You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pd...@apache.org on 2015/03/08 01:42:05 UTC
[1/3] cloudstack-docs-admin git commit: add images for client vpn
connection and split files, CLOUDSTACK-5117
Repository: cloudstack-docs-admin
Updated Branches:
refs/heads/master 87589e4e7 -> 8f4c7dcc1
add images for client vpn connection and split files, CLOUDSTACK-5117
Project: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/commit/200bfbc7
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/tree/200bfbc7
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/diff/200bfbc7
Branch: refs/heads/master
Commit: 200bfbc792755b56413e220d2a16d1a0fb2eacc7
Parents: 87589e4
Author: Pierre-Luc Dion <pd...@apache.org>
Authored: Sat Mar 7 19:38:39 2015 -0500
Committer: Pierre-Luc Dion <pd...@apache.org>
Committed: Sat Mar 7 19:38:39 2015 -0500
----------------------------------------------------------------------
source/_static/images/vpn/osxvpn_connected.png | Bin 0 -> 102118 bytes
source/_static/images/vpn/osxvpn_form1.png | Bin 0 -> 106299 bytes
source/_static/images/vpn/osxvpn_form2.png | Bin 0 -> 93670 bytes
source/_static/images/vpn/osxvpn_form3.png | Bin 0 -> 121544 bytes
source/_static/images/vpn/osxvpn_netconf.png | Bin 0 -> 98098 bytes
source/_static/images/vpn/win1.png | Bin 0 -> 97933 bytes
source/_static/images/vpn/win10.png | Bin 0 -> 103531 bytes
source/_static/images/vpn/win11.png | Bin 0 -> 57332 bytes
source/_static/images/vpn/win12.png | Bin 0 -> 130877 bytes
source/_static/images/vpn/win13.png | Bin 0 -> 131804 bytes
source/_static/images/vpn/win14.png | Bin 0 -> 132416 bytes
source/_static/images/vpn/win2.png | Bin 0 -> 53656 bytes
source/_static/images/vpn/win3.png | Bin 0 -> 49302 bytes
source/_static/images/vpn/win4.png | Bin 0 -> 51313 bytes
source/_static/images/vpn/win5.png | Bin 0 -> 73394 bytes
source/_static/images/vpn/win6.png | Bin 0 -> 48772 bytes
source/_static/images/vpn/win7.png | Bin 0 -> 51047 bytes
source/_static/images/vpn/win8.png | Bin 0 -> 39525 bytes
source/_static/images/vpn/win9.png | Bin 0 -> 51403 bytes
source/index.rst | 1 +
source/networking/remote_access_vpn.rst | 545 +-------------------
source/networking/site_to_site_vpn.rst | 451 ++++++++++++++++
source/networking/using_remote_access.rst | 147 ++++++
source/networking_and_traffic.rst | 2 +
24 files changed, 604 insertions(+), 542 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/osxvpn_connected.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/osxvpn_connected.png b/source/_static/images/vpn/osxvpn_connected.png
new file mode 100644
index 0000000..768f7c4
Binary files /dev/null and b/source/_static/images/vpn/osxvpn_connected.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/osxvpn_form1.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/osxvpn_form1.png b/source/_static/images/vpn/osxvpn_form1.png
new file mode 100644
index 0000000..5a9b685
Binary files /dev/null and b/source/_static/images/vpn/osxvpn_form1.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/osxvpn_form2.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/osxvpn_form2.png b/source/_static/images/vpn/osxvpn_form2.png
new file mode 100644
index 0000000..fd30d80
Binary files /dev/null and b/source/_static/images/vpn/osxvpn_form2.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/osxvpn_form3.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/osxvpn_form3.png b/source/_static/images/vpn/osxvpn_form3.png
new file mode 100644
index 0000000..2fdbdff
Binary files /dev/null and b/source/_static/images/vpn/osxvpn_form3.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/osxvpn_netconf.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/osxvpn_netconf.png b/source/_static/images/vpn/osxvpn_netconf.png
new file mode 100644
index 0000000..a5a22c0
Binary files /dev/null and b/source/_static/images/vpn/osxvpn_netconf.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win1.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win1.png b/source/_static/images/vpn/win1.png
new file mode 100644
index 0000000..c9bb893
Binary files /dev/null and b/source/_static/images/vpn/win1.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win10.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win10.png b/source/_static/images/vpn/win10.png
new file mode 100644
index 0000000..2cbe591
Binary files /dev/null and b/source/_static/images/vpn/win10.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win11.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win11.png b/source/_static/images/vpn/win11.png
new file mode 100644
index 0000000..cf95426
Binary files /dev/null and b/source/_static/images/vpn/win11.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win12.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win12.png b/source/_static/images/vpn/win12.png
new file mode 100644
index 0000000..61ba08c
Binary files /dev/null and b/source/_static/images/vpn/win12.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win13.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win13.png b/source/_static/images/vpn/win13.png
new file mode 100644
index 0000000..d5a990f
Binary files /dev/null and b/source/_static/images/vpn/win13.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win14.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win14.png b/source/_static/images/vpn/win14.png
new file mode 100644
index 0000000..2d6e93c
Binary files /dev/null and b/source/_static/images/vpn/win14.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win2.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win2.png b/source/_static/images/vpn/win2.png
new file mode 100644
index 0000000..f30ef69
Binary files /dev/null and b/source/_static/images/vpn/win2.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win3.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win3.png b/source/_static/images/vpn/win3.png
new file mode 100644
index 0000000..bc0dc91
Binary files /dev/null and b/source/_static/images/vpn/win3.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win4.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win4.png b/source/_static/images/vpn/win4.png
new file mode 100644
index 0000000..1599f58
Binary files /dev/null and b/source/_static/images/vpn/win4.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win5.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win5.png b/source/_static/images/vpn/win5.png
new file mode 100644
index 0000000..d2d5f7a
Binary files /dev/null and b/source/_static/images/vpn/win5.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win6.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win6.png b/source/_static/images/vpn/win6.png
new file mode 100644
index 0000000..cb27870
Binary files /dev/null and b/source/_static/images/vpn/win6.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win7.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win7.png b/source/_static/images/vpn/win7.png
new file mode 100644
index 0000000..e601f15
Binary files /dev/null and b/source/_static/images/vpn/win7.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win8.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win8.png b/source/_static/images/vpn/win8.png
new file mode 100644
index 0000000..4ab5db5
Binary files /dev/null and b/source/_static/images/vpn/win8.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/_static/images/vpn/win9.png
----------------------------------------------------------------------
diff --git a/source/_static/images/vpn/win9.png b/source/_static/images/vpn/win9.png
new file mode 100644
index 0000000..e276f5f
Binary files /dev/null and b/source/_static/images/vpn/win9.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/index.rst
----------------------------------------------------------------------
diff --git a/source/index.rst b/source/index.rst
index 5ab217f..1fa6e00 100644
--- a/source/index.rst
+++ b/source/index.rst
@@ -145,6 +145,7 @@ Managing Networks and Traffic
:maxdepth: 2
networking_and_traffic
+ networking/using_remote_access
Managing the Cloud
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/networking/remote_access_vpn.rst
----------------------------------------------------------------------
diff --git a/source/networking/remote_access_vpn.rst b/source/networking/remote_access_vpn.rst
index 94e9733..77c573c 100644
--- a/source/networking/remote_access_vpn.rst
+++ b/source/networking/remote_access_vpn.rst
@@ -13,6 +13,7 @@
specific language governing permissions and limitations
under the License.
