Re: Fail with vpn customer gateway creation through terraform
I have opened a Terraform issue about it, I guess for now we can't create vpn customer gw using it, I'll try to automate this by other means. https://github.com/hashicorp/terraform/issues/16744 -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Nux!" <n...@li.nux.ro> > To: "dev" <dev@cloudstack.apache.org> > Sent: Wednesday, 22 November, 2017 14:01:36 > Subject: Re: Fail with vpn customer gateway creation through terraform > Ok, looking at the logs it looks like an encoding problem of sorts, when > terraform is making the calls, the policy appears as: > sha1-aes256%3Bmodp2048 > > When cloudmonkey makes the calls (successfully) the policy looks like it > should: > aes128-sha256;modp2048 > > Ideas? > > https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > - Original Message - >> From: "Nux!" <n...@li.nux.ro> >> To: "dev" <dev@cloudstack.apache.org> >> Sent: Wednesday, 22 November, 2017 09:11:28 >> Subject: Re: Fail with vpn customer gateway creation through terraform > >> Hi guys, >> >> sha1-aes256;modp3072 works if I use the UI or cloudmonkey, that's why I am >> thinking it must be terraform or some weird encoding issues. >> >> I tried replacing ; with - and also using modp2048, to no avail. >> >> "* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer >> Gateway >> test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway >> IKE policy sha1-aes256-modp2048 is invalid! Verify the required Diffie >> Hellman >> (DH) group is specified."}" >> >> >> Logs here >> >> https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro >> >> - Original Message - >>> From: "Jayapal Uradi" <jayapal.ur...@accelerite.com> >>> To: "dev" <dev@cloudstack.apache.org> >>> Sent: Wednesday, 22 November, 2017 04:20:53 >>> Subject: Re: Fail with vpn customer gateway creation through terraform >> >>> Hi Lucian, >>> >>> Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the >>> config. >>> >>> New: "sha1-aes256-modp3072” >>> Old: "sha1-aes256;modp3072” >>> >>> Thanks, >>> Jayapal >>> On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion >>> <pd...@cloudops.com<mailto:pd...@cloudops.com>> wrote: >>> >>> Hi Nux, >>> >>> Could it be your cloudstack version ? modp3072 is recent I think in >>> CloudStack so if you run a older version maybe it's not there? >>> >>> >>> >>> On Tue, Nov 21, 2017 at 6:55 PM, Nux! >>> <n...@li.nux.ro<mailto:n...@li.nux.ro>> >>> wrote: >>> >>> Thanks Chiradeep, >>> >>> Checked but brain says no. What should I have learned from there? >>> >>> AFAIK this is a terraform fail. >>> >>> Lucian >>> >>> -- >>> Sent from the Delta quadrant using Borg technology! >>> >>> Nux! >>> www.nux.ro<http://www.nux.ro> >>> >>> - Original Message - >>> From: "Chiradeep Vittal" <chirade...@gmail.com> >>> To: "dev" <dev@cloudstack.apache.org> >>> Sent: Tuesday, 21 November, 2017 19:14:16 >>> Subject: Re: Fail with vpn customer gateway creation through terraform >>> >>> Check >>> https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2 >>> ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221 >>> >>> On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote: >>> >>> Hi, >>> >>> I'm trying out terraform and had success so far, except for the vpn >>> customer gateway feature. >>> For some reason, terraform fails to create it, though I use the same >>> options as in UI/cloudmonkey where it works just fine. >>> >>> The snippet for it is: >>> >>> resource "cloudstack_vpn_customer_gateway" "default" { >>> name = "test-vpc" >>> cidr = "10.0.0.0/24" >&g
Re: Fail with vpn customer gateway creation through terraform
