Hi Ian, I've implemented the S2S vpn, but at this memory I am focus on 4.2 release, so I am afraid I don't have much time for new feature.
But you can file a Jira ticket anyway, and probably somebody interested in it in the community would take it. Java is not hard. :) Please make sure you would elaborate the feature in the ticket, e.g. how to setup the remote-side with the new feature, then we would know how to test it. And one question, would <left-side ID> be used across all the S2S VPN connections which issued by one user? I know <right-side ID> should be a property of VPN customer gateway, but not sure about <left-side ID>. --Sheng On Tue, Jul 16, 2013 at 2:31 PM, Ian Service <[email protected]> wrote: > After working with a few different hardware VPN gateways in a few different > configurations I've found there's a relatively simple component missing to > allow us to easily support those other configurations. I've been able to > get the networks to connect with some modifications in the VPC router VM, > but it would be great if they would work within CloudStack's interface so > that > > The current /opt/cloud/bin/ipsectunnel.sh script includes the following > options: > > Usage: ipsectunnel.sh: (-A|-D) -l <left-side vpn peer> -n <left-side guest > cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side > private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime> -T <esp > lifetime> -s <pre-shared secret> -d <dpd 0 or 1> > > I can modify it to include -L <left-side ID> and -R <right-side ID> which > would add leftid=@<left-side ID> and rightid=@<right-side ID> to > /etc/ipsec.d/ipsec.vpn-<right-side vpn peer>.conf > > and @<left-side ID> @<right-side ID>: PSK "<pre-shared secret>" to > /etc/ipsec.d/ipsec.vpn-<right-side vpn peer>.secrets > > But, I'm not a Java dev so I'd need someone to help add the fields to the > web interface and I'd need someone with experience to properly update the > schema to add the new fields to the database. > > Any interest? > > Thanks, > > - Ian >
