Re: Fail with vpn customer gateway creation through terraform

2017-11-23 Thread Nux! 
I have opened a Terraform issue about it, I guess for now we can't create vpn 
customer gw using it, I'll try to automate this by other means.

https://github.com/hashicorp/terraform/issues/16744

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Nux!" <n...@li.nux.ro>
> To: "dev" <dev@cloudstack.apache.org>
> Sent: Wednesday, 22 November, 2017 14:01:36
> Subject: Re: Fail with vpn customer gateway creation through terraform

> Ok, looking at the logs it looks like an encoding problem of sorts, when
> terraform is making the calls, the policy appears as:
> sha1-aes256%3Bmodp2048
> 
> When cloudmonkey makes the calls (successfully) the policy looks like it 
> should:
> aes128-sha256;modp2048
> 
> Ideas?
> 
> https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> - Original Message -
>> From: "Nux!" <n...@li.nux.ro>
>> To: "dev" <dev@cloudstack.apache.org>
>> Sent: Wednesday, 22 November, 2017 09:11:28
>> Subject: Re: Fail with vpn customer gateway creation through terraform
> 
>> Hi guys,
>> 
>> sha1-aes256;modp3072 works if I use the UI or cloudmonkey, that's why I am
>> thinking it must be terraform or some weird encoding issues.
>> 
>> I tried replacing ; with - and also using modp2048, to no avail.
>> 
>> "* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer 
>> Gateway
>> test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway
>> IKE policy sha1-aes256-modp2048 is invalid!  Verify the required Diffie 
>> Hellman
>> (DH) group is specified."}"
>> 
>> 
>> Logs here
>> 
>> https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w
>> 
>> --
>> Sent from the Delta quadrant using Borg technology!
>> 
>> Nux!
>> www.nux.ro
>> 
>> - Original Message -
>>> From: "Jayapal Uradi" <jayapal.ur...@accelerite.com>
>>> To: "dev" <dev@cloudstack.apache.org>
>>> Sent: Wednesday, 22 November, 2017 04:20:53
>>> Subject: Re: Fail with vpn customer gateway creation through terraform
>> 
>>> Hi Lucian,
>>> 
>>> Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the
>>> config.
>>> 
>>> New: "sha1-aes256-modp3072”
>>> Old: "sha1-aes256;modp3072”
>>> 
>>> Thanks,
>>> Jayapal
>>> On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion
>>> <pd...@cloudops.com<mailto:pd...@cloudops.com>> wrote:
>>> 
>>> Hi Nux,
>>> 
>>> Could it be your cloudstack version ?  modp3072 is recent I think in
>>> CloudStack so if you run a older version maybe it's not there?
>>> 
>>> 
>>> 
>>> On Tue, Nov 21, 2017 at 6:55 PM, Nux! 
>>> <n...@li.nux.ro<mailto:n...@li.nux.ro>>
>>> wrote:
>>> 
>>> Thanks Chiradeep,
>>> 
>>> Checked but brain says no. What should I have learned from there?
>>> 
>>> AFAIK this is a terraform fail.
>>> 
>>> Lucian
>>> 
>>> --
>>> Sent from the Delta quadrant using Borg technology!
>>> 
>>> Nux!
>>> www.nux.ro<http://www.nux.ro>
>>> 
>>> - Original Message -
>>> From: "Chiradeep Vittal" <chirade...@gmail.com>
>>> To: "dev" <dev@cloudstack.apache.org>
>>> Sent: Tuesday, 21 November, 2017 19:14:16
>>> Subject: Re: Fail with vpn customer gateway creation through terraform
>>> 
>>> Check
>>> https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2
>>> ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221
>>> 
>>> On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote:
>>> 
>>> Hi,
>>> 
>>> I'm trying out terraform and had success so far, except for the vpn
>>> customer gateway feature.
>>> For some reason, terraform fails to create it, though I use the same
>>> options as in UI/cloudmonkey where it works just fine.
>>> 
>>> The snippet for it is:
>>> 
>>> resource "cloudstack_vpn_customer_gateway" "default" {
>>> name   = "test-vpc"
>>> cidr   = "10.0.0.0/24"
>&g

