I am trying to find a way to remove this explicit down and still be able to keep the VPN connection up.
https://github.com/apache/cloudstack/blob/master/systemvm/patches/debian/config/opt/cloud/bin/configure.py#L638 On Mon, Apr 24, 2017 at 1:41 PM, Will Stevens <williamstev...@gmail.com> wrote: > @remi yes, I think you are right that we should change that for the > site2site config. I will check that after. > > The issue referred to in this thread is in reference to the remote access > VPN dropping when other networking is configured. > > In this case it is not a mystery why it is going down since we actually > call a down on it when it gets reconfigured. I have been trying to get it > to handle network config changes without taking down the VPN. > > I have obviously removed the explicit down and am trying to find a working > configuration, but when xl2tpd is stopped, it goes down hard and when it > comes back up it can't find the same tunnel, so the tunnel is dropped. > > I will review your config to see how you are handling this. > > Thanks for the support. > > On Apr 24, 2017 1:02 PM, "Remi Bergsma" <rberg...@schubergphilis.com> > wrote: > >> Hi all, >> >> While I haven’t investigated this issue, it does sound similar to what I >> fixed in Cosmic (our fork) last month. >> >> This code does a down/up of the VPN connection: >> https://github.com/apache/cloudstack/blob/master/systemvm/ >> patches/debian/config/opt/cloud/bin/configure.py#L547-L548 >> >> We found that to be impacting. Since we have auto=start in the config >> file already, we only have to reload the config and ipsec will take care of >> the rest on its own. Fast & easy! Most of all, no more unneeded restarts. >> >> Simply put: just remove the stop/start lines as it is not needed. >> The code is also hit when non-VPN changes are made, so that’s probably >> why people report that another change causes it to disconnect. >> >> This is how we fixed it: >> https://github.com/MissionCriticalCloud/cosmic/pull/339/ >> commits/5ee5e70894a321f4d633c836e0bacef481b2b9af >> >> Hope this gives some inspiration and a possible solution. >> >> Regards, Remi >> >> >> >> On 24/04/2017, 17:50, "williamstev...@gmail.com on behalf of Will >> Stevens" <williamstev...@gmail.com on behalf of wstev...@cloudops.com> >> wrote: >> >> Working on it now, I will let you know when I have a fix. >> >> *Will STEVENS* >> Lead Developer >> >> <https://goo.gl/NYZ8KK> >> >> On Mon, Apr 24, 2017 at 11:34 AM, Haijiao <18602198...@163.com> >> wrote: >> >> > Hi Will >> > >> > Any progress about this issue ? >> > >> > tks >> > >> > >> > Sent from my mobile >> > >> > --------- 转发的邮件 --------- >> > 发件人: Haijiao <18602198...@163.com> >> > 发送日期: 2017年04月14日 23:21 >> > 收件人: dev <dev@cloudstack.apache.org> >> > 抄送人: >> > 主题: Re:Re: [4.10] VPN disconnected while network changes taken >> > Sure, Karuturi >> > >> > Logged a bug in Jira, thanks! >> > >> > CLOUDSTACK-9878 Remote Access VPN that losing connection when new >> network >> > configs are introduced >> > https://issues.apache.org/jira/browse/CLOUDSTACK-9878 >> > >> > >> > >> > 在2017年04月14 13时14分, "Rajani Karuturi"<raj...@apache.org>写道: >> > >> > >> > Hi Haijiao, >> > >> > Thanks for testing. Can you log a bug for this please? It can be >> > a blocker for 4.10. >> > >> > @Will, >> > >> > Did you get a chance to take a look at this issue? >> > >> > Thanks, >> > >> > ~ Rajani >> > >> > http://cloudplatform.accelerite.com/ >> > >> > On April 12, 2017 at 7:12 AM, Will Stevens >> > (wstev...@cloudops.com) wrote: >> > >> > Thanks, I will have a look. >> > >> > *Will STEVENS* >> > Lead Developer >> > >> > <https://goo.gl/NYZ8KK> >> > >> > On Tue, Apr 11, 2017 at 8:58 PM, Haijiao <18602198...@163.com> >> > wrote: >> > >> > HI, Will >> > It's a Remote Access VPN that losing connection while new >> > network configs >> > introduced. >> > Thanks ! >> > >> > 在2017年04月12 02时26分, "Will Stevens"<wstev...@cloudops.com>写道: >> > >> > Is this a Site-to-Site VPN connection or the Remote Access VPN >> > that is >> > losing connection when new network configs are introduced? >> > >> > Thanks, >> > >> > *Will STEVENS* >> > Lead Developer >> > >> > <https://goo.gl/NYZ8KK> >> > >> > On Sat, Apr 8, 2017 at 12:49 AM, Haijiao <18602198...@163.com> >> > wrote: >> > >> > Hi, >> > >> > We built and tested the ACS 4.10 from the latest master (Apr.7, >> > 2017) >> > >> > Our environment is, >> > - ACS: 4.10.0.0-SNAPSHOT >> > - Management Server: Centos7.2 1151 >> > - Host: Centos7.2 1151 >> > - System VM: systemvm64template-master-4.10.0-kvm.qcow2.bz2 >> > - Network: Isolated Network >> > - Network Offering: Offering for Isolated networks with Source >> > Nat >> > >> > service >> > >> > enabled >> > >> > We can successfully setup VPN and it works as expected. However, >> > once >> > >> > we >> > >> > take any network changes below, the VPN connnection will be >> > immediately >> > disconnected. >> > >> > - Update firewall rules (add/change) >> > - Update port fowarding >> > - Update LB >> > - Add one more VPN account >> > >> > Is there some configuration we missed ? Or it's due to the new >> > VPN >> > component (StrongSWAN) introcuced in 4.10 ? >> > >> > >> > >> > >> > >> > >> > >> >> >> >> >>