Ok, looking at the logs it looks like an encoding problem of sorts, when terraform is making the calls, the policy appears as: sha1-aes256%3Bmodp2048 When cloudmonkey makes the calls (successfully) the policy looks like it should: aes128-sha256;modp2048 Ideas? https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Nux!" <n...@li.nux.ro> > To: "dev" <dev@cloudstack.apache.org> > Sent: Wednesday, 22 November, 2017 09:11:28 > Subject: Re: Fail with vpn customer gateway creation through terraform > Hi guys, > > sha1-aes256;modp3072 works if I use the UI or cloudmonkey, that's why I am > thinking it must be terraform or some weird encoding issues. > > I tried replacing ; with - and also using modp2048, to no avail. > > "* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer > Gateway > test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway > IKE policy sha1-aes256-modp2048 is invalid! Verify the required Diffie > Hellman > (DH) group is specified."}" > > > Logs here > > https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > - Original Message - >> From: "Jayapal Uradi" <jayapal.ur...@accelerite.com> >> To: "dev" <dev@cloudstack.apache.org> >> Sent: Wednesday, 22 November, 2017 04:20:53 >> Subject: Re: Fail with vpn customer gateway creation through terraform > >> Hi Lucian, >> >> Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the >> config. >> >> New: "sha1-aes256-modp3072” >> Old: "sha1-aes256;modp3072” >> >> Thanks, >> Jayapal >> On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion >> <pd...@cloudops.com<mailto:pd...@cloudops.com>> wrote: >> >> Hi Nux, >> >> Could it be your cloudstack version ? modp3072 is recent I think in >> CloudStack so if you run a older version maybe it's not there? >> >> >> >> On Tue, Nov 21, 2017 at 6:55 PM, Nux! <n...@li.nux.ro<mailto:n...@li.nux.ro>> >> wrote: >> >> Thanks Chiradeep, >> >> Checked but brain says no. What should I have learned from there? >> >> AFAIK this is a terraform fail. >> >> Lucian >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro<http://www.nux.ro> >> >> - Original Message - >> From: "Chiradeep Vittal" <chirade...@gmail.com> >> To: "dev" <dev@cloudstack.apache.org> >> Sent: Tuesday, 21 November, 2017 19:14:16 >> Subject: Re: Fail with vpn customer gateway creation through terraform >> >> Check >> https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2 >> ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221 >> >> On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote: >> >> Hi, >> >> I'm trying out terraform and had success so far, except for the vpn >> customer gateway feature. >> For some reason, terraform fails to create it, though I use the same >> options as in UI/cloudmonkey where it works just fine. >> >> The snippet for it is: >> >> resource "cloudstack_vpn_customer_gateway" "default" { >> name = "test-vpc" >> cidr = "10.0.0.0/24" >> esp_policy = "aes256-sha1" >> gateway= "1.2.3.4" >> ike_policy = "sha1-aes256;modp3072" >> ipsec_psk = "terraformxyz7" >> } >> >> It always complains about the ike_policy: >> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer >> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The >> customer gateway IKE policy sha1-aes256;modp3072 is invalid! Verify the >> required Diffie Hellman (DH) group is specified."} >> >> I tried all sorts of ways to write the ike_policy, escaped, web >> encoded/decoded, nothing worked. What am I missing? >> The example terraform docs provide suffers the same fate. >> >> Lucian >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro >> >> >> DISCLAIMER >> == >> This e-mail may contain privileged and confidential information which is the >> property of Accelerite, a Persistent Systems business. It is intended only >> for >> the use of the individual or entity to which it is addressed. If you are not >> the intended recipient, you are not authorized to read, retain, copy, print, >> distribute or use this message. If you have received this communication in >> error, please notify the sender and delete all copies of this message. >> Accelerite, a Persistent Systems business does not accept any liability for > > virus infected mails.