Re: Fail with vpn customer gateway creation through terraform

2017-11-22 Thread Nux! 
Ok, looking at the logs it looks like an encoding problem of sorts, when 
terraform is making the calls, the policy appears as:
sha1-aes256%3Bmodp2048

When cloudmonkey makes the calls (successfully) the policy looks like it should:
aes128-sha256;modp2048

Ideas?

https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Nux!" <n...@li.nux.ro>
> To: "dev" <dev@cloudstack.apache.org>
> Sent: Wednesday, 22 November, 2017 09:11:28
> Subject: Re: Fail with vpn customer gateway creation through terraform

> Hi guys,
> 
> sha1-aes256;modp3072 works if I use the UI or cloudmonkey, that's why I am
> thinking it must be terraform or some weird encoding issues.
> 
> I tried replacing ; with - and also using modp2048, to no avail.
> 
> "* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer 
> Gateway
> test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway
> IKE policy sha1-aes256-modp2048 is invalid!  Verify the required Diffie 
> Hellman
> (DH) group is specified."}"
> 
> 
> Logs here
> 
> https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> - Original Message -
>> From: "Jayapal Uradi" <jayapal.ur...@accelerite.com>
>> To: "dev" <dev@cloudstack.apache.org>
>> Sent: Wednesday, 22 November, 2017 04:20:53
>> Subject: Re: Fail with vpn customer gateway creation through terraform
> 
>> Hi Lucian,
>> 
>> Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the
>> config.
>> 
>> New: "sha1-aes256-modp3072”
>> Old: "sha1-aes256;modp3072”
>> 
>> Thanks,
>> Jayapal
>> On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion
>> <pd...@cloudops.com<mailto:pd...@cloudops.com>> wrote:
>> 
>> Hi Nux,
>> 
>> Could it be your cloudstack version ?  modp3072 is recent I think in
>> CloudStack so if you run a older version maybe it's not there?
>> 
>> 
>> 
>> On Tue, Nov 21, 2017 at 6:55 PM, Nux! <n...@li.nux.ro<mailto:n...@li.nux.ro>>
>> wrote:
>> 
>> Thanks Chiradeep,
>> 
>> Checked but brain says no. What should I have learned from there?
>> 
>> AFAIK this is a terraform fail.
>> 
>> Lucian
>> 
>> --
>> Sent from the Delta quadrant using Borg technology!
>> 
>> Nux!
>> www.nux.ro<http://www.nux.ro>
>> 
>> - Original Message -
>> From: "Chiradeep Vittal" <chirade...@gmail.com>
>> To: "dev" <dev@cloudstack.apache.org>
>> Sent: Tuesday, 21 November, 2017 19:14:16
>> Subject: Re: Fail with vpn customer gateway creation through terraform
>> 
>> Check
>> https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2
>> ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221
>> 
>> On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote:
>> 
>> Hi,
>> 
>> I'm trying out terraform and had success so far, except for the vpn
>> customer gateway feature.
>> For some reason, terraform fails to create it, though I use the same
>> options as in UI/cloudmonkey where it works just fine.
>> 
>> The snippet for it is:
>> 
>> resource "cloudstack_vpn_customer_gateway" "default" {
>> name   = "test-vpc"
>> cidr   = "10.0.0.0/24"
>> esp_policy = "aes256-sha1"
>> gateway= "1.2.3.4"
>> ike_policy = "sha1-aes256;modp3072"
>> ipsec_psk  = "terraformxyz7"
>> }
>> 
>> It always complains about the ike_policy:
>> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer
>> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The
>> customer gateway IKE policy sha1-aes256;modp3072 is invalid!  Verify the
>> required Diffie Hellman (DH) group is specified."}
>> 
>> I tried all sorts of ways to write the ike_policy, escaped, web
>> encoded/decoded, nothing worked. What am I missing?
>> The example terraform docs provide suffers the same fate.
>> 
>> Lucian
>> 
>> --
>> Sent from the Delta quadrant using Borg technology!
>> 
>> Nux!
>> www.nux.ro
>> 
>> 
>> DISCLAIMER
>> ==
>> This e-mail may contain privileged and confidential information which is the
>> property of Accelerite, a Persistent Systems business. It is intended only 
>> for
>> the use of the individual or entity to which it is addressed. If you are not
>> the intended recipient, you are not authorized to read, retain, copy, print,
>> distribute or use this message. If you have received this communication in
>> error, please notify the sender and delete all copies of this message.
>> Accelerite, a Persistent Systems business does not accept any liability for
> > virus infected mails.

