HI Yitao,
If you want to enable vpn on the ip, omit the udp 500,1701 and 4500 ports on
public ip firewall rule and configure
the vpn.
You can file bug this, for the vpn enable ip cloudstack should ignore vpn ports
for firewall rule ports conflict.
Thanks,
Jayapal
On 21-Apr-2014, at 3:25 PM, Yitao Jiang <willier...@gmail.com> wrote:
> Hi, stackers
>
> I just found that if the the firewall of sourced nat ip of Isolated
> network has opened UDP port such as 1-65535 range , the create vpn command
> will faile, because the system will
>
> reopen the udp port of 500, 1701, 4500 which are conflicts with origin port
> range.Response as below
>
> [{"createremoteaccessvpnresponse":{"errortext":"The range specified,
> 500-500, conflicts with rule 84 which has
> 1-65535","cserrorcode":9999,"errorcode":537,"uuidList":[]}}]
>
> So is this a bug ?Or we should ommit the conflict of UDP ports and continue
> to creating VPN , Is that right
>
> Any thoughts?
>
> BYW, i am working on cloudstack 4.2.1 build from source
>
> Thanks,
>
> Yitao
