mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
systemvm: Fix C2S VPN in parallel to S2S VPN (#6907)
PR #5375, introduced in version 4.15.2.0, removed parameter %any of VPNs client-to-site (C2S) IPSec secrets: structure before PR vr: ipsec/l2tp vpn secret with no ID selectors #5375: <IP> %any : PSK "<PSK>" structure after PR vr: ipsec/l2tp vpn secret with no ID selectors #5375: <IP> : PSK "<PSK>" Because of that, when a VPN site-so-site (S2S) is created in parallel to a VPN C2S in the same network, the C2S will not handle any IP (%any) anymore and, as the network is being tunneled to the other VPN, the connection will be handled by the final peer. This way, when a VPN S2S is created in parallel to a VPN C2S in the same network, it is only possible to connect to the C2S with the S2S PSK. As ACS is only able to implement a single C2S per network (ACS allows setting more than one IP of the network as VPN, however, only the first will be implemented) and every S2S has its own secret file, the secrets structure of C2S was changed to contain only the PSK: : PSK "<PSK>" By doing that, StrongSwan will handle correctly C2S connections from any IP and still will use the correct PSK for S2S. Co-authored-by: GutoVeronezi <daniel@scclouds.com.br>
This commit is contained in:
Daniel Augusto Veronezi Salvador
GitHub
parent
47946db888
commit
cf32f77e3d
@ -999,7 +999,7 @@ class CsRemoteAccessVpn(CsDataBag):
|
||||
|
||||
secret = CsFile(vpnsecretfilte)
|
||||
secret.empty()
|
||||
secret.addeq("%s : PSK \"%s\"" % (left, psk))
|
||||
secret.addeq(": PSK \"%s\"" % (psk))
|
||||
secret.commit()
|
||||
|
||||
xl2tpdconf = CsFile(xl2tpdconffile)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user