DeepthiMachiraju created CLOUDSTACK-9943:
--------------------------------------------
Summary: Remote access VPN fails to establish from Windows Machine.
Key: CLOUDSTACK-9943
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9943
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Affects Versions: 4.10.0.0
Reporter: DeepthiMachiraju
Priority: Blocker
Fix For: 4.10.0.0
Attachments: management-server.log
- Create an isolated Network N1 and deploy a VM.
- On the Source Nat IP enable Remote Access VPN.
- Configure the VPN connection from a window machine by providing the Public IP
of VR , TYpe of VPN : L2TP / IPSec and provide preshared key for authentication.
- Try connecting by providing the VPN users details.
Observation :
Remote access VPn fails to establish .
==============================================
Please find the relevant logs below :
root@r-42-VM:/etc/cloudstack# ipsec --version
Linux strongSwan U5.2.1/K3.2.0-4-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
===================================================
root@r-42-VM:/etc/cloudstack# ipsec status
Security Associations (0 up, 0 connecting):
none
====================auth.log==========================
Jun 6 09:54:44 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main Mode
IKE_SA
Jun 6 09:54:44 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[1] established between
10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
Jun 6 09:54:44 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{1} established with
SPIs c217d307_i dc6d5497_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:54:44 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{1} established with
SPIs cbeda395_i 21bba84d_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:54:44 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs
c217d307_i (0 bytes) dc6d5497_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:54:47 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{1} established with
SPIs c9a8105d_i 28d44ba0_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:54:47 r-42-VM charon: 13[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs
cbeda395_i (0 bytes) 21bba84d_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:54:51 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{1} established with
SPIs ccd1db39_i 17c5c576_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:54:51 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs
c9a8105d_i (0 bytes) 28d44ba0_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:54:59 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{1} established with
SPIs c3dcf5e4_i 40af5f4d_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:54:59 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs
ccd1db39_i (0 bytes) 17c5c576_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session opened for
user root by (uid=0)
Jun 6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session closed for
user root
Jun 6 09:55:09 r-42-VM charon: 16[IKE] CHILD_SA L2TP-PSK{1} established with
SPIs c8d60ec4_i f675adb5_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:55:09 r-42-VM charon: 05[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs
c3dcf5e4_i (0 bytes) 40af5f4d_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:55:19 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs
c8d60ec4_i (0 bytes) f675adb5_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:55:19 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[1] between
10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
====================auth.log==========================
IPsec status when ike is established :
root@r-42-VM:/etc/cloudstack# ipsec status
Security Associations (1 up, 0 connecting):
L2TP-PSK[3]: ESTABLISHED 31 seconds ago,
10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
L2TP-PSK{3}: INSTALLED, TRANSPORT, ESP in UDP SPIs: c6066660_i a020e46f_o
L2TP-PSK{3}: 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
====================daemon.log=======================
Jun 6 09:57:03 r-42-VM charon: 14[NET] received packet: from 10.233.89.32[500]
to 10.147.30.117[500] (384 bytes)
Jun 6 09:57:03 r-42-VM charon: 14[ENC] parsed ID_PROT request 0 [ SA V V V V V
V V ]
Jun 6 09:57:03 r-42-VM charon: 14[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Jun 6 09:57:03 r-42-VM charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
Jun 6 09:57:03 r-42-VM charon: 14[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jun 6 09:57:03 r-42-VM charon: 14[IKE] received FRAGMENTATION vendor ID
Jun 6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID:
fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Jun 6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID:
26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Jun 6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID:
e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Jun 6 09:57:03 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main Mode
IKE_SA
Jun 6 09:57:03 r-42-VM charon: 14[ENC] generating ID_PROT response 0 [ SA V V
V ]
Jun 6 09:57:03 r-42-VM charon: 14[NET] sending packet: from 10.147.30.117[500]
to 10.233.89.32[500] (136 bytes)
Jun 6 09:57:03 r-42-VM charon: 15[NET] received packet: from 10.233.89.32[500]
to 10.147.30.117[500] (388 bytes)
Jun 6 09:57:03 r-42-VM charon: 15[ENC] parsed ID_PROT request 0 [ KE No NAT-D
NAT-D ]
Jun 6 09:57:03 r-42-VM charon: 15[IKE] faking NAT situation to enforce UDP
encapsulation
Jun 6 09:57:03 r-42-VM charon: 15[ENC] generating ID_PROT response 0 [ KE No
NAT-D NAT-D ]
Jun 6 09:57:03 r-42-VM charon: 15[NET] sending packet: from 10.147.30.117[500]
to 10.233.89.32[500] (372 bytes)
Jun 6 09:57:03 r-42-VM charon: 16[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
Jun 6 09:57:03 r-42-VM charon: 16[ENC] parsed ID_PROT request 0 [ ID HASH ]
Jun 6 09:57:03 r-42-VM charon: 16[CFG] looking for pre-shared key peer configs
matching 10.147.30.117...10.233.89.32[10.233.89.32]
Jun 6 09:57:03 r-42-VM charon: 16[CFG] selected peer config "L2TP-PSK"
Jun 6 09:57:03 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[2] established between
10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
Jun 6 09:57:03 r-42-VM charon: 16[ENC] generating ID_PROT response 0 [ ID HASH
]
Jun 6 09:57:03 r-42-VM charon: 16[NET] sending packet: from
10.147.30.117[4500] to 10.233.89.32[4500] (76 bytes)
Jun 6 09:57:03 r-42-VM charon: 04[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
Jun 6 09:57:03 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 1 [ HASH SA
No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:03 r-42-VM charon: 04[IKE] received 3600s lifetime, configured 0s
Jun 6 09:57:03 r-42-VM charon: 04[IKE] received 250000000 lifebytes,
configured 0
Jun 6 09:57:03 r-42-VM charon: 04[ENC] generating QUICK_MODE response 1 [ HASH
SA No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:03 r-42-VM charon: 04[NET] sending packet: from
10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
Jun 6 09:57:03 r-42-VM charon: 03[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
Jun 6 09:57:03 r-42-VM charon: 03[ENC] parsed QUICK_MODE request 1 [ HASH ]
Jun 6 09:57:03 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{2} established with
SPIs cbff1661_i 9c25b6cc_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:03 r-42-VM charon: 02[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
Jun 6 09:57:03 r-42-VM charon: 02[ENC] parsed QUICK_MODE request 2 [ HASH SA
No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:03 r-42-VM charon: 02[IKE] received 3600s lifetime, configured 0s
Jun 6 09:57:03 r-42-VM charon: 02[IKE] received 250000000 lifebytes,
configured 0
Jun 6 09:57:03 r-42-VM charon: 02[IKE] detected rekeying of CHILD_SA
L2TP-PSK{2}
Jun 6 09:57:03 r-42-VM charon: 02[ENC] generating QUICK_MODE response 2 [ HASH
SA No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:03 r-42-VM charon: 02[NET] sending packet: from
10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
Jun 6 09:57:03 r-42-VM charon: 01[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
Jun 6 09:57:03 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 2 [ HASH ]
Jun 6 09:57:03 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{2} established with
SPIs c25a7f96_i 0abe04de_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:03 r-42-VM charon: 11[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
Jun 6 09:57:03 r-42-VM charon: 11[ENC] parsed INFORMATIONAL_V1 request
103224265 [ HASH D ]
Jun 6 09:57:03 r-42-VM charon: 11[IKE] received DELETE for ESP CHILD_SA with
SPI 9c25b6cc
Jun 6 09:57:03 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs
cbff1661_i (0 bytes) 9c25b6cc_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:06 r-42-VM charon: 06[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
Jun 6 09:57:06 r-42-VM charon: 06[ENC] parsed QUICK_MODE request 3 [ HASH SA
No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:06 r-42-VM charon: 06[IKE] received 3600s lifetime, configured 0s
Jun 6 09:57:06 r-42-VM charon: 06[IKE] received 250000000 lifebytes,
configured 0
Jun 6 09:57:06 r-42-VM charon: 06[IKE] detected rekeying of CHILD_SA
L2TP-PSK{2}
Jun 6 09:57:06 r-42-VM charon: 06[ENC] generating QUICK_MODE response 3 [ HASH
SA No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:06 r-42-VM charon: 06[NET] sending packet: from
10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
Jun 6 09:57:06 r-42-VM charon: 12[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
Jun 6 09:57:06 r-42-VM charon: 12[ENC] parsed QUICK_MODE request 3 [ HASH ]
Jun 6 09:57:06 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{2} established with
SPIs c9e9610c_i 83b1c870_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:06 r-42-VM charon: 12[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
Jun 6 09:57:06 r-42-VM charon: 12[ENC] parsed INFORMATIONAL_V1 request
1590197566 [ HASH D ]
Jun 6 09:57:06 r-42-VM charon: 12[IKE] received DELETE for ESP CHILD_SA with
SPI 0abe04de
Jun 6 09:57:06 r-42-VM charon: 12[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs
c25a7f96_i (0 bytes) 0abe04de_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:10 r-42-VM charon: 05[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
Jun 6 09:57:10 r-42-VM charon: 05[ENC] parsed QUICK_MODE request 4 [ HASH SA
No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:10 r-42-VM charon: 05[IKE] received 3600s lifetime, configured 0s
Jun 6 09:57:10 r-42-VM charon: 05[IKE] received 250000000 lifebytes,
configured 0
Jun 6 09:57:10 r-42-VM charon: 05[IKE] detected rekeying of CHILD_SA
L2TP-PSK{2}
Jun 6 09:57:10 r-42-VM charon: 05[ENC] generating QUICK_MODE response 4 [ HASH
SA No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:10 r-42-VM charon: 05[NET] sending packet: from
10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
Jun 6 09:57:10 r-42-VM charon: 04[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
Jun 6 09:57:10 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 4 [ HASH ]
Jun 6 09:57:10 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{2} established with
SPIs cffce783_i 16ad4fef_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:10 r-42-VM charon: 03[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
Jun 6 09:57:10 r-42-VM charon: 03[ENC] parsed INFORMATIONAL_V1 request
2703531821 [ HASH D ]
Jun 6 09:57:10 r-42-VM charon: 03[IKE] received DELETE for ESP CHILD_SA with
SPI 83b1c870
Jun 6 09:57:10 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs
c9e9610c_i (0 bytes) 83b1c870_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:18 r-42-VM charon: 01[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
Jun 6 09:57:18 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 5 [ HASH SA
No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:18 r-42-VM charon: 01[IKE] received 3600s lifetime, configured 0s
Jun 6 09:57:18 r-42-VM charon: 01[IKE] received 250000000 lifebytes,
configured 0
Jun 6 09:57:18 r-42-VM charon: 01[IKE] detected rekeying of CHILD_SA
L2TP-PSK{2}
Jun 6 09:57:18 r-42-VM charon: 01[ENC] generating QUICK_MODE response 5 [ HASH
SA No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:18 r-42-VM charon: 01[NET] sending packet: from
10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
Jun 6 09:57:18 r-42-VM charon: 11[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
Jun 6 09:57:18 r-42-VM charon: 11[ENC] parsed QUICK_MODE request 5 [ HASH ]
Jun 6 09:57:18 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{2} established with
SPIs cd088e05_i 381bd68f_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:18 r-42-VM charon: 06[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
Jun 6 09:57:18 r-42-VM charon: 06[ENC] parsed INFORMATIONAL_V1 request
4078387132 [ HASH D ]
Jun 6 09:57:18 r-42-VM charon: 06[IKE] received DELETE for ESP CHILD_SA with
SPI 16ad4fef
Jun 6 09:57:18 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs
cffce783_i (0 bytes) 16ad4fef_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:28 r-42-VM charon: 14[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
Jun 6 09:57:28 r-42-VM charon: 14[ENC] parsed QUICK_MODE request 6 [ HASH SA
No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:28 r-42-VM charon: 14[IKE] received 3600s lifetime, configured 0s
Jun 6 09:57:28 r-42-VM charon: 14[IKE] received 250000000 lifebytes,
configured 0
Jun 6 09:57:28 r-42-VM charon: 14[IKE] detected rekeying of CHILD_SA
L2TP-PSK{2}
Jun 6 09:57:28 r-42-VM charon: 14[ENC] generating QUICK_MODE response 6 [ HASH
SA No ID ID NAT-OA NAT-OA ]
Jun 6 09:57:28 r-42-VM charon: 14[NET] sending packet: from
10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
Jun 6 09:57:28 r-42-VM charon: 15[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
Jun 6 09:57:28 r-42-VM charon: 15[ENC] parsed QUICK_MODE request 6 [ HASH ]
Jun 6 09:57:28 r-42-VM charon: 15[IKE] CHILD_SA L2TP-PSK{2} established with
SPIs cff9a578_i 93dc756b_o and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:28 r-42-VM charon: 16[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
Jun 6 09:57:28 r-42-VM charon: 16[ENC] parsed INFORMATIONAL_V1 request
251215099 [ HASH D ]
Jun 6 09:57:28 r-42-VM charon: 16[IKE] received DELETE for ESP CHILD_SA with
SPI 381bd68f
Jun 6 09:57:28 r-42-VM charon: 16[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs
cd088e05_i (0 bytes) 381bd68f_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:38 r-42-VM charon: 02[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
Jun 6 09:57:38 r-42-VM charon: 02[ENC] parsed INFORMATIONAL_V1 request
1078630831 [ HASH D ]
Jun 6 09:57:38 r-42-VM charon: 02[IKE] received DELETE for ESP CHILD_SA with
SPI 93dc756b
Jun 6 09:57:38 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs
cff9a578_i (0 bytes) 93dc756b_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] ===
10.233.89.32/32[udp/l2f]
Jun 6 09:57:38 r-42-VM charon: 01[NET] received packet: from
10.233.89.32[4500] to 10.147.30.117[4500] (92 bytes)
Jun 6 09:57:38 r-42-VM charon: 01[ENC] parsed INFORMATIONAL_V1 request
1398070104 [ HASH D ]
Jun 6 09:57:38 r-42-VM charon: 01[IKE] received DELETE for IKE_SA L2TP-PSK[2]
Jun 6 09:57:38 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[2] between
10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
========================daemon.log=========================
========================l2tp.conf============================
root@r-42-VM:/etc/ipsec.d# cat l2tp.conf
#ipsec remote access vpn configuration
conn L2TP-PSK
authby=psk
pfs=no
rekey=no
keyingtries=3
keyexchange=ikev1
forceencaps=yes
leftfirewall=yes
leftnexthop=%defaultroute
type=transport
#
# ----------------------------------------------------------
# The VPN server.
#
# Allow incoming connections on the external network interface.
# If you want to use a different interface or if there is no
# defaultroute, you can use: left=your.ip.addr.ess
#
left=10.147.30.117
#
leftprotoport=17/1701
# If you insist on supporting non-updated Windows clients,
# you can use: leftprotoport=17/%any
#
# ----------------------------------------------------------
# The remote user(s).
#
# Allow incoming connections only from this IP address.
right=%any
# If you want to allow multiple connections from any IP address,
# you can use: right=%any
#
rightprotoport=17/%any
#
# ----------------------------------------------------------
# Change 'ignore' to 'add' to enable this configuration.
#
rightsubnetwithin=0.0.0.0/0
auto=add
========================l2tp.conf============================
root@r-42-VM:/etc/cloudstack# cat remoteaccessvpn.json
{
"10.147.30.117": {
"create": true,
"ip_range": "10.1.2.2-10.1.2.8",
"local_cidr": "10.1.1.0/24",
"local_ip": "10.1.2.1",
"preshared_key": "egwnGVGcuGUQ4g4tgpum3qmp",
"public_interface": "eth2",
"type": "remoteaccessvpn",
"vpn_server_ip": "10.147.30.117"
},
"id": "remoteaccessvpn"
}root@r-42-VM:/etc/cloudstack#
==========================================================
root@r-42-VM:/etc/cloudstack# cat vpnuserlist.json
{
"aaa": {
"add": true,
"password": "aaa",
"user": "aaa"
},
"abc": {
"add": true,
"password": "abc",
"user": "abc"
},
"id": "vpnuserlist"
}root@r-42-VM:/etc/cloudstack#
=================================================
Attached MS log .
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
