Github user swill commented on the issue: https://github.com/apache/cloudstack/pull/1741 @murali-reddy I have tested with Isolated Guest Networks. The problem that we experienced with the SourceNAT IP not being primary on the public nic if more than one public IP exists does not exist for Isolated Guest Networks. I have tested my change to the `cs_ip.py` file with Isolated Guest Networks and it does not change the functionality and still works in that case. That `cs_ip.py` change is looking good so far in our testing. We are currently going through the `l2tp.conf` and `ipsec.conf` files and removing everything that is now deprecated for StrongSwan 5.x so the configuration is cleaner and does not include old legacy options that are not required anymore. I am also going to see if I can upgrade the IKE policy to IKEv2 instead of IKEv1 for Remote Access VPN since it provides better security. I am also looking to see if I can change the hashing algorithm from `sha1` to something like `sha256` for Remote Access VPN, also to improve security. I will not be able to make these change for S2S VPN initially because the configuration fields are different enough between IKEv1 and IKEv2 in that case that I would have to go through and modify a lot more code. That will have to wait for phase two of this implementation. We are continuing to test and improve the implementation, but it is looking pretty good so far.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---