Re: Fail with vpn customer gateway creation through terraform
Hi guys, sha1-aes256;modp3072 works if I use the UI or cloudmonkey, that's why I am thinking it must be terraform or some weird encoding issues. I tried replacing ; with - and also using modp2048, to no avail. "* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway IKE policy sha1-aes256-modp2048 is invalid! Verify the required Diffie Hellman (DH) group is specified."}" Logs here https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Jayapal Uradi" <jayapal.ur...@accelerite.com> > To: "dev" <dev@cloudstack.apache.org> > Sent: Wednesday, 22 November, 2017 04:20:53 > Subject: Re: Fail with vpn customer gateway creation through terraform > Hi Lucian, > > Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the > config. > > New: "sha1-aes256-modp3072” > Old: "sha1-aes256;modp3072” > > Thanks, > Jayapal > On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion > <pd...@cloudops.com<mailto:pd...@cloudops.com>> wrote: > > Hi Nux, > > Could it be your cloudstack version ? modp3072 is recent I think in > CloudStack so if you run a older version maybe it's not there? > > > > On Tue, Nov 21, 2017 at 6:55 PM, Nux! <n...@li.nux.ro<mailto:n...@li.nux.ro>> > wrote: > > Thanks Chiradeep, > > Checked but brain says no. What should I have learned from there? > > AFAIK this is a terraform fail. > > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro<http://www.nux.ro> > > - Original Message - > From: "Chiradeep Vittal" <chirade...@gmail.com> > To: "dev" <dev@cloudstack.apache.org> > Sent: Tuesday, 21 November, 2017 19:14:16 > Subject: Re: Fail with vpn customer gateway creation through terraform > > Check > https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2 > ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221 > > On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote: > > Hi, > > I'm trying out terraform and had success so far, except for the vpn > customer gateway feature. > For some reason, terraform fails to create it, though I use the same > options as in UI/cloudmonkey where it works just fine. > > The snippet for it is: > > resource "cloudstack_vpn_customer_gateway" "default" { > name = "test-vpc" > cidr = "10.0.0.0/24" > esp_policy = "aes256-sha1" > gateway= "1.2.3.4" > ike_policy = "sha1-aes256;modp3072" > ipsec_psk = "terraformxyz7" > } > > It always complains about the ike_policy: > * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer > Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The > customer gateway IKE policy sha1-aes256;modp3072 is invalid! Verify the > required Diffie Hellman (DH) group is specified."} > > I tried all sorts of ways to write the ike_policy, escaped, web > encoded/decoded, nothing worked. What am I missing? > The example terraform docs provide suffers the same fate. > > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > > DISCLAIMER > == > This e-mail may contain privileged and confidential information which is the > property of Accelerite, a Persistent Systems business. It is intended only for > the use of the individual or entity to which it is addressed. If you are not > the intended recipient, you are not authorized to read, retain, copy, print, > distribute or use this message. If you have received this communication in > error, please notify the sender and delete all copies of this message. > Accelerite, a Persistent Systems business does not accept any liability for > virus infected mails.
Re: Fail with vpn customer gateway creation through terraform
Hi Lucian, Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the config. New: "sha1-aes256-modp3072” Old: "sha1-aes256;modp3072” Thanks, Jayapal On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion <pd...@cloudops.com<mailto:pd...@cloudops.com>> wrote: Hi Nux, Could it be your cloudstack version ? modp3072 is recent I think in CloudStack so if you run a older version maybe it's not there? On Tue, Nov 21, 2017 at 6:55 PM, Nux! <n...@li.nux.ro<mailto:n...@li.nux.ro>> wrote: Thanks Chiradeep, Checked but brain says no. What should I have learned from there? AFAIK this is a terraform fail. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro<http://www.nux.ro> - Original Message - From: "Chiradeep Vittal" <chirade...@gmail.com> To: "dev" <dev@cloudstack.apache.org> Sent: Tuesday, 21 November, 2017 19:14:16 Subject: Re: Fail with vpn customer gateway creation through terraform Check https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2 ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221 On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote: Hi, I'm trying out terraform and had success so far, except for the vpn customer gateway feature. For some reason, terraform fails to create it, though I use the same options as in UI/cloudmonkey where it works just fine. The snippet for it is: resource "cloudstack_vpn_customer_gateway" "default" { name = "test-vpc" cidr = "10.0.0.0/24" esp_policy = "aes256-sha1" gateway= "1.2.3.4" ike_policy = "sha1-aes256;modp3072" ipsec_psk = "terraformxyz7" } It always complains about the ike_policy: * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway IKE policy sha1-aes256;modp3072 is invalid! Verify the required Diffie Hellman (DH) group is specified."} I tried all sorts of ways to write the ike_policy, escaped, web encoded/decoded, nothing worked. What am I missing? The example terraform docs provide suffers the same fate. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: Fail with vpn customer gateway creation through terraform
