[
https://issues.apache.org/jira/browse/CLOUDSTACK-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13556451#comment-13556451
]
Marcus Sorensen commented on CLOUDSTACK-938:
--------------------------------------------
Someone could try pulling commit b77503b5bd001d1038bb4cd79c04db7ca993e94e into
a local 4.0 branch and testing if they've already got an environment set up to
do so. I'll try to figure one out in the mean time but I may not get to it
right away. That commit only changes ipsectunnel to ipsectunnel.sh.
As far as the rp_filter, it looks a bit hairy. The script that sets up the
rp_filter is simple, it just says that anything that is not eth0 or eth1 is a
public interface, which is flawed. The reason why it looks like it does in
Abihnav's test is that the VPC router only starts with eth0 and eth1, then adds
a nic for each isolated network afterward, so no rp_filter is set on anything,
because there is no interface on boot that is not an eth0 or eth1. The regular
isolated router, however, starts up with eth0,1,and 2, being isolated, command,
and public.
I don't think the rp_filter issue is causing any immediate problems we have
seen thus far, but it does need to be adjusted for VPC routers. This isn't KVM
specific. It's in cloud_early_config on the system vm.
> s2s VPN trouble
> ---------------
>
> Key: CLOUDSTACK-938
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-938
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Network Controller
> Affects Versions: 4.0.0, 4.0.1
> Environment: CentOS 6.3 x86_64
> CS - 4.0.1-0.11
> Reporter: Richard Shevel
> Fix For: 4.0.2, 4.1.0
>
> Attachments: after_restart_VPC.zip, auth.log, catalina.zip,
> management-server_afer_upgrade2.zip, management-server_after_upgrade.zip,
> management-server.zip, messages, r-292-vm_log.tar.gz
>
>
> Dear colleagues, the problem is clearly a bug:
> I created a VPC
> Further, in my VPN Customer Gateway to the settings
> Gateway 217.70.20.213
> CIDR list 192.168.10.0/24
> IPsec Preshared-Key blablablablablabla
> IKE Encryption 3des
> IKE Hash md5
> IKE DH None
> ESP Encryption 3des
> ESP Hash md5
> Perfect Forward Secrecy None
> IKE lifetime (second) 86 400
> ESP Lifetime (second) 28 800
> Dead Peer Detection Yes
> In the setting of VPC I create VPN Gateway
> When creating a VPN Connection get the error:
> Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply
> site-to-site VPN
> catalina.out:
> WARN [cloud.api.ApiDispatcher] (Job-Executor-11:job-463) class
> com.cloud.api.ServerApiException : Resource [Site2SiteVpnConnection:15] is
> unreachable: Failed to apply site-to-site VPN
> WARN [cloud.async.AsyncJobManagerImpl] (Job-Executor-11:job-463) Unable to
> unregister active job 463 from JMX monitoring
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> management-server.log:
> 2013-01-09 21:27:54,587 DEBUG [agent.manager.AgentManagerImpl]
> (AgentManager-Handler-4:null) Ping from 5
> 2013-01-09 21:27:54,623 DEBUG [agent.manager.AgentManagerImpl]
> (AgentManager-Handler-2:null) Ping from 3
> 2013-01-09 21:28:17,546 DEBUG [storage.secondary.SecondaryStorageManagerImpl]
> (secstorage-1:null) Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:17,656 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl]
> (consoleproxy-1:null) Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:18,306 DEBUG
> [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:null) Found 3 routers.
> 2013-01-09 21:28:18,316 DEBUG [agent.transport.Request]
> (RouterStatusMonitor-1:null) Seq 5-223284290: Sending { Cmd , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 100111,
> [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
> }
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request]
> (AgentManager-Handler-3:null) Seq 5-223284290: Processing: { Ans: , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 110,
> [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
> failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentAttache]
> (AgentManager-Handler-3:null) Seq 5-223284290: No more commands found
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request]
> (RouterStatusMonitor-1:null) Seq 5-223284290: Received: { Ans: , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentManagerImpl]
> (RouterStatusMonitor-1:null) Details from executing class
> com.cloud.agent.api.CheckS2SVpnConnectionsCommand:
> CheckS2SVpnConneciontsCommand failed
> 2013-01-09 21:28:18,458 WARN
> [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VPN
> connection status
> 2013-01-09 21:28:43,063 DEBUG [cloud.server.StatsCollector]
> (StatsCollector-2:null) StorageCollector is running...
> 2013-01-09 21:28:43,117 DEBUG [agent.transport.Request]
> (StatsCollector-2:null) Seq 17-292881626: Received: { Ans: , MgmtId:
> 52239887788, via: 17, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2013-01-09 21:28:45,185 DEBUG [agent.transport.Request]
> (StatsCollector-2:null) Seq 3-1166872144: Received: { Ans: , MgmtId:
> 52239887788, via: 3, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2013-01-09 21:28:47,545 DEBUG [storage.secondary.SecondaryStorageManagerImpl]
> (secstorage-1:null) Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:47,655 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl]
> (consoleproxy-1:null) Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:48,305 DEBUG
> [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:null) Found 3 routers.
> 2013-01-09 21:28:48,328 DEBUG [agent.transport.Request]
> (RouterStatusMonitor-1:null) Seq 5-223284291: Sending { Cmd , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 100111,
> [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
> }
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request]
> (AgentManager-Handler-9:null) Seq 5-223284291: Processing: { Ans: , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 110,
> [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
> failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentAttache]
> (AgentManager-Handler-9:null) Seq 5-223284291: No more commands found
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request]
> (RouterStatusMonitor-1:null) Seq 5-223284291: Received: { Ans: , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentManagerImpl]
> (RouterStatusMonitor-1:null) Details from executing class
> com.cloud.agent.api.CheckS2SVpnConnectionsCommand:
> CheckS2SVpnConneciontsCommand failed
> 2013-01-09 21:28:48,430 WARN
> [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VPN
> connection status
> 2013-01-09 21:28:49,298 DEBUG [agent.manager.AgentManagerImpl]
> (AgentManager-Handler-7:null) Ping from 11
> 2013-01-09 21:28:49,299 DEBUG [agent.manager.AgentManagerImpl]
> (AgentManager-Handler-6:null) Ping from 17
> 2013-01-09 21:28:51,594 DEBUG [cloud.server.StatsCollector]
> (StatsCollector-3:null) HostStatsCollector is running...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