Re: Fail with vpn customer gateway creation through terraform

2017-11-22 Thread Nux! 
Hi guys,

sha1-aes256;modp3072 works if I use the UI or cloudmonkey, that's why I am 
thinking it must be terraform or some weird encoding issues.

I tried replacing ; with - and also using modp2048, to no avail.

"* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer Gateway 
test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway 
IKE policy sha1-aes256-modp2048 is invalid!  Verify the required Diffie Hellman 
(DH) group is specified."}"


Logs here

https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Jayapal Uradi" <jayapal.ur...@accelerite.com>
> To: "dev" <dev@cloudstack.apache.org>
> Sent: Wednesday, 22 November, 2017 04:20:53
> Subject: Re: Fail with vpn customer gateway creation through terraform

> Hi Lucian,
> 
> Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the
> config.
> 
> New: "sha1-aes256-modp3072”
> Old: "sha1-aes256;modp3072”
> 
> Thanks,
> Jayapal
> On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion
> <pd...@cloudops.com<mailto:pd...@cloudops.com>> wrote:
> 
> Hi Nux,
> 
> Could it be your cloudstack version ?  modp3072 is recent I think in
> CloudStack so if you run a older version maybe it's not there?
> 
> 
> 
> On Tue, Nov 21, 2017 at 6:55 PM, Nux! <n...@li.nux.ro<mailto:n...@li.nux.ro>>
> wrote:
> 
> Thanks Chiradeep,
> 
> Checked but brain says no. What should I have learned from there?
> 
> AFAIK this is a terraform fail.
> 
> Lucian
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro<http://www.nux.ro>
> 
> - Original Message -
> From: "Chiradeep Vittal" <chirade...@gmail.com>
> To: "dev" <dev@cloudstack.apache.org>
> Sent: Tuesday, 21 November, 2017 19:14:16
> Subject: Re: Fail with vpn customer gateway creation through terraform
> 
> Check
> https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2
> ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221
> 
> On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote:
> 
> Hi,
> 
> I'm trying out terraform and had success so far, except for the vpn
> customer gateway feature.
> For some reason, terraform fails to create it, though I use the same
> options as in UI/cloudmonkey where it works just fine.
> 
> The snippet for it is:
> 
> resource "cloudstack_vpn_customer_gateway" "default" {
> name   = "test-vpc"
> cidr   = "10.0.0.0/24"
> esp_policy = "aes256-sha1"
> gateway= "1.2.3.4"
> ike_policy = "sha1-aes256;modp3072"
> ipsec_psk  = "terraformxyz7"
> }
> 
> It always complains about the ike_policy:
> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer
> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The
> customer gateway IKE policy sha1-aes256;modp3072 is invalid!  Verify the
> required Diffie Hellman (DH) group is specified."}
> 
> I tried all sorts of ways to write the ike_policy, escaped, web
> encoded/decoded, nothing worked. What am I missing?
> The example terraform docs provide suffers the same fate.
> 
> Lucian
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> 
> DISCLAIMER
> ==
> This e-mail may contain privileged and confidential information which is the
> property of Accelerite, a Persistent Systems business. It is intended only for
> the use of the individual or entity to which it is addressed. If you are not
> the intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Accelerite, a Persistent Systems business does not accept any liability for
> virus infected mails.

