Hi, As far as I know, when creating a site 2 site VPN, you can only specify the remote networks. The local network is always set to the whole VPC CIDR. Or am I wrong?
Regards
Daniel
On 07.03.18, 12:39, "Rafael Weingärtner" <rafaelweingart...@gmail.com> wrote:
I agree with you. I was not aware of that link in ACS website. I already
created a task for myself to fix that.
I thought the VPC CIDR was used only as a logical value internally in ACS.
However, as you pointed out, you can create a VPN to the whole VPC. Then,
yes, a restart would be required.
On Wed, Mar 7, 2018 at 8:33 AM, <daniel.herrm...@zv.fraunhofer.de> wrote:
> Hi,
>
> Maybe we could link to the Apache search system at the page listing the
> Cloudstack Mailing-Lists: https://cloudstack.apache.org/mailing-lists.html
>
> If you click on the list there, you get to http://mail-archives.apache.
> org/mod_mbox/cloudstack-users/. Then there is markmail linked and the
> https://lists.apache.org/list.html?users@cloudstack.apache.org link you
> shared (which btw looks best to me, thanks).
>
> The tiers are going to stay as they are currently. I guess the CIDR is
> used in the Strongswan VPN configuration as local network, so I guess a
> restart might be required.
>
> Other thoughts?
>
> Thanks
> Daniel
>
> On 07.03.18, 12:25, "Rafael Weingärtner" <rafaelweingart...@gmail.com>
> wrote:
>
> MarkMail is not an Apache's system. If you want an Apache's system to
> search mailing lists you can use:
> https://lists.apache.org/list.html?d...@cloudstack.apache.org.
>
> Do you intend on changing the Tiers CIDR as well? If it is only the
> VPC,
> you might not even need to restart with a cleanup. Of course, it is
> always
> a good practice to test before applying in production.
>
> On Wed, Mar 7, 2018 at 8:07 AM, <daniel.herrm...@zv.fraunhofer.de>
> wrote:
>
> > Hi all,
> >
> >
> >
> > First of all: when trying to search the lists on MarkMail (
> > https://cloudstack.apache.org/mailing-lists.html) I get a warning
> that
> > the entered information will be transmitted insecurely (no HTTPs).
> If I
> > accept that, MarkMail redirects back to HTTPs but does not present a
> valid
> > certificate (unknown issuer, Firefox 58.0.2
> >
> >
> >
> > Now, to the question:
> >
> >
> >
> > We have a VPC with a pretty large CIDR (172.19.0.0/16), which
> however
> > only has tiers in the upper half (172.19.128.0/17). We now would
> like to
> > reduce the VPC CIDR. Is it safe to edit this in the database and
> then do a
> > VPC restart with cleanup? Anything else to consider?
> >
> >
> >
> > We use VPN s2s tunnel, so I guess we need to change the remote
> subnet on
> > the other VPN endpoints, but other than that?
> >
> >
> >
> > Is it possible like that, any problems to expect?
> >
> >
> >
> > Thanks and regards
> >
> > Daniel
>
>
--
Rafael Weingärtner
smime.p7s
Description: S/MIME cryptographic signature
