You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Tomasz Zieba (JIRA)" <ji...@apache.org> on 2014/06/03 17:17:01 UTC
[jira] [Created] (CLOUDSTACK-6836) problem with VPN Site2Site -
multinets
Tomasz Zieba created CLOUDSTACK-6836:
----------------------------------------
Summary: problem with VPN Site2Site - multinets
Key: CLOUDSTACK-6836
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6836
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: SystemVM
Affects Versions: 4.2.1, 4.3.0
Environment: ACS 4.2.1, ACS4.3
Reporter: Tomasz Zieba
There is a typo in /opt/cloud/bin/ipsectunnel.sh script on virtual router.
When using multiple nets (CIDR list) in VPN connection, ipsectunnel.sh script create line as follows:
rightsubnets={192.168.6.0/24 10.13.1.0/24}
but this line should be:
rightsubnets={192.168.6.0/24,10.13.1.0/24}
Please change /opt/cloud/bin/ipsectunnel.sh, for example as follows:
add:
rightnets=${rightnets// /,}
befor lines:
sudo echo "conn vpn-$rightpeer" > $vpnconffile &&
sudo echo " left=$leftpeer" >> $vpnconffile &&
sudo echo " leftsubnet=$leftnet" >> $vpnconffile &&
sudo echo " leftnexthop=$leftgw" >> $vpnconffile &&
sudo echo " right=$rightpeer" >> $vpnconffile &&
sudo echo " rightsubnets={$rightnets}" >> $vpnconffile &&
sudo echo " type=tunnel" >> $vpnconffile &&
sudo echo " authby=secret" >> $vpnconffile &&
sudo echo " keyexchange=ike" >> $vpnconffile &&
sudo echo " ike=$ikepolicy" >> $vpnconffile &&
sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile &&
sudo echo " esp=$esppolicy" >> $vpnconffile &&
sudo echo " salifetime=${esplifetime}s" >> $vpnconffile &&
sudo echo " pfs=$pfs" >> $vpnconffile &&
sudo echo " keyingtries=2" >> $vpnconffile &&
sudo echo " auto=add" >> $vpnconffile &&
sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile &&
sudo chmod 0400 $vpnsecretsfile
--
This message was sent by Atlassian JIRA
(v6.2#6252)