+.. _remote-access-vpn:
Remote Access VPN
-----------------
@@ -23,8 +24,8 @@ a network offering that offers the Remote Access VPN service, the
virtual router (based on the System VM) is used to provide the service.
CloudStack provides a L2TP-over-IPsec-based remote access VPN service to
guest virtual networks. Since each network gets its own virtual router,
-VPNs are not shared across the networks. VPN clients native to Windows,
-Mac OS X and iOS can be used to connect to the guest networks. The
+VPNs are not shared across the networks. VPN clients native to `Windows,
+Mac OS X <networking/using_remote_access.html>`_ and iOS can be used to connect to the guest networks. The
account owner can create and manage users for their VPN. CloudStack does
not use its account database for this purpose but uses a separate table.
The VPN user database is shared across all the VPNs created by the
@@ -154,543 +155,3 @@ Now, you need to add the VPN users.
#. Repeat the same steps to add the VPN users.
-
-Using Remote Access VPN with Windows
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The procedure to use VPN varies by Windows version. Generally, the user
-must edit the VPN properties and make sure that the default route is not
-the VPN. The following steps are for Windows L2TP clients on Windows
-Vista. The commands should be similar for other Windows versions.
-
-#. Log in to the CloudStack UI and click on the source NAT IP for the
- account. The VPN tab should display the IPsec preshared key. Make a
- note of this and the source NAT IP. The UI also lists one or more
- users and their passwords. Choose one of these users, or, if none
- exists, add a user and password.
-
-#. On the Windows box, go to Control Panel, then select Network and
- Sharing center. Click Setup a connection or network.
-
-#. In the next dialog, select No, create a new connection.
-
-#. In the next dialog, select Use my Internet Connection (VPN).
-
-#. In the next dialog, enter the source NAT IP from step
- #1 and give the connection a name. Check Don't
- connect now.
-
-#. In the next dialog, enter the user name and password selected in step
- #1.
-
-#. Click Create.
-
-#. Go back to the Control Panel and click Network Connections to see the
- new connection. The connection is not active yet.
-
-#. Right-click the new connection and select Properties. In the
- Properties dialog, select the Networking tab.
-
-#.
-
- In Type of VPN, choose L2TP IPsec VPN, then click IPsec settings.
- Select Use preshared key. Enter the preshared key from step #1.
-
-#. The connection is ready for activation. Go back to Control Panel ->
- Network Connections and double-click the created connection.
-
-#. Enter the user name and password from step #1.
-
-
-Using Remote Access VPN with Mac OS X
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-First, be sure you've configured the VPN settings in your CloudStack
-install. This section is only concerned with connecting via Mac OS X to
-your VPN.
-
-Note, these instructions were written on Mac OS X 10.7.5. They may
-differ slightly in older or newer releases of Mac OS X.
-
-#. On your Mac, open System Preferences and click Network.
-
-#. Make sure Send all traffic over VPN connection is not checked.
-
-#. If your preferences are locked, you'll need to click the lock in the
- bottom left-hand corner to make any changes and provide your
- administrator credentials.
-
-#. You will need to create a new network entry. Click the plus icon on
- the bottom left-hand side and you'll see a dialog that says "Select
- the interface and enter a name for the new service." Select VPN from
- the Interface drop-down menu, and "L2TP over IPSec" for the VPN Type.
- Enter whatever you like within the "Service Name" field.
-
-#. You'll now have a new network interface with the name of whatever you
- put in the "Service Name" field. For the purposes of this example,
- we'll assume you've named it "CloudStack." Click on that interface
- and provide the IP address of the interface for your VPN under the
- Server Address field, and the user name for your VPN under Account
- Name.
-
-#. Click Authentication Settings, and add the user's password under User
- Authentication and enter the pre-shared IPSec key in the Shared
- Secret field under Machine Authentication. Click OK.
-
-#. You may also want to click the "Show VPN status in menu bar" but
- that's entirely optional.
-
-#. Now click "Connect" and you will be connected to the CloudStack VPN.
-
-
-.. _setting-s2s-vpn-conn:
-
-Setting Up a Site-to-Site VPN Connection
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-A Site-to-Site VPN connection helps you establish a secure connection
-from an enterprise datacenter to the cloud infrastructure. This allows
-users to access the guest VMs by establishing a VPN connection to the
-virtual router of the account from a device in the datacenter of the
-enterprise. You can also establish a secure connection between two VPC
-setups or high availability zones in your environment. Having this
-facility eliminates the need to establish VPN connections to individual
-VMs.
