[jira] [Commented] (CLOUDSTACK-10010) Some S2S VPN configurations fail to establish a connection

Mon, 11 Dec 2017 08:41:38 -0800 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16286204#comment-16286204
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10010:
---------------------------------------------

rhtyd commented on issue #2190: CLOUDSTACK-10010: Fixed the negotiation of S2S 
VPN connections
URL: https://github.com/apache/cloudstack/pull/2190#issuecomment-350780939
 
 
   @swill thanks for the PR, I've ported the commit from your PR to #2211 where 
I'm able to repeatedly get the tests pass on KVM and XenServer now! Given there 
is no activity/response on this PR, I'll close this PR and get your stuff 
tested and merged via #2211 now. Again, many thanks for the work.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> Some S2S VPN configurations fail to establish a connection
> ----------------------------------------------------------
>
>                 Key: CLOUDSTACK-10010
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10010
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Virtual Router
>    Affects Versions: 4.10.0.0
>            Reporter: Will Stevens
>
> I am not sure if a regression was introduced with this PR #2062, but we have 
> found issues with this configuration now that we have it in production.
> The core of this change is to change the S2S VPN config from {{auto=start}} 
> to {{auto=route}}. Read more about this setting here: 
> https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
> We found there to be issues when using {{auto=start}} for both sides of the 
> connection as there was problem negotiating the connection. Instead the 
> {{auto=route}} config will only establish a connection once there is an 
> attempt to send traffic over the connection. In order to attempt to open the 
> connection as soon as the VPN connection is configured, a ping to the other 
> side of the connection has been added to establish the connection.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to