Github user swill commented on the issue:
https://github.com/apache/cloudstack/pull/1741
@murali-reddy I have tested with Isolated Guest Networks. The problem that
we experienced with the SourceNAT IP not being primary on the public nic if
more than one public IP exists does not exist for Isolated Guest Networks. I
have tested my change to the `cs_ip.py` file with Isolated Guest Networks and
it does not change the functionality and still works in that case. That
`cs_ip.py` change is looking good so far in our testing.
We are currently going through the `l2tp.conf` and `ipsec.conf` files and
removing everything that is now deprecated for StrongSwan 5.x so the
configuration is cleaner and does not include old legacy options that are not
required anymore.
I am also going to see if I can upgrade the IKE policy to IKEv2 instead of
IKEv1 for Remote Access VPN since it provides better security. I am also
looking to see if I can change the hashing algorithm from `sha1` to something
like `sha256` for Remote Access VPN, also to improve security.
I will not be able to make these change for S2S VPN initially because the
configuration fields are different enough between IKEv1 and IKEv2 in that case
that I would have to go through and modify a lot more code. That will have to
wait for phase two of this implementation.
We are continuing to test and improve the implementation, but it is looking
pretty good so far.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