-
-The difference from Remote VPN is that Site-to-site VPNs connects entire
-networks to each other, for example, connecting a branch office network
-to a company headquarters network. In a site-to-site VPN, hosts do not
-have VPN client software; they send and receive normal TCP/IP traffic
-through a VPN gateway.
-
-The supported endpoints on the remote datacenters are:
-
-- Cisco ISR with IOS 12.4 or later
-
-- Juniper J-Series routers with JunOS 9.5 or later
-
-- CloudStack virtual routers
-
-.. note::
- In addition to the specific Cisco and Juniper devices listed above, the
- expectation is that any Cisco or Juniper device running on the supported
- operating systems are able to establish VPN connections.
-
-To set up a Site-to-Site VPN connection, perform the following:
-
-#. Create a Virtual Private Cloud (VPC).
-
- See ":ref:`configuring-vpc`".
-
-#. Create a VPN Customer Gateway.
-
-#. Create a VPN gateway for the VPC that you created.
-
-#. Create VPN connection from the VPC VPN gateway to the customer VPN
- gateway.
-
-
-Creating and Updating a VPN Customer Gateway
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. note::
- A VPN customer gateway can be connected to only one VPN gateway at a time.
-
-To add a VPN Customer Gateway:
-
-#. Log in to the CloudStack UI as an administrator or end user.
-
-#. In the left navigation, choose Network.
-
-#. In the Select view, select VPN Customer Gateway.
-
-#. Click Add VPN Customer Gateway.
-
- |addvpncustomergateway.png|
-
- Provide the following information:
-
- - **Name**: A unique name for the VPN customer gateway you create.
-
- - **Gateway**: The IP address for the remote gateway.
-
- - **CIDR list**: The guest CIDR list of the remote subnets. Enter a
- CIDR or a comma-separated list of CIDRs. Ensure that a guest CIDR
- list is not overlapped with the VPC's CIDR, or another guest CIDR.
- The CIDR must be RFC1918-compliant.
-
- - **IPsec Preshared Key**: Preshared keying is a method where the
- endpoints of the VPN share a secret key. This key value is used to
- authenticate the customer gateway and the VPC VPN gateway to each
- other.
-
- .. note::
- The IKE peers (VPN end points) authenticate each other by
- computing and sending a keyed hash of data that includes the
- Preshared key. If the receiving peer is able to create the same
- hash independently by using its Preshared key, it knows that both
- peers must share the same secret, thus authenticating the customer
- gateway.
-
- - **IKE Encryption**: The Internet Key Exchange (IKE) policy for
- phase-1. The supported encryption algorithms are AES128, AES192,
- AES256, and 3DES. Authentication is accomplished through the
- Preshared Keys.
-
- .. note::
- The phase-1 is the first phase in the IKE process. In this initial
- negotiation phase, the two VPN endpoints agree on the methods to
- be used to provide security for the underlying IP traffic. The
- phase-1 authenticates the two VPN gateways to each other, by
- confirming that the remote gateway has a matching Preshared Key.
-
- - **IKE Hash**: The IKE hash for phase-1. The supported hash
- algorithms are SHA1 and MD5.
-
- - **IKE DH**: A public-key cryptography protocol which allows two
- parties to establish a shared secret over an insecure
- communications channel. The 1536-bit Diffie-Hellman group is used
- within IKE to establish session keys. The supported options are
- None, Group-5 (1536-bit) and Group-2 (1024-bit).
-
- - **ESP Encryption**: Encapsulating Security Payload (ESP) algorithm
- within phase-2. The supported encryption algorithms are AES128,
- AES192, AES256, and 3DES.
-
- .. note::
- The phase-2 is the second phase in the IKE process. The purpose of
- IKE phase-2 is to negotiate IPSec security associations (SA) to
- set up the IPSec tunnel. In phase-2, new keying material is
- extracted from the Diffie-Hellman key exchange in phase-1, to
- provide session keys to use in protecting the VPN data flow.
-
- - **ESP Hash**: Encapsulating Security Payload (ESP) hash for
- phase-2. Supported hash algorithms are SHA1 and MD5.
-
- - **Perfect Forward Secrecy**: Perfect Forward Secrecy (or PFS) is
- the property that ensures that a session key derived from a set of
- long-term public and private keys will not be compromised. This
- property enforces a new Diffie-Hellman key exchange. It provides
- the keying material that has greater key material life and thereby
- greater resistance to cryptographic attacks. The available options
- are None, Group-5 (1536-bit) and Group-2 (1024-bit). The security
- of the key exchanges increase as the DH groups grow larger, as
- does the time of the exchanges.
-
- .. note::
- When PFS is turned on, for every negotiation of a new phase-2 SA
- the two gateways must generate a new set of phase-1 keys. This
- adds an extra layer of protection that PFS adds, which ensures if
- the phase-2 SA's have expired, the keys used for new phase-2 SA's
- have not been generated from the current phase-1 keying material.
-
- - **IKE Lifetime (seconds)**: The phase-1 lifetime of the security
- association in seconds. Default is 86400 seconds (1 day). Whenever
- the time expires, a new phase-1 exchange is performed.
-
- - **ESP Lifetime (seconds)**: The phase-2 lifetime of the security
- association in seconds. Default is 3600 seconds (1 hour). Whenever
- the value is exceeded, a re-key is initiated to provide a new
- IPsec encryption and authentication session keys.
-
- - **Dead Peer Detection**: A method to detect an unavailable
- Internet Key Exchange (IKE) peer. Select this option if you want
- the virtual router to query the liveliness of its IKE peer at
- regular intervals. It's recommended to have the same configuration
- of DPD on both side of VPN connection.
-
-#. Click OK.
-
-
-Updating and Removing a VPN Customer Gateway
-''''''''''''''''''''''''''''''''''''''''''''
-
-You can update a customer gateway either with no VPN connection, or
-related VPN connection is in error state.
