Github user swill commented on the issue:
https://github.com/apache/cloudstack/pull/872
I wrote a small testing setup which allows me to automate the build up and
tear down different configurations in test environment.
Here are the results so far of my branch (hopefully soon to be merged with
this PR, or I will open my own PR with it).
I am testing this functionality by creating two VPCs with VMs in them and
creating a S2S VPN connection between the two VPCs. Then I SSH into a VM in
one VPC and I ping the private IP of a VM in the other VPC. Then I tear it
down and try a different configuration.
**Setup**
```
VPC 1 VPC 2
===== =====
VPN Gateway VPN Gateway
VPN Customer Gateway VPN Customer Gateway
VPN Connection <---> VPN Connection
- Passive = True - Passive = False
```
**Legend**
`SKIP` => At least one of the VPN Connections did not come up, so no test
was run.
`OK` => The ping test was successful over the S2S VPN connection.
`FAIL` => The ping test failed over the S2S VPN connection.
The following finished before my VPN connection failed. From these results
it is fair to say that the Diffie-Hellman group is required for this S2S VPN
implementation so far.
**Results**
```
+----------+-------------------------+-------------------------+----------+----------+
| Status | IKE | ESP | DPD |
Encap |
+==========+=========================+=========================+==========+==========+
| SKIP | 3des-md5 | 3des-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | 3des-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | 3des-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | 3des-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | 3des-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | 3des-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | 3des-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | 3des-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | 3des-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | 3des-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | 3des-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | 3des-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | 3des-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | 3des-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | 3des-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | 3des-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | 3des-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | 3des-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | 3des-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | 3des-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | 3des-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | 3des-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | 3des-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | 3des-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | 3des-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | 3des-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | 3des-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | 3des-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | 3des-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | 3des-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | 3des-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | 3des-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | 3des-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | 3des-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | 3des-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | 3des-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes128-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes128-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes128-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes128-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes128-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes128-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes128-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes128-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes128-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes128-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes128-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes128-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes128-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes128-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes128-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes128-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes128-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes128-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes128-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes128-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes128-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes128-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes128-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes128-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes128-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes128-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes128-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes128-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes128-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes128-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes128-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes128-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes128-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes128-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes128-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes128-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes192-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes192-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes192-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes192-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes192-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes192-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes192-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes192-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes192-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes192-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes192-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes192-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes192-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes192-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes192-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes192-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes192-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes192-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes192-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes192-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes192-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes192-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes192-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes192-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes192-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes192-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes192-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes192-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes192-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes192-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes192-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes192-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes192-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes192-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes192-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes192-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes256-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes256-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes256-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes256-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes256-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes256-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes256-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes256-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes256-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes256-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes256-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-md5 | aes256-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes256-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes256-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1024 | aes256-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes256-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes256-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-md5;modp1536 | aes256-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes256-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes256-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes256-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes256-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes256-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes256-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes256-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes256-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes256-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes256-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes256-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | 3des-sha1 | aes256-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes256-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes256-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1024 | aes256-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes256-sha1 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes256-sha1;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | 3des-sha1;modp1536 | aes256-sha1;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | aes128-md5 | 3des-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | aes128-md5 | 3des-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| SKIP | aes128-md5 | 3des-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | aes128-md5;modp1024 | 3des-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | aes128-md5;modp1024 | 3des-md5;modp1024 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | aes128-md5;modp1024 | 3des-md5;modp1536 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
| OK | aes128-md5;modp1536 | 3des-md5 | True |
False |
+----------+-------------------------+-------------------------+----------+----------+
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
