weizhouapache commented on PR #6907: URL: https://github.com/apache/cloudstack/pull/6907#issuecomment-1324232179
> @weizhouapache, yes, I have tested reverting #5375, and it works as well. The problem was that, by removing `%any` and enabling S2S, the request would be redirected to the final peer because the source (`right`) was not being handled by the VPN C2S. Removing the destination (`left`) makes the C2S handle the connection with the PSK, independent of the source. > > Since only a single VPN C2S is configured for each network/VPC, I do not see how it could be a security issue. > > @rohityadavcloud, and @weizhouapache, since the user's problem ([#4281 (comment)](https://github.com/apache/cloudstack/issues/4281#issue-684586236)) was observed in `4.14.0`, with another version of StrongSwan, and I could not reproduce it, the change was made in order to honor their comment. However, if we can confirm that it was only a problem with the StrongSwan version and #5375 change was not necessary, I think we could revert #5375. @GutoVeronezi Thanks for your explanation. I am ok with this pr or reverting #5375. We need to make sure both #6907 and #4281 are fixed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