-
-#. Log in to the CloudStack UI as an administrator or end user.
-
-#. In the left navigation, choose Network.
-
-#. In the Select view, select VPN Customer Gateway.
-
-#. Select the VPN customer gateway you want to work with.
-
-#. To modify the required parameters, click the Edit VPN Customer
- Gateway button |vpn-edit-icon.png|
-
-#. To remove the VPN customer gateway, click the Delete VPN Customer
- Gateway button |delete.png|
-
-#. Click OK.
-
-
-Creating a VPN gateway for the VPC
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#. Log in to the CloudStack UI as an administrator or end user.
-
-#. In the left navigation, choose Network.
-
-#. In the Select view, select VPC.
-
- All the VPCs that you have created for the account is listed in the
- page.
-
-#. Click the Configure button of the VPC to which you want to deploy the
- VMs.
-
- The VPC page is displayed where all the tiers you created are listed
- in a diagram.
-
- For each tier, the following options are displayed:
-
- - Internal LB
-
- - Public LB IP
-
- - Static NAT
-
- - Virtual Machines
-
- - CIDR
-
- The following router information is displayed:
-
- - Private Gateways
-
- - Public IP Addresses
-
- - Site-to-Site VPNs
-
- - Network ACL Lists
-
-#. Select Site-to-Site VPN.
-
- If you are creating the VPN gateway for the first time, selecting
- Site-to-Site VPN prompts you to create a VPN gateway.
-
-#. In the confirmation dialog, click Yes to confirm.
-
- Within a few moments, the VPN gateway is created. You will be
- prompted to view the details of the VPN gateway you have created.
- Click Yes to confirm.
-
- The following details are displayed in the VPN Gateway page:
-
- - IP Address
-
- - Account
-
- - Domain
-
-
-Creating a VPN Connection
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. note:: CloudStack supports creating up to 8 VPN connections.
-
-#. Log in to the CloudStack UI as an administrator or end user.
-
-#. In the left navigation, choose Network.
-
-#. In the Select view, select VPC.
-
- All the VPCs that you create for the account are listed in the page.
-
-#. Click the Configure button of the VPC to which you want to deploy the
- VMs.
-
- The VPC page is displayed where all the tiers you created are listed
- in a diagram.
-
-#. Click the Settings icon.
-
- For each tier, the following options are displayed:
-
- - Internal LB
-
- - Public LB IP
-
- - Static NAT
-
- - Virtual Machines
-
- - CIDR
-
- The following router information is displayed:
-
- - Private Gateways
-
- - Public IP Addresses
-
- - Site-to-Site VPNs
-
- - Network ACL Lists
-
-#. Select Site-to-Site VPN.
-
- The Site-to-Site VPN page is displayed.
-
-#. From the Select View drop-down, ensure that VPN Connection is
- selected.
-
-#. Click Create VPN Connection.
-
- The Create VPN Connection dialog is displayed:
-
- |createvpnconnection.png|
-
-#. Select the desired customer gateway.
-
-#. Select Passive if you want to establish a connection between two VPC
- virtual routers.
-
- If you want to establish a connection between two VPC virtual
- routers, select Passive only on one of the VPC virtual routers, which
- waits for the other VPC virtual router to initiate the connection. Do
- not select Passive on the VPC virtual router that initiates the
- connection.
-
-#. Click OK to confirm.
-
- Within a few moments, the VPN Connection is displayed.
-
- The following information on the VPN connection is displayed:
-
- - IP Address
-
- - Gateway
-
- - State
-
- - IPSec Preshared Key
-
- - IKE Policy
-
- - ESP Policy
-
-
-Site-to-Site VPN Connection Between VPC Networks
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-CloudStack provides you with the ability to establish a site-to-site VPN
-connection between CloudStack virtual routers. To achieve that, add a
-passive mode Site-to-Site VPN. With this functionality, users can deploy
-applications in multiple Availability Zones or VPCs, which can
-communicate with each other by using a secure Site-to-Site VPN Tunnel.
-
-This feature is supported on all the hypervisors.
-
-#. Create two VPCs. For example, VPC A and VPC B.
-
- For more information, see ":ref:`configuring-vpc`".
-
-#. Create VPN gateways on both the VPCs you created.
-
- For more information, see `"Creating a VPN gateway
- for the VPC" <#creating-a-vpn-gateway-for-the-vpc>`_.
-
-#. Create VPN customer gateway for both the VPCs.
-
- For more information, see `"Creating and Updating
- a VPN Customer Gateway" <#creating-and-updating-a-vpn-customer-gateway>`_.
-
-#. Enable a VPN connection on VPC A in passive mode.
-
- For more information, see `"Creating a VPN
- Connection" <#creating-a-vpn-connection>`_.
-
- Ensure that the customer gateway is pointed to VPC B. The VPN
- connection is shown in the Disconnected state.
-
-#. Enable a VPN connection on VPC B.
-
- Ensure that the customer gateway is pointed to VPC A. Because virtual
- router of VPC A, in this case, is in passive mode and is waiting for
- the virtual router of VPC B to initiate the connection, VPC B virtual
- router should not be in passive mode.
-
- The VPN connection is shown in the Disconnected state.
-
- Creating VPN connection on both the VPCs initiates a VPN connection.
- Wait for few seconds. The default is 30 seconds for both the VPN
- connections to show the Connected state.
-
-
-Restarting and Removing a VPN Connection
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#. Log in to the CloudStack UI as an administrator or end user.
-
-#. In the left navigation, choose Network.
-
-#. In the Select view, select VPC.
-
- All the VPCs that you have created for the account is listed in the
- page.
-
-#. Click the Configure button of the VPC to which you want to deploy the
- VMs.
-
- The VPC page is displayed where all the tiers you created are listed
- in a diagram.
-
-#. Click the Settings icon.
-
- For each tier, the following options are displayed:
-
- - Internal LB
-
- - Public LB IP
-
- - Static NAT
-
- - Virtual Machines
-
- - CIDR
-
- The following router information is displayed:
-
- - Private Gateways
-
- - Public IP Addresses
-
- - Site-to-Site VPNs
-
- - Network ACL Lists
-
-#. Select Site-to-Site VPN.
-
- The Site-to-Site VPN page is displayed.
-
-#. From the Select View drop-down, ensure that VPN Connection is
- selected.
-
- All the VPN connections you created are displayed.
-
-#. Select the VPN connection you want to work with.
-
- The Details tab is displayed.
-
-#. To remove a VPN connection, click the Delete VPN connection button
- |remove-vpn.png|
-
- To restart a VPN connection, click the Reset VPN connection button
- present in the Details tab. |reset-vpn.png|
-
-
-.. |vpn-icon.png| image:: /_static/images/vpn-icon.png
- :alt: button to enable VPN.
-.. |addvpncustomergateway.png| image:: /_static/images/add-vpn-customer-gateway.png
- :alt: adding a customer gateway.
-.. |createvpnconnection.png| image:: /_static/images/create-vpn-connection.png
- :alt: creating a VPN connection to the customer gateway.
-.. |remove-vpn.png| image:: /_static/images/remove-vpn.png
- :alt: button to remove a VPN connection
-.. |reset-vpn.png| image:: /_static/images/reset-vpn.png
- :alt: button to reset a VPN connection
-.. |delete.png| image:: /_static/images/delete-button.png
- :alt: button to remove a VPN customer gateway.
-.. |vpn-edit-icon.png| image:: /_static/images/edit-icon.png
- :alt: button to edit.
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/networking/site_to_site_vpn.rst
----------------------------------------------------------------------
diff --git a/source/networking/site_to_site_vpn.rst b/source/networking/site_to_site_vpn.rst
new file mode 100644
index 0000000..34ec0a9
--- /dev/null
+++ b/source/networking/site_to_site_vpn.rst
@@ -0,0 +1,451 @@
+.. _setting-s2s-vpn-conn:
+
+Setting Up a Site-to-Site VPN Connection
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+A Site-to-Site VPN connection helps you establish a secure connection
+from an enterprise datacenter to the cloud infrastructure. This allows
+users to access the guest VMs by establishing a VPN connection to the
+virtual router of the account from a device in the datacenter of the
+enterprise. You can also establish a secure connection between two VPC
+setups or high availability zones in your environment. Having this
+facility eliminates the need to establish VPN connections to individual
+VMs.
+
+The difference from Remote VPN is that Site-to-site VPNs connects entire
+networks to each other, for example, connecting a branch office network
+to a company headquarters network. In a site-to-site VPN, hosts do not
+have VPN client software; they send and receive normal TCP/IP traffic
+through a VPN gateway.
+
+The supported endpoints on the remote datacenters are:
+
+- Cisco ISR with IOS 12.4 or later
+
+- Juniper J-Series routers with JunOS 9.5 or later
+
+- CloudStack virtual routers
+
+.. note::
+ In addition to the specific Cisco and Juniper devices listed above, the
+ expectation is that any Cisco or Juniper device running on the supported
+ operating systems are able to establish VPN connections.
+
+To set up a Site-to-Site VPN connection, perform the following:
+
+#. Create a Virtual Private Cloud (VPC).
+
+ See ":ref:`configuring-vpc`".
+
+#. Create a VPN Customer Gateway.
+
+#. Create a VPN gateway for the VPC that you created.
+
+#. Create VPN connection from the VPC VPN gateway to the customer VPN
+ gateway.
+
+
+Creating and Updating a VPN Customer Gateway
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. note::
+ A VPN customer gateway can be connected to only one VPN gateway at a time.
+
+To add a VPN Customer Gateway:
+
+#. Log in to the CloudStack UI as an administrator or end user.
+
+#. In the left navigation, choose Network.
+
+#. In the Select view, select VPN Customer Gateway.
+
+#. Click Add VPN Customer Gateway.
+
+ |addvpncustomergateway.png|
+
+ Provide the following information:
+
+ - **Name**: A unique name for the VPN customer gateway you create.
+
+ - **Gateway**: The IP address for the remote gateway.
+
+ - **CIDR list**: The guest CIDR list of the remote subnets. Enter a
+ CIDR or a comma-separated list of CIDRs. Ensure that a guest CIDR
+ list is not overlapped with the VPC's CIDR, or another guest CIDR.
+ The CIDR must be RFC1918-compliant.
+
+ - **IPsec Preshared Key**: Preshared keying is a method where the
+ endpoints of the VPN share a secret key. This key value is used to
+ authenticate the customer gateway and the VPC VPN gateway to each
+ other.
+
+ .. note::
+ The IKE peers (VPN end points) authenticate each other by
+ computing and sending a keyed hash of data that includes the
+ Preshared key. If the receiving peer is able to create the same
+ hash independently by using its Preshared key, it knows that both
+ peers must share the same secret, thus authenticating the customer
+ gateway.
+
+ - **IKE Encryption**: The Internet Key Exchange (IKE) policy for
+ phase-1. The supported encryption algorithms are AES128, AES192,
+ AES256, and 3DES. Authentication is accomplished through the
+ Preshared Keys.
+
+ .. note::
+ The phase-1 is the first phase in the IKE process. In this initial
+ negotiation phase, the two VPN endpoints agree on the methods to
+ be used to provide security for the underlying IP traffic. The
+ phase-1 authenticates the two VPN gateways to each other, by
+ confirming that the remote gateway has a matching Preshared Key.
+
+ - **IKE Hash**: The IKE hash for phase-1. The supported hash
+ algorithms are SHA1 and MD5.
+
+ - **IKE DH**: A public-key cryptography protocol which allows two
+ parties to establish a shared secret over an insecure
+ communications channel. The 1536-bit Diffie-Hellman group is used
+ within IKE to establish session keys. The supported options are
+ None, Group-5 (1536-bit) and Group-2 (1024-bit).
+
+ - **ESP Encryption**: Encapsulating Security Payload (ESP) algorithm
+ within phase-2. The supported encryption algorithms are AES128,
+ AES192, AES256, and 3DES.
