You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by "Patrick W." <wa...@hotmail.com> on 2015/10/26 12:03:09 UTC
ACS Virtual Routers VPN multiple connections
Hi All,
I’d like to get some of your feedback about the operation of
the VPN feature of ACS Virtual Routers. The main problem encountered is the
fact that only one single L2TP/IPSec connection can be established at a time,
from the same physical location, behind the same gateway / router / NAT device
/ single public IP. Two or more clients can establish connections if they’re
not in the same location and behind the same restrictions listed above.
As this has been observed on multiple locations, with
various network topologies, setup and hardware, before digging into the network
configuration and options, I wanted to ensure it’s not a limitation coming from
the ACS VR itself.
Has anyone experienced or bypassed the same constraint?
Thanks in advance
patrick
Re: ACS Virtual Routers VPN multiple connections
Posted by Jayapal Reddy <ja...@gmail.com>.
Hi Patrick,
Connecting multiple remote access vpn clients from behind nat (from the
same public ip) is not supported in strongswan vpn also.
I think this is possible with the ikve2 but not with ikve1. Ikev2 i have
not tried.
Thanks,
Jayapal
On Mon, Oct 26, 2015 at 5:11 PM, Patrick W. <wa...@hotmail.com> wrote:
> Hi Jayapal,
> Great, thanks for your quick precise reply!I saw your work on replacing it
> with strongswan. Is this going to potentially resolve this limitation? Any
> status to share on this work?
> Many many thanks!Patrick
>
> > From: jayapalreddy.uradi@citrix.com
> > To: users@cloudstack.apache.org
> > Subject: Re: ACS Virtual Routers VPN multiple connections
> > Date: Mon, 26 Oct 2015 11:17:45 +0000
> >
> > Hi Patrick,
> >
> > ACS VR is using the openswan ipsec for vpn.
> > Only one VPN client connection is supported by openswan when multiple
> clients are trying to connect to same public of the VR. This is the
> limitation from the openswan ipsec.
> >
> > Thanks,
> > Jayapal
> >
> >
> > > On 26-Oct-2015, at 4:33 pm, Patrick W. <wa...@hotmail.com> wrote:
> > >
> > > Hi All,
> > >
> > >
> > >
> > >
> > >
> > > I’d like to get some of your feedback about the operation of
> > > the VPN feature of ACS Virtual Routers. The main problem encountered
> is the
> > > fact that only one single L2TP/IPSec connection can be established at
> a time,
> > > from the same physical location, behind the same gateway / router /
> NAT device
> > > / single public IP. Two or more clients can establish connections if
> they’re
> > > not in the same location and behind the same restrictions listed above.
> > >
> > > As this has been observed on multiple locations, with
> > > various network topologies, setup and hardware, before digging into
> the network
> > > configuration and options, I wanted to ensure it’s not a limitation
> coming from
> > > the ACS VR itself.
> > >
> > >
> > >
> > >
> > >
> > > Has anyone experienced or bypassed the same constraint?
> > >
> > >
> > >
> > >
> > >
> > > Thanks in advance
> > >
> > > patrick
> >
>
>
RE: ACS Virtual Routers VPN multiple connections
Posted by "Patrick W." <wa...@hotmail.com>.
Hi Jayapal,
Great, thanks for your quick precise reply!I saw your work on replacing it with strongswan. Is this going to potentially resolve this limitation? Any status to share on this work?
Many many thanks!Patrick
> From: jayapalreddy.uradi@citrix.com
> To: users@cloudstack.apache.org
> Subject: Re: ACS Virtual Routers VPN multiple connections
> Date: Mon, 26 Oct 2015 11:17:45 +0000
>
> Hi Patrick,
>
> ACS VR is using the openswan ipsec for vpn.
> Only one VPN client connection is supported by openswan when multiple clients are trying to connect to same public of the VR. This is the limitation from the openswan ipsec.
>
> Thanks,
> Jayapal
>
>
> > On 26-Oct-2015, at 4:33 pm, Patrick W. <wa...@hotmail.com> wrote:
> >
> > Hi All,
> >
> >
> >
> >
> >
> > I’d like to get some of your feedback about the operation of
> > the VPN feature of ACS Virtual Routers. The main problem encountered is the
> > fact that only one single L2TP/IPSec connection can be established at a time,
> > from the same physical location, behind the same gateway / router / NAT device
> > / single public IP. Two or more clients can establish connections if they’re
> > not in the same location and behind the same restrictions listed above.
> >
> > As this has been observed on multiple locations, with
> > various network topologies, setup and hardware, before digging into the network
> > configuration and options, I wanted to ensure it’s not a limitation coming from
> > the ACS VR itself.
> >
> >
> >
> >
> >
> > Has anyone experienced or bypassed the same constraint?
> >
> >
> >
> >
> >
> > Thanks in advance
> >
> > patrick
>
Re: ACS Virtual Routers VPN multiple connections
Posted by Jayapal Reddy Uradi <ja...@citrix.com>.
Hi Patrick,
ACS VR is using the openswan ipsec for vpn.
Only one VPN client connection is supported by openswan when multiple clients are trying to connect to same public of the VR. This is the limitation from the openswan ipsec.
Thanks,
Jayapal
> On 26-Oct-2015, at 4:33 pm, Patrick W. <wa...@hotmail.com> wrote:
>
> Hi All,
>
>
>
>
>
> I’d like to get some of your feedback about the operation of
> the VPN feature of ACS Virtual Routers. The main problem encountered is the
> fact that only one single L2TP/IPSec connection can be established at a time,
> from the same physical location, behind the same gateway / router / NAT device
> / single public IP. Two or more clients can establish connections if they’re
> not in the same location and behind the same restrictions listed above.
>
> As this has been observed on multiple locations, with
> various network topologies, setup and hardware, before digging into the network
> configuration and options, I wanted to ensure it’s not a limitation coming from
> the ACS VR itself.
>
>
>
>
>
> Has anyone experienced or bypassed the same constraint?
>
>
>
>
>
> Thanks in advance
>
> patrick