(cloudstack-documentation) branch main updated: Update remote_access_vpn.rst (#514)

Thu, 28 Aug 2025 01:53:39 -0700 

This is an automated email from the ASF dual-hosted git repository.

sureshanaparti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git


The following commit(s) were added to refs/heads/main by this push:
     new 924fb172 Update remote_access_vpn.rst (#514)
924fb172 is described below

commit 924fb172a76b06d770a494a1df5db70d5888394e
Author: Boris Stoyanov - a.k.a Bobby <[email protected]>
AuthorDate: Thu Aug 28 11:52:06 2025 +0300

    Update remote_access_vpn.rst (#514)
---
 source/adminguide/networking/remote_access_vpn.rst | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/source/adminguide/networking/remote_access_vpn.rst 
b/source/adminguide/networking/remote_access_vpn.rst
index ffa45823..e87c399a 100644
--- a/source/adminguide/networking/remote_access_vpn.rst
+++ b/source/adminguide/networking/remote_access_vpn.rst
@@ -156,4 +156,19 @@ Now, you need to add the VPN users.
 
 #. Click Add.
 
-#. Repeat the same steps to add the VPN users.
\ No newline at end of file
+#. Repeat the same steps to add the VPN users.
+
+Limitations of Remote Access VPN
+--------------------------------
+
+CloudStack's Remote Access VPN feature (L2TP over IPsec with pre-shared key) 
is subject to certain limitations:
+
+- **Single connection per source IP/CIDR:**  
+  Due to the use of StrongSwan in the virtual router implementation, 
CloudStack does not support multiple simultaneous VPN connections originating 
from the same source public IP or NAT'ed subnet.  
+  This means that if multiple users are behind the same NAT (e.g., office 
network or shared IP), only one of them can connect at a time. Additional 
connection attempts will fail until the first session is disconnected.
+
+- **No support for overlapping subnets by the VPN:**  
+  Remote Access VPN does not provide NAT traversal or address translation 
features to handle overlapping subnets between the client and the VPC.
+
+**Recommendation:**  
+If your environment requires multiple concurrent VPN connections from the same 
location (NAT or IP), consider deploying a dedicated VPN appliance (e.g., 
OpenVPN or pfSense) inside the VPC to support advanced use cases.

Reply via email to