergphilis.com>
Authored: Wed Dec 23 21:52:22 2015 +0100
Committer: Michael Andersen <ma...@schubergphilis.com>
Committed: Thu Jan 7 19:27:42 2016 +0100
----------------------------------------------------------------------
systemvm/patches/debian/config/opt/cloud/bin/configure.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/21acc95d/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index deb4a74..fb82d80 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -527,6 +527,7 @@ class CsSite2SiteVpn(CsDataBag):
file.addeq(" pfs=%s" % CsHelper.bool_to_yn(obj['dpd']))
file.addeq(" keyingtries=2")
file.addeq(" auto=start")
+ file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap']))
if obj['dpd']:
file.addeq(" dpddelay=30")
file.addeq(" dpdtimeout=120")
@@ -538,9 +539,9 @@ class CsSite2SiteVpn(CsDataBag):
file.commit()
logging.info("Configured vpn %s %s", leftpeer, rightpeer)
CsHelper.execute("ipsec auto --rereadall")
- CsHelper.execute("ipsec --add vpn-%s" % rightpeer)
+ CsHelper.execute("ipsec auto --add vpn-%s" % rightpeer)
if not obj['passive']:
- CsHelper.execute("ipsec --up vpn-%s" % rightpeer)
+ CsHelper.execute("ipsec auto --up vpn-%s" % rightpeer)
os.chmod(vpnsecretsfile, 0o400)
def convert_sec_to_h(self, val):
[7/7] git commit: updated refs/heads/4.7 to 5566789
Posted by re...@apache.org.
Merge pull request #1317 from michaelandersen/vpn/forceencap
[4.7] ADD Force UDP encapsulation option to Site2Site VPNThis PR adds the option to enable forced UDP encapsulation of ESP packets during a setup of a site2site vpn. This options enforces the 'forceencaps' option in the openswan ipsec config:
https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
* pr/1317:
[UI] MADNESS
[DB] Add force_encap field to s2s_customer_gateway table
[ROUTER] Add forceencaps field to python router ipsec config method
[TEST] unittest needs rework
[MARVIN] Add forceencap field to VpnCustomerGateway class in marvin base
[CORE] Add Force UDP Encapsulation option to Site2Site VPN
Signed-off-by: Remi Bergsma <gi...@remi.nl>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/55667896
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/55667896
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/55667896
Branch: refs/heads/4.7
Commit: 55667896d0ff9926c81669471ecae94fca43be47
Parents: 80703ca 9b9272c
Author: Remi Bergsma <gi...@remi.nl>
Authored: Sat Jan 16 19:38:40 2016 +0100
Committer: Remi Bergsma <gi...@remi.nl>
Committed: Sat Jan 16 19:38:42 2016 +0100
----------------------------------------------------------------------
.../cloud/network/Site2SiteCustomerGateway.java | 2 ++
.../org/apache/cloudstack/api/ApiConstants.java | 3 ++-
.../user/vpn/CreateVpnCustomerGatewayCmd.java | 5 +++++
.../user/vpn/UpdateVpnCustomerGatewayCmd.java | 5 +++++
.../Site2SiteCustomerGatewayResponse.java | 6 ++++++
.../Site2SiteVpnConnectionResponse.java | 9 +++++++++
.../classes/resources/messages.properties | 1 +
.../classes/resources/messages_nl_NL.properties | 1 +
.../api/routing/Site2SiteVpnCfgCommand.java | 12 ++++++++++-
.../facade/Site2SiteVpnConfigItem.java | 2 +-
.../virtualnetwork/model/Site2SiteVpn.java | 13 ++++++++++--
.../VirtualRoutingResourceTest.java | 6 +++---
.../network/dao/Site2SiteCustomerGatewayVO.java | 15 +++++++++++++-
server/src/com/cloud/api/ApiResponseHelper.java | 3 ++-
.../network/router/CommandSetupHelper.java | 3 ++-
.../network/vpn/Site2SiteVpnManagerImpl.java | 13 +++++++++++-
setup/db/db/schema-470to471.sql | 1 +
.../debian/config/opt/cloud/bin/configure.py | 5 +++--
tools/marvin/marvin/lib/base.py | 4 ++++
ui/dictionary2.jsp | 3 ++-
ui/scripts/docs.js | 6 +++++-
ui/scripts/network.js | 21 ++++++++++++++++++--
ui/scripts/vpc.js | 6 ++++++
23 files changed, 127 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/55667896/ui/scripts/network.js
----------------------------------------------------------------------
[5/7] git commit: updated refs/heads/4.7 to 5566789
Posted by re...@apache.org.
[DB] Add force_encap field to s2s_customer_gateway table
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/74f670dc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/74f670dc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/74f670dc
Branch: refs/heads/4.7
Commit: 74f670dc3ccaf8bf37370616312b4b6d2b49d119
Parents: 21acc95
Author: Michael Andersen <ma...@schubergphilis.com>
Authored: Thu Jan 7 13:59:14 2016 +0100
Committer: Michael Andersen <ma...@schubergphilis.com>
Committed: Thu Jan 7 19:27:43 2016 +0100
----------------------------------------------------------------------
setup/db/db/schema-470to471.sql | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/74f670dc/setup/db/db/schema-470to471.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-470to471.sql b/setup/db/db/schema-470to471.sql
index 08b7f62..d632a72 100644
--- a/setup/db/db/schema-470to471.sql
+++ b/setup/db/db/schema-470to471.sql
@@ -18,3 +18,4 @@
--;
-- Schema upgrade from 4.7.0 to 4.7.1;
--;
+ALTER TABLE cloud.s2s_customer_gateway ADD COLUMN force_encap INT(1) NOT NULL DEFAULT 0 AFTER dpd;
[4/7] git commit: updated refs/heads/4.7 to 5566789
Posted by re...@apache.org.
[TEST] unittest needs rework
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/4a08dbe2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/4a08dbe2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/4a08dbe2
Branch: refs/heads/4.7
Commit: 4a08dbe235d30ca2ab25a72e6260a3aec629b2db
Parents: 0b54871
Author: Michael Andersen <ma...@schubergphilis.com>
Authored: Wed Dec 23 21:51:54 2015 +0100
Committer: Michael Andersen <ma...@schubergphilis.com>
Committed: Thu Jan 7 19:27:42 2016 +0100
----------------------------------------------------------------------
.../resource/virtualnetwork/VirtualRoutingResourceTest.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4a08dbe2/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
----------------------------------------------------------------------
diff --git a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
index c4e134b..6b5f1d1 100644
--- a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
+++ b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
@@ -494,17 +494,17 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
public void testSite2SiteVpnCfgCommand() {
_count = 0;
- Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(true, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), true, false);
+ Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(true, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), true, false, false);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, ROUTERNAME);
Answer answer = _resource.executeRequest(cmd);
assertTrue(answer.getResult());
- cmd = new Site2SiteVpnCfgCommand(true, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), false, true);
+ cmd = new Site2SiteVpnCfgCommand(true, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), false, true, false);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, ROUTERNAME);
answer = _resource.executeRequest(cmd);
assertTrue(answer.getResult());
- cmd = new Site2SiteVpnCfgCommand(false, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), false, true);
+ cmd = new Site2SiteVpnCfgCommand(false, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), false, true, false);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, ROUTERNAME);
answer = _resource.executeRequest(cmd);
assertTrue(answer.getResult());