Chandan Purushothama created CLOUDSTACK-5297:
------------------------------------------------
Summary: RemoteVPNonVPC : VPN Access is not respecting the ACL
INBOUND chain rules of the Network Tiers
Key: CLOUDSTACK-5297
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5297
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Affects Versions: 4.3.0
Reporter: Chandan Purushothama
Priority: Critical
Fix For: 4.3.0
Remote VPN Access to a VPC is not respecting the ACL INBOUND chain rules of the
Network Tiers in the VPC.
Steps to Reproduce:
1. Deploy a VPC with a network tier in it. Deploy a VM in the network tier.
Locate router/public ip for the VPC and enable Remote access vpn on it.
2. note preshared key
3. create a vpn user using addVpnUser API(using valid username and password)
4. from a standalone linux machine configure vpn to point to public ip address
5. Add a DENY ACL Rule on ALL protocols to network tier's ACL List such that it
blocks ssh access to the client's network.
6. ssh (using putty or any other terminal client) to the vm in network tier
provisioned earlier.
I am able to successfully ssh into the VM inspite of the DROP rules in the ACL
INBOUND chain
--
This message was sent by Atlassian JIRA
(v6.1#6144)