+
+ .. note::
+ The phase-2 is the second phase in the IKE process. The purpose of
+ IKE phase-2 is to negotiate IPSec security associations (SA) to
+ set up the IPSec tunnel. In phase-2, new keying material is
+ extracted from the Diffie-Hellman key exchange in phase-1, to
+ provide session keys to use in protecting the VPN data flow.
+
+ - **ESP Hash**: Encapsulating Security Payload (ESP) hash for
+ phase-2. Supported hash algorithms are SHA1 and MD5.
+
+ - **Perfect Forward Secrecy**: Perfect Forward Secrecy (or PFS) is
+ the property that ensures that a session key derived from a set of
+ long-term public and private keys will not be compromised. This
+ property enforces a new Diffie-Hellman key exchange. It provides
+ the keying material that has greater key material life and thereby
+ greater resistance to cryptographic attacks. The available options
+ are None, Group-5 (1536-bit) and Group-2 (1024-bit). The security
+ of the key exchanges increase as the DH groups grow larger, as
+ does the time of the exchanges.
+
+ .. note::
+ When PFS is turned on, for every negotiation of a new phase-2 SA
+ the two gateways must generate a new set of phase-1 keys. This
+ adds an extra layer of protection that PFS adds, which ensures if
+ the phase-2 SA's have expired, the keys used for new phase-2 SA's
+ have not been generated from the current phase-1 keying material.
+
+ - **IKE Lifetime (seconds)**: The phase-1 lifetime of the security
+ association in seconds. Default is 86400 seconds (1 day). Whenever
+ the time expires, a new phase-1 exchange is performed.
+
+ - **ESP Lifetime (seconds)**: The phase-2 lifetime of the security
+ association in seconds. Default is 3600 seconds (1 hour). Whenever
+ the value is exceeded, a re-key is initiated to provide a new
+ IPsec encryption and authentication session keys.
+
+ - **Dead Peer Detection**: A method to detect an unavailable
+ Internet Key Exchange (IKE) peer. Select this option if you want
+ the virtual router to query the liveliness of its IKE peer at
+ regular intervals. It's recommended to have the same configuration
+ of DPD on both side of VPN connection.
+
+#. Click OK.
+
+
+Updating and Removing a VPN Customer Gateway
+''''''''''''''''''''''''''''''''''''''''''''
+
+You can update a customer gateway either with no VPN connection, or
+related VPN connection is in error state.
+
+#. Log in to the CloudStack UI as an administrator or end user.
+
+#. In the left navigation, choose Network.
+
+#. In the Select view, select VPN Customer Gateway.
+
+#. Select the VPN customer gateway you want to work with.
+
+#. To modify the required parameters, click the Edit VPN Customer
+ Gateway button |vpn-edit-icon.png|
+
+#. To remove the VPN customer gateway, click the Delete VPN Customer
+ Gateway button |delete.png|
+
+#. Click OK.
+
+
+Creating a VPN gateway for the VPC
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+#. Log in to the CloudStack UI as an administrator or end user.
+
+#. In the left navigation, choose Network.
+
+#. In the Select view, select VPC.
+
+ All the VPCs that you have created for the account is listed in the
+ page.
+
+#. Click the Configure button of the VPC to which you want to deploy the
+ VMs.
+
+ The VPC page is displayed where all the tiers you created are listed
+ in a diagram.
+
+ For each tier, the following options are displayed:
+
+ - Internal LB
+
+ - Public LB IP
+
+ - Static NAT
+
+ - Virtual Machines
+
+ - CIDR
+
+ The following router information is displayed:
+
+ - Private Gateways
+
+ - Public IP Addresses
+
+ - Site-to-Site VPNs
+
+ - Network ACL Lists
+
+#. Select Site-to-Site VPN.
+
+ If you are creating the VPN gateway for the first time, selecting
+ Site-to-Site VPN prompts you to create a VPN gateway.
+
+#. In the confirmation dialog, click Yes to confirm.
+
+ Within a few moments, the VPN gateway is created. You will be
+ prompted to view the details of the VPN gateway you have created.
+ Click Yes to confirm.
+
+ The following details are displayed in the VPN Gateway page:
+
+ - IP Address
+
+ - Account
+
+ - Domain
+
+
+Creating a VPN Connection
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. note:: CloudStack supports creating up to 8 VPN connections.
+
+#. Log in to the CloudStack UI as an administrator or end user.
+
+#. In the left navigation, choose Network.
+
+#. In the Select view, select VPC.
+
+ All the VPCs that you create for the account are listed in the page.
+
+#. Click the Configure button of the VPC to which you want to deploy the
+ VMs.
+
+ The VPC page is displayed where all the tiers you created are listed
+ in a diagram.
+
+#. Click the Settings icon.
+
+ For each tier, the following options are displayed:
+
+ - Internal LB
+
+ - Public LB IP
+
+ - Static NAT
+
+ - Virtual Machines
+
+ - CIDR
+
+ The following router information is displayed:
+
+ - Private Gateways
+
+ - Public IP Addresses
+
+ - Site-to-Site VPNs
+
+ - Network ACL Lists
+
+#. Select Site-to-Site VPN.
+
+ The Site-to-Site VPN page is displayed.
+
+#. From the Select View drop-down, ensure that VPN Connection is
+ selected.
+
+#. Click Create VPN Connection.
+
+ The Create VPN Connection dialog is displayed:
+
+ |createvpnconnection.png|
+
+#. Select the desired customer gateway.
+
+#. Select Passive if you want to establish a connection between two VPC
+ virtual routers.
+
+ If you want to establish a connection between two VPC virtual
+ routers, select Passive only on one of the VPC virtual routers, which
+ waits for the other VPC virtual router to initiate the connection. Do
+ not select Passive on the VPC virtual router that initiates the
+ connection.
+
+#. Click OK to confirm.
+
+ Within a few moments, the VPN Connection is displayed.
