Is this a bug when creating VPN failed because UDP ports conflicts

[Yitao Jiang <wi...@gmail.com>]

Hi, stackers

    I just found that if the the firewall of sourced nat ip of Isolated
network has opened UDP port such as 1-65535 range , the create vpn command
will faile, because the system will

reopen the udp port of 500, 1701, 4500 which are conflicts with origin port
range.Response as below

[{"createremoteaccessvpnresponse":{"errortext":"The range specified,
500-500, conflicts with rule 84 which has
1-65535","cserrorcode":9999,"errorcode":537,"uuidList":[]}}]

So is this a bug ?Or we should ommit the conflict of UDP ports and continue
to creating VPN , Is that right

Any thoughts?

​BYW, i am working on cloudstack 4.2.1 build from source​

Thanks,

Yitao

Re: Is this a bug when creating VPN failed because UDP ports conflicts

[Jayapal Reddy Uradi <ja...@citrix.com>]

HI Yitao,

If you want to enable vpn on the ip, omit the udp 500,1701 and 4500 ports on public ip firewall rule and configure
the vpn.

You can file bug this, for the vpn enable ip cloudstack should ignore vpn ports for firewall rule ports conflict.

Thanks,
Jayapal

On 21-Apr-2014, at 3:25 PM, Yitao Jiang <wi...@gmail.com> wrote:

> Hi, stackers
> 
>    I just found that if the the firewall of sourced nat ip of Isolated
> network has opened UDP port such as 1-65535 range , the create vpn command
> will faile, because the system will
> 
> reopen the udp port of 500, 1701, 4500 which are conflicts with origin port
> range.Response as below
> 
> [{"createremoteaccessvpnresponse":{"errortext":"The range specified,
> 500-500, conflicts with rule 84 which has
> 1-65535","cserrorcode":9999,"errorcode":537,"uuidList":[]}}]
> 
> So is this a bug ?Or we should ommit the conflict of UDP ports and continue
> to creating VPN , Is that right
> 
> Any thoughts?
> 
> ​BYW, i am working on cloudstack 4.2.1 build from source​
> 
> Thanks,
> 
> Yitao