Hi Nux, Could it be your cloudstack version ? modp3072 is recent I think in CloudStack so if you run a older version maybe it's not there? On Tue, Nov 21, 2017 at 6:55 PM, Nux! <n...@li.nux.ro> wrote: > Thanks Chiradeep, > > Checked but brain says no. What should I have learned from there? > > AFAIK this is a terraform fail. > > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > - Original Message - > > From: "Chiradeep Vittal" <chirade...@gmail.com> > > To: "dev" <dev@cloudstack.apache.org> > > Sent: Tuesday, 21 November, 2017 19:14:16 > > Subject: Re: Fail with vpn customer gateway creation through terraform > > > Check > > https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2 > ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221 > > > > On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote: > > > >> Hi, > >> > >> I'm trying out terraform and had success so far, except for the vpn > >> customer gateway feature. > >> For some reason, terraform fails to create it, though I use the same > >> options as in UI/cloudmonkey where it works just fine. > >> > >> The snippet for it is: > >> > >> resource "cloudstack_vpn_customer_gateway" "default" { > >> name = "test-vpc" > >> cidr = "10.0.0.0/24" > >> esp_policy = "aes256-sha1" > >> gateway= "1.2.3.4" > >> ike_policy = "sha1-aes256;modp3072" > >> ipsec_psk = "terraformxyz7" > >> } > >> > >> It always complains about the ike_policy: > >> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer > >> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The > >> customer gateway IKE policy sha1-aes256;modp3072 is invalid! Verify the > >> required Diffie Hellman (DH) group is specified."} > >> > >> I tried all sorts of ways to write the ike_policy, escaped, web > >> encoded/decoded, nothing worked. What am I missing? > >> The example terraform docs provide suffers the same fate. > >> > >> Lucian > >> > >> -- > >> Sent from the Delta quadrant using Borg technology! > >> > >> Nux! > >> www.nux.ro >
Re: Fail with vpn customer gateway creation through terraform
Thanks Chiradeep, Checked but brain says no. What should I have learned from there? AFAIK this is a terraform fail. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Chiradeep Vittal" <chirade...@gmail.com> > To: "dev" <dev@cloudstack.apache.org> > Sent: Tuesday, 21 November, 2017 19:14:16 > Subject: Re: Fail with vpn customer gateway creation through terraform > Check > https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221 > > On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote: > >> Hi, >> >> I'm trying out terraform and had success so far, except for the vpn >> customer gateway feature. >> For some reason, terraform fails to create it, though I use the same >> options as in UI/cloudmonkey where it works just fine. >> >> The snippet for it is: >> >> resource "cloudstack_vpn_customer_gateway" "default" { >> name = "test-vpc" >> cidr = "10.0.0.0/24" >> esp_policy = "aes256-sha1" >> gateway= "1.2.3.4" >> ike_policy = "sha1-aes256;modp3072" >> ipsec_psk = "terraformxyz7" >> } >> >> It always complains about the ike_policy: >> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer >> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The >> customer gateway IKE policy sha1-aes256;modp3072 is invalid! Verify the >> required Diffie Hellman (DH) group is specified."} >> >> I tried all sorts of ways to write the ike_policy, escaped, web >> encoded/decoded, nothing worked. What am I missing? >> The example terraform docs provide suffers the same fate. >> >> Lucian >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro
Re: Fail with vpn customer gateway creation through terraform
Check https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221 On Tue, Nov 21, 2017 at 10:11 AM, Nux!wrote: > Hi, > > I'm trying out terraform and had success so far, except for the vpn > customer gateway feature. > For some reason, terraform fails to create it, though I use the same > options as in UI/cloudmonkey where it works just fine. > > The snippet for it is: > > resource "cloudstack_vpn_customer_gateway" "default" { > name = "test-vpc" > cidr = "10.0.0.0/24" > esp_policy = "aes256-sha1" > gateway= "1.2.3.4" > ike_policy = "sha1-aes256;modp3072" > ipsec_psk = "terraformxyz7" > } > > It always complains about the ike_policy: > * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer > Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The > customer gateway IKE policy sha1-aes256;modp3072 is invalid! Verify the > required Diffie Hellman (DH) group is specified."} > > I tried all sorts of ways to write the ike_policy, escaped, web > encoded/decoded, nothing worked. What am I missing? > The example terraform docs provide suffers the same fate. > > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro >
Fail with vpn customer gateway creation through terraform
Hi, I'm trying out terraform and had success so far, except for the vpn customer gateway feature. For some reason, terraform fails to create it, though I use the same options as in UI/cloudmonkey where it works just fine. The snippet for it is: resource "cloudstack_vpn_customer_gateway" "default" { name = "test-vpc" cidr = "10.0.0.0/24" esp_policy = "aes256-sha1" gateway= "1.2.3.4" ike_policy = "sha1-aes256;modp3072" ipsec_psk = "terraformxyz7" } It always complains about the ike_policy: * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway IKE policy sha1-aes256;modp3072 is invalid! Verify the required Diffie Hellman (DH) group is specified."} I tried all sorts of ways to write the ike_policy, escaped, web encoded/decoded, nothing worked. What am I missing? The example terraform docs provide suffers the same fate. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro