I took another look at the FS
http://wiki.cloudstack.org/display/DesignDocs/Site-to-site+VPN+functional+spec
And the test suite
http://wiki.cloudstack.org/display/QA/Site-to-Site+VPN
1. It isn't clear if we are going to use pre-shared keys (PSK) or public-key
(RSA keys)
* If PSK, who generates this and what is the strength of this key?
* Can this PSK be changed / revoked ?
2. Why is this restricted to admin only?
3. Does this require "conserve mode = true" ?
4. Is NAT traversal supported?
5. FS and test suite in my mind should cover FCAPS (faults, configuration,
administration, performance, security)
* How do you deal with faults? What happens when the VR is restarted?
What happens if VR gets disconnected from the remote end?
* The API parameters and responses need to be more completely documented.
* If a user complains that his s-2-s VPN is not working / used to work
but does not now, how can customer support diagnose this problem?
* How well does this perform: what is the target throughput and what is
the size (RAM/CPU) needed to achieve this performance?
* Is there a need for a later kernel on the VR for AES support?
* How secure is this implementation? Can the PSK be guessed? Are the
latest security patches for OpenSwan available in the VR?