Re: Fail with vpn customer gateway creation through terraform

2017-11-21 Thread Jayapal Uradi 
Hi Lucian,

Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the 
config.

New: "sha1-aes256-modp3072”
Old: "sha1-aes256;modp3072”

Thanks,
Jayapal
On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion 
<pd...@cloudops.com<mailto:pd...@cloudops.com>> wrote:

Hi Nux,

Could it be your cloudstack version ?  modp3072 is recent I think in
CloudStack so if you run a older version maybe it's not there?



On Tue, Nov 21, 2017 at 6:55 PM, Nux! <n...@li.nux.ro<mailto:n...@li.nux.ro>> 
wrote:

Thanks Chiradeep,

Checked but brain says no. What should I have learned from there?

AFAIK this is a terraform fail.

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro<http://www.nux.ro>

- Original Message -
From: "Chiradeep Vittal" <chirade...@gmail.com>
To: "dev" <dev@cloudstack.apache.org>
Sent: Tuesday, 21 November, 2017 19:14:16
Subject: Re: Fail with vpn customer gateway creation through terraform

Check
https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2
ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221

On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote:

Hi,

I'm trying out terraform and had success so far, except for the vpn
customer gateway feature.
For some reason, terraform fails to create it, though I use the same
options as in UI/cloudmonkey where it works just fine.

The snippet for it is:

resource "cloudstack_vpn_customer_gateway" "default" {
 name   = "test-vpc"
 cidr   = "10.0.0.0/24"
 esp_policy = "aes256-sha1"
 gateway= "1.2.3.4"
 ike_policy = "sha1-aes256;modp3072"
 ipsec_psk  = "terraformxyz7"
}

It always complains about the ike_policy:
* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer
Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The
customer gateway IKE policy sha1-aes256;modp3072 is invalid!  Verify the
required Diffie Hellman (DH) group is specified."}

I tried all sorts of ways to write the ike_policy, escaped, web
encoded/decoded, nothing worked. What am I missing?
The example terraform docs provide suffers the same fate.

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro


DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.

Re: Fail with vpn customer gateway creation through terraform

2017-11-21 Thread Pierre-Luc Dion 
Hi Nux,

Could it be your cloudstack version ?  modp3072 is recent I think in
CloudStack so if you run a older version maybe it's not there?



On Tue, Nov 21, 2017 at 6:55 PM, Nux! <n...@li.nux.ro> wrote:

> Thanks Chiradeep,
>
> Checked but brain says no. What should I have learned from there?
>
> AFAIK this is a terraform fail.
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> - Original Message -
> > From: "Chiradeep Vittal" <chirade...@gmail.com>
> > To: "dev" <dev@cloudstack.apache.org>
> > Sent: Tuesday, 21 November, 2017 19:14:16
> > Subject: Re: Fail with vpn customer gateway creation through terraform
>
> > Check
> > https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2
> ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221
> >
> > On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote:
> >
> >> Hi,
> >>
> >> I'm trying out terraform and had success so far, except for the vpn
> >> customer gateway feature.
> >> For some reason, terraform fails to create it, though I use the same
> >> options as in UI/cloudmonkey where it works just fine.
> >>
> >> The snippet for it is:
> >>
> >> resource "cloudstack_vpn_customer_gateway" "default" {
> >>   name   = "test-vpc"
> >>   cidr   = "10.0.0.0/24"
> >>   esp_policy = "aes256-sha1"
> >>   gateway= "1.2.3.4"
> >>   ike_policy = "sha1-aes256;modp3072"
> >>   ipsec_psk  = "terraformxyz7"
> >> }
> >>
> >> It always complains about the ike_policy:
> >> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer
> >> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The
> >> customer gateway IKE policy sha1-aes256;modp3072 is invalid!  Verify the
> >> required Diffie Hellman (DH) group is specified."}
> >>
> >> I tried all sorts of ways to write the ike_policy, escaped, web
> >> encoded/decoded, nothing worked. What am I missing?
> >> The example terraform docs provide suffers the same fate.
> >>
> >> Lucian
> >>
> >> --
> >> Sent from the Delta quadrant using Borg technology!
> >>
> >> Nux!
> >> www.nux.ro
>

Re: Fail with vpn customer gateway creation through terraform

2017-11-21 Thread Nux! 
Thanks Chiradeep,

Checked but brain says no. What should I have learned from there?