+
+ The following information on the VPN connection is displayed:
+
+ - IP Address
+
+ - Gateway
+
+ - State
+
+ - IPSec Preshared Key
+
+ - IKE Policy
+
+ - ESP Policy
+
+
+Site-to-Site VPN Connection Between VPC Networks
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+CloudStack provides you with the ability to establish a site-to-site VPN
+connection between CloudStack virtual routers. To achieve that, add a
+passive mode Site-to-Site VPN. With this functionality, users can deploy
+applications in multiple Availability Zones or VPCs, which can
+communicate with each other by using a secure Site-to-Site VPN Tunnel.
+
+This feature is supported on all the hypervisors.
+
+#. Create two VPCs. For example, VPC A and VPC B.
+
+ For more information, see ":ref:`configuring-vpc`".
+
+#. Create VPN gateways on both the VPCs you created.
+
+ For more information, see `"Creating a VPN gateway
+ for the VPC" <#creating-a-vpn-gateway-for-the-vpc>`_.
+
+#. Create VPN customer gateway for both the VPCs.
+
+ For more information, see `"Creating and Updating
+ a VPN Customer Gateway" <#creating-and-updating-a-vpn-customer-gateway>`_.
+
+#. Enable a VPN connection on VPC A in passive mode.
+
+ For more information, see `"Creating a VPN
+ Connection" <#creating-a-vpn-connection>`_.
+
+ Ensure that the customer gateway is pointed to VPC B. The VPN
+ connection is shown in the Disconnected state.
+
+#. Enable a VPN connection on VPC B.
+
+ Ensure that the customer gateway is pointed to VPC A. Because virtual
+ router of VPC A, in this case, is in passive mode and is waiting for
+ the virtual router of VPC B to initiate the connection, VPC B virtual
+ router should not be in passive mode.
+
+ The VPN connection is shown in the Disconnected state.
+
+ Creating VPN connection on both the VPCs initiates a VPN connection.
+ Wait for few seconds. The default is 30 seconds for both the VPN
+ connections to show the Connected state.
+
+
+Restarting and Removing a VPN Connection
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+#. Log in to the CloudStack UI as an administrator or end user.
+
+#. In the left navigation, choose Network.
+
+#. In the Select view, select VPC.
+
+ All the VPCs that you have created for the account is listed in the
+ page.
+
+#. Click the Configure button of the VPC to which you want to deploy the
+ VMs.
+
+ The VPC page is displayed where all the tiers you created are listed
+ in a diagram.
+
+#. Click the Settings icon.
+
+ For each tier, the following options are displayed:
+
+ - Internal LB
+
+ - Public LB IP
+
+ - Static NAT
+
+ - Virtual Machines
+
+ - CIDR
+
+ The following router information is displayed:
+
+ - Private Gateways
+
+ - Public IP Addresses
+
+ - Site-to-Site VPNs
+
+ - Network ACL Lists
+
+#. Select Site-to-Site VPN.
+
+ The Site-to-Site VPN page is displayed.
+
+#. From the Select View drop-down, ensure that VPN Connection is
+ selected.
+
+ All the VPN connections you created are displayed.
+
+#. Select the VPN connection you want to work with.
+
+ The Details tab is displayed.
+
+#. To remove a VPN connection, click the Delete VPN connection button
+ |remove-vpn.png|
+
+ To restart a VPN connection, click the Reset VPN connection button
+ present in the Details tab. |reset-vpn.png|
+
+
+.. |vpn-icon.png| image:: /_static/images/vpn-icon.png
+ :alt: button to enable VPN.
+.. |addvpncustomergateway.png| image:: /_static/images/add-vpn-customer-gateway.png
+ :alt: adding a customer gateway.
+.. |createvpnconnection.png| image:: /_static/images/create-vpn-connection.png
+ :alt: creating a VPN connection to the customer gateway.
+.. |remove-vpn.png| image:: /_static/images/remove-vpn.png
+ :alt: button to remove a VPN connection
+.. |reset-vpn.png| image:: /_static/images/reset-vpn.png
+ :alt: button to reset a VPN connection
+.. |delete.png| image:: /_static/images/delete-button.png
+ :alt: button to remove a VPN customer gateway.
+.. |vpn-edit-icon.png| image:: /_static/images/edit-icon.png
+ :alt: button to edit.
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/networking/using_remote_access.rst
----------------------------------------------------------------------
diff --git a/source/networking/using_remote_access.rst b/source/networking/using_remote_access.rst
new file mode 100644
index 0000000..dce0af6
--- /dev/null
+++ b/source/networking/using_remote_access.rst
@@ -0,0 +1,147 @@
+.. Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information#
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+Using Remote Access VPN
+=======================
+
+.. sidebar:: Clients
+ :subtitle: Per Operating System instructions
+
+ .. contents::
+ :local:
+ :depth: 1
+
+Remote Access VPN connection to VPC or Guest Network to access Instances and applications. This section consider you have enable Remonte acccess VPN, refer to: :ref:`remote-access-vpn`.
+
+When connected to a VPC via VPN, the client have access to all Tiers.
+
+Following information is required to confiture VPN client:
+
+ - ``Public IP``: source NAT with VPN enabled.
+ - ``IPsec pre-shared key``: Provide at the VPN activation.
+ - ``Username`` VPN account username.
+ - ``Password`` VPN account password.
+
+
+Mac OSX
+-------
+
+Mac OSX provide native IPsec VPN client.
+
+#. Into System Preferences -> Network
+
+#. Click "+" button and add a VPN:
+
+ - Interface: VPN
+ - VPN Type: L2TP over IPSec
+ - Service Name: (ex: test-vpc1)
+
+ .. image:: ../_static/images/vpn/osxvpn_netconf.png
+ :align: center
+ :width: 400 px
+
+#. Configure L2TP over IPsec
+
+ .. image:: ../_static/images/vpn/osxvpn_form1.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/osxvpn_form2.png
+ :align: center
+ :width: 400 px
+
+#. Inside Authentication Settings...
+
+ .. image:: ../_static/images/vpn/osxvpn_form3.png
+ :align: center
+ :width: 400 px
+
+#. Connect into VPN
+
+ #. Click Apply to apply Network configuration changes.
+ #. Click Connect to initiate VPN connection.
+
+ .. image:: ../_static/images/vpn/osxvpn_connected.png
+ :align: center
+ :width: 400 px
+
+
+Microsoft Windows 8
+-------------------
+
+Following instruction have been perform using Windows 8.1 using Native VPN client.
+
+#. Create network VPN connection
+
+ .. image:: ../_static/images/vpn/win1.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win2.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win3.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win4.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win5.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win6.png
+ :align: center
+ :width: 400 px
+
+
+#. Configure VPN settings
+
+ .. image:: ../_static/images/vpn/win7.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win8.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win9.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win10.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win11.png
+ :align: center
+ :width: 400 px
+
+#. Initiate VPN connection
+
+ .. image:: ../_static/images/vpn/win12.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win13.png
+ :align: center
+ :width: 400 px
+
+ .. image:: ../_static/images/vpn/win14.png
+ :align: center
+ :width: 400 px
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/200bfbc7/source/networking_and_traffic.rst
----------------------------------------------------------------------
diff --git a/source/networking_and_traffic.rst b/source/networking_and_traffic.rst
index f29ed3b..a8e022d 100644
--- a/source/networking_and_traffic.rst
+++ b/source/networking_and_traffic.rst
@@ -72,6 +72,8 @@ providing networking features for guest traffic.
.. include:: networking/remote_access_vpn.rst
+.. include:: networking/site_to_site_vpn.rst
+
.. include:: networking/inter_vlan_routing.rst
.. include:: networking/virtual_private_cloud_config.rst
[2/3] cloudstack-docs-admin git commit: remove typo
Posted by pd...@apache.org.
remove typo
Project: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/commit/da0ec6f5
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/tree/da0ec6f5
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/diff/da0ec6f5
Branch: refs/heads/master
Commit: da0ec6f5be66c9181901da2fb77587305ad374c5
Parents: 200bfbc
Author: Pierre-Luc Dion <pd...@apache.org>
Authored: Sat Mar 7 19:39:03 2015 -0500
Committer: Pierre-Luc Dion <pd...@apache.org>
Committed: Sat Mar 7 19:39:03 2015 -0500
----------------------------------------------------------------------
source/accounts.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/da0ec6f5/source/accounts.rst
----------------------------------------------------------------------
diff --git a/source/accounts.rst b/source/accounts.rst
index b6a6652..9c89212 100644
--- a/source/accounts.rst
+++ b/source/accounts.rst
@@ -235,7 +235,7 @@ Restricting LDAP users to a group:
LDAP SSL:
~~~~~~~~~
-| If the LDAP server requires SSL, you need to enable the below configurations.
+If the LDAP server requires SSL, you need to enable the below configurations.
Before enabling SSL for LDAP, you need to get the certificate which the LDAP server is using and add it to a trusted keystore.
You will need to know the path to the keystore and the password.
[3/3] cloudstack-docs-admin git commit: add copyright,
change year and version to 4.5
Posted by pd...@apache.org.
add copyright, change year and version to 4.5
Project: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/commit/8f4c7dcc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/tree/8f4c7dcc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/diff/8f4c7dcc
Branch: refs/heads/master
Commit: 8f4c7dcc1b528431197ccaa75a8a2fc7aab363dd
Parents: da0ec6f
Author: Pierre-Luc Dion <pd...@apache.org>
Authored: Sat Mar 7 19:41:35 2015 -0500
Committer: Pierre-Luc Dion <pd...@apache.org>
Committed: Sat Mar 7 19:41:35 2015 -0500
----------------------------------------------------------------------
source/conf.py | 6 +++---
source/networking/remote_access_vpn.rst | 3 ++-
source/networking/using_remote_access.rst | 1 +
3 files changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/8f4c7dcc/source/conf.py
----------------------------------------------------------------------
diff --git a/source/conf.py b/source/conf.py
index 9811851..29c6992 100644
--- a/source/conf.py
+++ b/source/conf.py
@@ -52,7 +52,7 @@ master_doc = 'index'
# General information about the project.
project = u'Apache CloudStack Administration Documentation'
-#copyright = u'2014, Apache Software Foundation'
+copyright = u'2015, Apache Software Foundation'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
@@ -61,7 +61,7 @@ project = u'Apache CloudStack Administration Documentation'
# The short X.Y version.
version = '4'
# The full version, including alpha/beta/rc tags.
-release = '4.4'
+release = '4.5'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@@ -279,7 +279,7 @@ texinfo_documents = [
epub_title = u'CloudStack Administration Documentation'
epub_author = u'Apache Software Foundation'
epub_publisher = u'Apache Software Foundation'
-epub_copyright = u'2014, Apache Software Foundation'
+epub_copyright = u'2015, Apache Software Foundation'
# The basename for the epub file. It defaults to the project name.
#epub_basename = u'CloudStack Administration Documentation'
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/8f4c7dcc/source/networking/remote_access_vpn.rst
----------------------------------------------------------------------
diff --git a/source/networking/remote_access_vpn.rst b/source/networking/remote_access_vpn.rst
index 77c573c..52589b7 100644
--- a/source/networking/remote_access_vpn.rst
+++ b/source/networking/remote_access_vpn.rst
@@ -12,7 +12,8 @@
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-
+
+
.. _remote-access-vpn:
Remote Access VPN
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/8f4c7dcc/source/networking/using_remote_access.rst
----------------------------------------------------------------------
diff --git a/source/networking/using_remote_access.rst b/source/networking/using_remote_access.rst
index dce0af6..0190fad 100644
--- a/source/networking/using_remote_access.rst
+++ b/source/networking/using_remote_access.rst
@@ -13,6 +13,7 @@
specific language governing permissions and limitations
under the License.
+
Using Remote Access VPN
=======================