Hi Samuel,
Thanks for your email. I've opened this ticket for your first issue: https://github.com/apache/cloudstack/issues/3039 Please follow René's advice to (a) try increase the VR memory and see if it helps, (b) have a script for reducing memory over time. We'll also work with the systemd project to see if they can fix and backport this for Debian 9.6+. For your second issue, in 4.9 which used a Debian7 based VR and openswan for VPN, we've moved to strongswan. If your external Cisco endpoint/integration can work with strongswan, please create a VPC VR and manipulate the strongswan configs in that VR and share your results or send a PR, the changes need to be in one of the python files such as configure.py. The #2 issue is very specific to your environment and is not a general error, if you're able to optimize the configuration for a VR, you can build a custom systemvm.iso file with those settings. In addition, you can send a PR or submit a Github issue with details, logs, configurations etc: https://github.com/apache/cloudstack/issues I think both the issues are not general blockers and should not void 4.11.2.0 voting. - Rohit <https://cloudstack.apache.org> ________________________________ From: Zehnder, Samuel <zehn...@netcloud.ch> Sent: Monday, November 19, 2018 9:13:04 PM To: dev@cloudstack.apache.org Subject: Re: [VOTE] Apache CloudStack 4.11.2.0 RC5 Hi Group First, sorry that I wasn't able to use the mailto-link for the reply. It somehow did not work…. After Upgrading from 4.9 to 4.11 we are seeing two issues with vRouter systemVMs: 1) Memory Consumption on vSphere vRouter are starting to swap with low memory available, this also starts happening after increasing memory size to 512m. Interestingly, there's no process nor cache using the memory as far as "top", "ps", or other tools report. 2) Site-2-Site VPN a) After a restart of the VPC (vRouter rebuild) VPN Tunnels are not configured on vRouter. This has to be triggered manually with a call to resetVpnConnection API. b) StrongSwan configuration does not work well with Cisco endpoints, I've found following inputs: - multiple "rightsubnet=" entries are not supported with ikev1 [1], so multiple conns should be configured instead - multiple subnets are supported with ikev2, but not with Cisco endpoints, use multiple conns as well [2] For me it is unclear, what script should be modified for above issues, one of those look promising: https://github.com/apache/cloudstack/blob/master/systemvm/debian/opt/cloud/bin/ipsectunnel.sh https://github.com/apache/cloudstack/blob/master/systemvm/debian/opt/cloud/bin/configure.py Regards, Sam [1] https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection#leftright-End-Parameters [2] https://serverfault.com/questions/904028/strongswan-to-cisco-asa-with-multiple-right-subnet rohit.ya...@shapeblue.com www.shapeblue.com Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
