You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2022/11/22 20:19:45 UTC

[GitHub] [cloudstack] GutoVeronezi commented on pull request #6907: Fix C2S VPN in parallel to S2S VPN

GutoVeronezi commented on PR #6907:
URL: https://github.com/apache/cloudstack/pull/6907#issuecomment-1324194754

   @weizhouapache, yes, I have tested reverting #5375, and it works as well. The problem was that, by removing `%any` and enabling S2S, the request would be redirected to the final peer because the source (`right`) was not being handled by the VPN C2S. Removing the destination (`left`) makes the C2S handle the connection with the PSK, independent of the source.
   
   Since only a single VPN C2S is configured for each network/VPC, I do not see how it could be a security issue.
   
   ---
   
   @rohityadavcloud, and @weizhouapache, since the user's problem (https://github.com/apache/cloudstack/issues/4281#issue-684586236) was observed in `4.14.0`, with another version of StrongSwan, and I could not reproduce it, the change was made in order to honor their comment. However, if we can confirm that it was only a problem with the StrongSwan version and #5375 change was not necessary, I think we could revert #5375.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org