Hi all, While I haven’t investigated this issue, it does sound similar to what I fixed in Cosmic (our fork) last month.
This code does a down/up of the VPN connection: https://github.com/apache/cloudstack/blob/master/systemvm/patches/debian/config/opt/cloud/bin/configure.py#L547-L548 We found that to be impacting. Since we have auto=start in the config file already, we only have to reload the config and ipsec will take care of the rest on its own. Fast & easy! Most of all, no more unneeded restarts. Simply put: just remove the stop/start lines as it is not needed. The code is also hit when non-VPN changes are made, so that’s probably why people report that another change causes it to disconnect. This is how we fixed it: https://github.com/MissionCriticalCloud/cosmic/pull/339/commits/5ee5e70894a321f4d633c836e0bacef481b2b9af Hope this gives some inspiration and a possible solution. Regards, Remi On 24/04/2017, 17:50, "[email protected] on behalf of Will Stevens" <[email protected] on behalf of [email protected]> wrote: Working on it now, I will let you know when I have a fix. *Will STEVENS* Lead Developer <https://goo.gl/NYZ8KK> On Mon, Apr 24, 2017 at 11:34 AM, Haijiao <[email protected]> wrote: > Hi Will > > Any progress about this issue ? > > tks > > > Sent from my mobile > > --------- 转发的邮件 --------- > 发件人: Haijiao <[email protected]> > 发送日期: 2017年04月14日 23:21 > 收件人: dev <[email protected]> > 抄送人: > 主题: Re:Re: [4.10] VPN disconnected while network changes taken > Sure, Karuturi > > Logged a bug in Jira, thanks! > > CLOUDSTACK-9878 Remote Access VPN that losing connection when new network > configs are introduced > https://issues.apache.org/jira/browse/CLOUDSTACK-9878 > > > > 在2017年04月14 13时14分, "Rajani Karuturi"<[email protected]>写道: > > > Hi Haijiao, > > Thanks for testing. Can you log a bug for this please? It can be > a blocker for 4.10. > > @Will, > > Did you get a chance to take a look at this issue? > > Thanks, > > ~ Rajani > > http://cloudplatform.accelerite.com/ > > On April 12, 2017 at 7:12 AM, Will Stevens > ([email protected]) wrote: > > Thanks, I will have a look. > > *Will STEVENS* > Lead Developer > > <https://goo.gl/NYZ8KK> > > On Tue, Apr 11, 2017 at 8:58 PM, Haijiao <[email protected]> > wrote: > > HI, Will > It's a Remote Access VPN that losing connection while new > network configs > introduced. > Thanks ! > > 在2017年04月12 02时26分, "Will Stevens"<[email protected]>写道: > > Is this a Site-to-Site VPN connection or the Remote Access VPN > that is > losing connection when new network configs are introduced? > > Thanks, > > *Will STEVENS* > Lead Developer > > <https://goo.gl/NYZ8KK> > > On Sat, Apr 8, 2017 at 12:49 AM, Haijiao <[email protected]> > wrote: > > Hi, > > We built and tested the ACS 4.10 from the latest master (Apr.7, > 2017) > > Our environment is, > - ACS: 4.10.0.0-SNAPSHOT > - Management Server: Centos7.2 1151 > - Host: Centos7.2 1151 > - System VM: systemvm64template-master-4.10.0-kvm.qcow2.bz2 > - Network: Isolated Network > - Network Offering: Offering for Isolated networks with Source > Nat > > service > > enabled > > We can successfully setup VPN and it works as expected. However, > once > > we > > take any network changes below, the VPN connnection will be > immediately > disconnected. > > - Update firewall rules (add/change) > - Update port fowarding > - Update LB > - Add one more VPN account > > Is there some configuration we missed ? Or it's due to the new > VPN > component (StrongSWAN) introcuced in 4.10 ? > > > > > > >
