Hi Group First, sorry that I wasn't able to use the mailto-link for the reply. It somehow did not work....
After Upgrading from 4.9 to 4.11 we are seeing two issues with vRouter systemVMs: 1) Memory Consumption on vSphere vRouter are starting to swap with low memory available, this also starts happening after increasing memory size to 512m. Interestingly, there's no process nor cache using the memory as far as "top", "ps", or other tools report. 2) Site-2-Site VPN a) After a restart of the VPC (vRouter rebuild) VPN Tunnels are not configured on vRouter. This has to be triggered manually with a call to resetVpnConnection API. b) StrongSwan configuration does not work well with Cisco endpoints, I've found following inputs: - multiple "rightsubnet=" entries are not supported with ikev1 [1], so multiple conns should be configured instead - multiple subnets are supported with ikev2, but not with Cisco endpoints, use multiple conns as well [2] For me it is unclear, what script should be modified for above issues, one of those look promising: https://github.com/apache/cloudstack/blob/master/systemvm/debian/opt/cloud/bin/ipsectunnel.sh https://github.com/apache/cloudstack/blob/master/systemvm/debian/opt/cloud/bin/configure.py Regards, Sam [1] https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection#leftright-End-Parameters [2] https://serverfault.com/questions/904028/strongswan-to-cisco-asa-with-multiple-right-subnet
smime.p7s
Description: S/MIME cryptographic signature