AFAIK this is a terraform fail.

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Chiradeep Vittal" <chirade...@gmail.com>
> To: "dev" <dev@cloudstack.apache.org>
> Sent: Tuesday, 21 November, 2017 19:14:16
> Subject: Re: Fail with vpn customer gateway creation through terraform

> Check
> https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221
> 
> On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote:
> 
>> Hi,
>>
>> I'm trying out terraform and had success so far, except for the vpn
>> customer gateway feature.
>> For some reason, terraform fails to create it, though I use the same
>> options as in UI/cloudmonkey where it works just fine.
>>
>> The snippet for it is:
>>
>> resource "cloudstack_vpn_customer_gateway" "default" {
>>   name   = "test-vpc"
>>   cidr   = "10.0.0.0/24"
>>   esp_policy = "aes256-sha1"
>>   gateway= "1.2.3.4"
>>   ike_policy = "sha1-aes256;modp3072"
>>   ipsec_psk  = "terraformxyz7"
>> }
>>
>> It always complains about the ike_policy:
>> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer
>> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The
>> customer gateway IKE policy sha1-aes256;modp3072 is invalid!  Verify the
>> required Diffie Hellman (DH) group is specified."}
>>
>> I tried all sorts of ways to write the ike_policy, escaped, web
>> encoded/decoded, nothing worked. What am I missing?
>> The example terraform docs provide suffers the same fate.
>>
>> Lucian
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro

Re: Fail with vpn customer gateway creation through terraform

2017-11-21 Thread Chiradeep Vittal 
Check
https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221

On Tue, Nov 21, 2017 at 10:11 AM, Nux!  wrote:

> Hi,
>
> I'm trying out terraform and had success so far, except for the vpn
> customer gateway feature.
> For some reason, terraform fails to create it, though I use the same
> options as in UI/cloudmonkey where it works just fine.
>
> The snippet for it is:
>
> resource "cloudstack_vpn_customer_gateway" "default" {
>   name   = "test-vpc"
>   cidr   = "10.0.0.0/24"
>   esp_policy = "aes256-sha1"
>   gateway= "1.2.3.4"
>   ike_policy = "sha1-aes256;modp3072"
>   ipsec_psk  = "terraformxyz7"
> }
>
> It always complains about the ike_policy:
> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer
> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The
> customer gateway IKE policy sha1-aes256;modp3072 is invalid!  Verify the
> required Diffie Hellman (DH) group is specified."}
>
> I tried all sorts of ways to write the ike_policy, escaped, web
> encoded/decoded, nothing worked. What am I missing?
> The example terraform docs provide suffers the same fate.
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>

Fail with vpn customer gateway creation through terraform

2017-11-21 Thread Nux! 
Hi,

I'm trying out terraform and had success so far, except for the vpn customer 
gateway feature.
For some reason, terraform fails to create it, though I use the same options as 
in UI/cloudmonkey where it works just fine.

The snippet for it is:

resource "cloudstack_vpn_customer_gateway" "default" {
  name   = "test-vpc"
  cidr   = "10.0.0.0/24"
  esp_policy = "aes256-sha1"
  gateway= "1.2.3.4"
  ike_policy = "sha1-aes256;modp3072"
  ipsec_psk  = "terraformxyz7"
}

It always complains about the ike_policy:
* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer Gateway 
test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway 
IKE policy sha1-aes256;modp3072 is invalid!  Verify the required Diffie Hellman 
(DH) group is specified."}

I tried all sorts of ways to write the ike_policy, escaped, web 
encoded/decoded, nothing worked. What am I missing?
The example terraform docs provide suffers the same fate.

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro