Skip to content

[4.7] FIX Site2SiteVPN on redundant VPC #1276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
asfgit merged 6 commits into from
Jan 16, 2016
Merged

[4.7] FIX Site2SiteVPN on redundant VPC #1276

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
dfa924b
FIX VPN: non-working ipsec commands
Dec 21, 2015
fd83ca0
Make integration/smoke/test_vpc_vpn Hypervisor independant
Dec 22, 2015
a42b046
Add S2S VPN test for Redundant VPC
Dec 22, 2015
ecc8cc0
PEP8 of integration/smoke/test_vpc_vpn
Dec 22, 2015
230c9cf
FIX S2S VPN rVPC: Check only redundant routers in state MASTER
Dec 22, 2015
435a98c
Fix unable to setup more than one Site2Site VPN Connection
Jan 12, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -907,6 +907,9 @@ protected void updateSite2SiteVpnConnectionState(final List<DomainRouterVO> rout
if (conns == null || conns.isEmpty()) {
continue;
}
if (router.getIsRedundantRouter() && router.getRedundantState() != RedundantState.MASTER){
continue;
}
if (router.getState() != VirtualMachine.State.Running) {
for (final Site2SiteVpnConnectionVO conn : conns) {
if (conn.getState() != Site2SiteVpnConnection.State.Error) {
Expand Down
20 changes: 12 additions & 8 deletions systemvm/patches/debian/config/opt/cloud/bin/configure.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -462,16 +462,20 @@ def process(self):
if m:
self.confips.append(m.group(1))

for public_ip in self.dbag:
if public_ip == "id":
for vpn in self.dbag:
if vpn == "id":
continue
dev = CsHelper.get_device(public_ip)

local_ip = self.dbag[vpn]['local_public_ip']
dev = CsHelper.get_device(local_ip)

if dev == "":
logging.error("Request for ipsec to %s not possible because ip is not configured", public_ip)
logging.error("Request for ipsec to %s not possible because ip is not configured", local_ip)
continue

CsHelper.start_if_stopped("ipsec")
self.configure_iptables(dev, self.dbag[public_ip])
self.configure_ipsec(self.dbag[public_ip])
self.configure_iptables(dev, self.dbag[vpn])
self.configure_ipsec(self.dbag[vpn])

# Delete vpns that are no longer in the configuration
for ip in self.confips:
Expand Down Expand Up @@ -538,9 +542,9 @@ def configure_ipsec(self, obj):
file.commit()
logging.info("Configured vpn %s %s", leftpeer, rightpeer)
CsHelper.execute("ipsec auto --rereadall")
CsHelper.execute("ipsec --add vpn-%s" % rightpeer)
CsHelper.execute("ipsec auto --add vpn-%s" % rightpeer)
if not obj['passive']:
CsHelper.execute("ipsec --up vpn-%s" % rightpeer)
CsHelper.execute("ipsec auto --up vpn-%s" % rightpeer)
os.chmod(vpnsecretsfile, 0o400)

def convert_sec_to_h(self, val):
Expand Down
2 changes: 1 addition & 1 deletion systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@


def merge(dbag, vpn):
key = vpn['local_public_ip']
key = vpn['peer_gateway_ip']
op = vpn['create']
if key in dbag.keys() and not op:
del(dbag[key])
Expand Down
Loading