After working with a few different hardware VPN gateways in a few different configurations I've found there's a relatively simple component missing to allow us to easily support those other configurations. I've been able to get the networks to connect with some modifications in the VPC router VM, but it would be great if they would work within CloudStack's interface so that
The current /opt/cloud/bin/ipsectunnel.sh script includes the following options: Usage: ipsectunnel.sh: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime> -T <esp lifetime> -s <pre-shared secret> -d <dpd 0 or 1> I can modify it to include -L <left-side ID> and -R <right-side ID> which would add leftid=@<left-side ID> and rightid=@<right-side ID> to /etc/ipsec.d/ipsec.vpn-<right-side vpn peer>.conf and @<left-side ID> @<right-side ID>: PSK "<pre-shared secret>" to /etc/ipsec.d/ipsec.vpn-<right-side vpn peer>.secrets But, I'm not a Java dev so I'd need someone to help add the fields to the web interface and I'd need someone with experience to properly update the schema to add the new fields to the database. Any interest? Thanks, - Ian
