Updated Branches: refs/heads/master 0fb2014d1 -> 4db232762
CLOUDSTACK-4565 review comments on VPN Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/4db23276 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/4db23276 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/4db23276 Branch: refs/heads/master Commit: 4db232762c290955889cad9bd8951179902048e6 Parents: 0fb2014 Author: radhikap <[email protected]> Authored: Thu Sep 5 11:43:36 2013 +0530 Committer: radhikap <[email protected]> Committed: Thu Sep 5 11:43:36 2013 +0530 ---------------------------------------------------------------------- docs/en-US/configure-vpn.xml | 2 +- docs/en-US/using-vpn-with-mac.xml | 2 +- docs/en-US/using-vpn-with-windows.xml | 2 +- docs/en-US/vpn.xml | 57 +++++++++++++++++++----------- 4 files changed, 40 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4db23276/docs/en-US/configure-vpn.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/configure-vpn.xml b/docs/en-US/configure-vpn.xml index 5d25620..f389f30 100644 --- a/docs/en-US/configure-vpn.xml +++ b/docs/en-US/configure-vpn.xml @@ -22,7 +22,7 @@ under the License. --> <section id="configure-vpn"> - <title>Configuring VPN</title> + <title>Configuring Remote Access VPN</title> <para>To set up VPN for the cloud:</para> <orderedlist> <listitem><para>Log in to the &PRODUCT; UI as an administrator or end user. </para></listitem> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4db23276/docs/en-US/using-vpn-with-mac.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/using-vpn-with-mac.xml b/docs/en-US/using-vpn-with-mac.xml index a41dcab..7696824 100644 --- a/docs/en-US/using-vpn-with-mac.xml +++ b/docs/en-US/using-vpn-with-mac.xml @@ -23,7 +23,7 @@ --> <section id="using-vpn-with-mac"> - <title>Using VPN with Mac OS X</title> + <title>Using Remote Access VPN with Mac OS X</title> <para>First, be sure you've configured the VPN settings in your &PRODUCT; install. This section is only concerned with connecting via Mac OS X to your VPN.</para> <para>Note, these instructions were written on Mac OS X 10.7.5. They may differ slightly in older or newer releases of Mac OS X.</para> <orderedlist> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4db23276/docs/en-US/using-vpn-with-windows.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/using-vpn-with-windows.xml b/docs/en-US/using-vpn-with-windows.xml index c5d95dd..82e556c 100644 --- a/docs/en-US/using-vpn-with-windows.xml +++ b/docs/en-US/using-vpn-with-windows.xml @@ -23,7 +23,7 @@ --> <section id="using-vpn-with-windows"> - <title>Using VPN with Windows</title> + <title>Using Remote Access VPN with Windows</title> <para>The procedure to use VPN varies by Windows version. Generally, the user must edit the VPN properties and make sure that the default route is not the VPN. The following steps are for Windows L2TP clients on Windows Vista. The commands should be similar for other Windows versions.</para> <orderedlist> <listitem id="source-nat"><para>Log in to the &PRODUCT; UI and click on the source NAT IP for the account. The VPN tab should display the IPsec preshared key. Make a note of this and the source NAT IP. The UI also lists one or more users and their passwords. Choose one of these users, or, if none exists, add a user and password.</para></listitem> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4db23276/docs/en-US/vpn.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/vpn.xml b/docs/en-US/vpn.xml index ccb3e86..1f8098c 100644 --- a/docs/en-US/vpn.xml +++ b/docs/en-US/vpn.xml @@ -22,24 +22,41 @@ under the License. --> <section id="vpn"> - <title>VPN</title> - <para>&PRODUCT; account owners can create virtual private networks (VPN) to access their virtual machines. If the guest network is instantiated from a network offering that offers the Remote Access VPN service, the virtual router (based on the System VM) is used to provide the service. &PRODUCT; provides a L2TP-over-IPsec-based remote access VPN service to guest virtual networks. Since each network gets its own virtual router, VPNs are not shared across the networks. VPN clients native to Windows, Mac OS X and iOS can be used to connect to the guest networks. The account owner can create and manage users for their VPN. &PRODUCT; does not use its account database for this purpose but uses a separate table. The VPN user database is shared across all the VPNs created by the account owner. All VPN users get access to all VPNs created by the account owner.</para> - <note><para>Make sure that not all traffic goes through the VPN. That is, the route installed by the VPN should be only for the guest network and not for all traffic.</para></note> - <para></para> - <itemizedlist> - <listitem><para><emphasis role="bold">Road Warrior / Remote Access</emphasis>. Users want to be able to - connect securely from a home or office to a private network in the cloud. Typically, - the IP address of the connecting client is dynamic and cannot be preconfigured on - the VPN server.</para></listitem> - <listitem><para><emphasis role="bold">Site to Site</emphasis>. In this scenario, two private subnets are - connected over the public Internet with a secure VPN tunnel. The cloud userâs subnet - (for example, an office network) is connected through a gateway to the network in - the cloud. The address of the userâs gateway must be preconfigured on the VPN server - in the cloud. Note that although L2TP-over-IPsec can be used to set up Site-to-Site - VPNs, this is not the primary intent of this feature. For more information, see <xref linkend="site-to-site-vpn"/></para></listitem> - </itemizedlist> - <xi:include href="configure-vpn.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="using-vpn-with-windows.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="using-vpn-with-mac.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="site-to-site-vpn.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> + <title>Remote Access VPN</title> + <para>&PRODUCT; account owners can create virtual private networks (VPN) to access their virtual + machines. If the guest network is instantiated from a network offering that offers the Remote + Access VPN service, the virtual router (based on the System VM) is used to provide the service. + &PRODUCT; provides a L2TP-over-IPsec-based remote access VPN service to guest virtual networks. + Since each network gets its own virtual router, VPNs are not shared across the networks. VPN + clients native to Windows, Mac OS X and iOS can be used to connect to the guest networks. The + account owner can create and manage users for their VPN. &PRODUCT; does not use its account + database for this purpose but uses a separate table. The VPN user database is shared across all + the VPNs created by the account owner. All VPN users get access to all VPNs created by the + account owner.</para> + <note> + <para>Make sure that not all traffic goes through the VPN. That is, the route installed by the + VPN should be only for the guest network and not for all traffic.</para> + </note> + <para/> + <itemizedlist> + <listitem> + <para><emphasis role="bold">Road Warrior / Remote Access</emphasis>. Users want to be able to + connect securely from a home or office to a private network in the cloud. Typically, the IP + address of the connecting client is dynamic and cannot be preconfigured on the VPN + server.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Site to Site</emphasis>. In this scenario, two private subnets are + connected over the public Internet with a secure VPN tunnel. The cloud userâs subnet (for + example, an office network) is connected through a gateway to the network in the cloud. The + address of the userâs gateway must be preconfigured on the VPN server in the cloud. Note + that although L2TP-over-IPsec can be used to set up Site-to-Site VPNs, this is not the + primary intent of this feature. For more information, see <xref linkend="site-to-site-vpn" + /></para> + </listitem> + </itemizedlist> + <xi:include href="configure-vpn.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="using-vpn-with-windows.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="using-vpn-with-mac.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="site-to-site-vpn.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> </section>
