apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 6971: bring back l2tp port 1701

Browse Source
This commit is contained in:
Chiradeep Vittal 2010-11-17 18:43:08 -08:00
parent a7547846bf
commit c53e165eaa
4 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
View File

@ -1236,10 +1236,11 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR
args += " -p " + cmd.getPresharedKey();
args += " -s " + cmd.getVpnServerIp();
args += " -l " + cmd.getLocalIp();
args += " -c";
args += " -c ";
} else {
args += " -d";
args += " -d ";
args += " -s " + cmd.getVpnServerIp();
}
String result = callHostPlugin("vmops", "lt2p_vpn", "args", args);
if (result == null || result.isEmpty()) {

24
patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh
View File

@ -4,7 +4,7 @@
usage() {
printf "Usage:\n"
printf "Create VPN : %s -c -r <ip range for clients> -l <localip> -p <ipsec psk> -s <public ip> \n" $(basename $0)
printf "Delete VPN : %s -d \n" $(basename $0)
printf "Delete VPN : %s -d -s <public ip>\n" $(basename $0)
printf "Add VPN User : %s -u <username,password> \n" $(basename $0)
printf "Remote VPN User: %s -U <username \n" $(basename $0)
}
@ -16,19 +16,20 @@ get_intf_ip() {
iptables_() {
local op=$1
local public_ip=$2
local public_if="eth2"
local subnet_if="eth0"
local subnet_ip=$(get_intf_ip $subnet_if)
iptables $op INPUT -i $public_if -p udp -m udp --dport 500 -j ACCEPT
iptables $op INPUT -i $public_if -p udp -m udp --dport 4500 -j ACCEPT
iptables $op INPUT -i $public_if --dst $public_ip -p udp -m udp --dport 500 -j ACCEPT
iptables $op INPUT -i $public_if --dst $public_ip -p udp -m udp --dport 4500 -j ACCEPT
iptables $op INPUT -i $public_if --dst $public_ip -p udp -m udp --dport 1701 -j ACCEPT
iptables $op INPUT -i eth2 -p ah -j ACCEPT
iptables $op INPUT -i eth2 -p esp -j ACCEPT
iptables $op FORWARD -i ppp+ -o $subnet_if -j ACCEPT
iptables $op FORWARD -i $subnet_if -o ppp+ -j ACCEPT
iptables $op FORWARD -i ppp+ -o ppp+ -j ACCEPT
iptables $op INPUT -i ppp+ -m udp -p udp --dport 53 -j ACCEPT
iptables $op INPUT -i ppp+ -p udp -m udp --dport 1701 -j ACCEPT
iptables -t nat $op PREROUTING -i ppp+ -p udp -m udp --dport 53 -j DNAT --to-destination $subnet_ip
@ -50,19 +51,19 @@ ipsec_server() {
create_l2tp_ipsec_vpn_server() {
local ipsec_psk=$1
local server_ip=$2
local public_ip=$2
local client_range=$3
local local_ip=$4
sed -i -e "s/left=.*$/left=$server_ip/" /etc/ipsec.d/l2tp.conf
sed -i -e "s/left=.*$/left=$public_ip/" /etc/ipsec.d/l2tp.conf
echo ": PSK \"$ipsec_psk\"" > /etc/ipsec.d/ipsec.any.secrets
sed -i -e "s/^ip range = .*$/ip range = $client_range/" /etc/xl2tpd/xl2tpd.conf
sed -i -e "s/^local ip = .*$/local ip = $local_ip/" /etc/xl2tpd/xl2tpd.conf
sed -i -e "s/^ms-dns.*$/ms-dns $local_ip/" /etc/ppp/options.xl2tpd
iptables_ "-D"
iptables_ "-I"
iptables_ "-D" $public_ip
iptables_ "-I" $public_ip
ipsec_server "restart"
@ -71,10 +72,11 @@ create_l2tp_ipsec_vpn_server() {
}
destroy_l2tp_ipsec_vpn_server() {
local public_ip=$1
ipsec auto --down L2TP-PSK
iptables_ "-D"
iptables_ "-D" $public_ip
ipsec_server "stop"
}
@ -146,8 +148,8 @@ if [ "$create" == "1" ]; then
fi
if [ "$destroy" == "1" ]; then
destroy_l2tp_ipsec_vpn_server
exit $?
destroy_l2tp_ipsec_vpn_server $server_ip
exit $?
fi
if [ "$useradd" == "1" ]; then

9
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -2768,6 +2768,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
if (!existing.isEmpty()) {
throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_NATT_PORT + " is configured for destination NAT");
}
existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_L2TP_PORT, NetUtils.UDP_PROTO);
if (!existing.isEmpty()) {
throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_L2TP_PORT + " is configured for destination NAT");
}
if (_rulesDao.isPublicIpOneToOneNATted(publicIp)) {
throw new InvalidParameterValueException("Public Ip " + publicIp + " is configured for destination NAT");
}
@ -2775,7 +2779,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
vpnVO = _remoteAccessVpnDao.persist(vpnVO);
FirewallRuleVO rule = new FirewallRuleVO(null, null, publicIp, NetUtils.VPN_PORT, guestIpRange[0], NetUtils.VPN_PORT, true, NetUtils.UDP_PROTO, false, null);
_rulesDao.persist(rule);
rule = new FirewallRuleVO(null, null, publicIp, NetUtils.VPN_NATT_PORT, guestIpRange[0], NetUtils.VPN_PORT, true, NetUtils.UDP_PROTO, false, null);
rule = new FirewallRuleVO(null, null, publicIp, NetUtils.VPN_NATT_PORT, guestIpRange[0], NetUtils.VPN_NATT_PORT, true, NetUtils.UDP_PROTO, false, null);
_rulesDao.persist(rule);
rule = new FirewallRuleVO(null, null, publicIp, NetUtils.VPN_L2TP_PORT, guestIpRange[0], NetUtils.VPN_L2TP_PORT, true, NetUtils.UDP_PROTO, false, null);
_rulesDao.persist(rule);
txn.commit();
return vpnVO;
@ -2855,6 +2861,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
_remoteAccessVpnDao.remove(vpnId);
_rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_PORT);
_rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_NATT_PORT);
_rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_L2TP_PORT);
EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleted Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId());
} else {
EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Unable to delete Remote Access VPN ", account.getAccountName() + " in zone " + cmd.getZoneId());

2
utils/src/com/cloud/utils/net/NetUtils.java
View File

@ -44,6 +44,8 @@ public class NetUtils {
public final static String HTTP_PORT = "80";
public final static String VPN_PORT = "500";
public final static String VPN_NATT_PORT = "4500";
public final static String VPN_L2TP_PORT = "1701";
public final static String UDP_PROTO = "udp";
public final static String TCP_PROTO = "tcp";