[jira] [Commented] (CLOUDSTACK-6747) Allowing non rfc1918 networks on the other end of VPC Site 2 Site VPN

Wed, 25 Jun 2014 08:18:18 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14043604#comment-14043604
 ] 

ASF subversion and git services commented on CLOUDSTACK-6747:
-------------------------------------------------------------

Commit 8d0f49adddc973de39aa48010e0ba64b8d46b9f2 in cloudstack's branch 
refs/heads/4.3 from [~dahn]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=8d0f49a ]

CLOUDSTACK-6747: call a more forgiving test on the supplied peer
cidr-list
(cherry picked from commit 17850c7aff432a504d65a34d2f22ca7e1952a770)

Conflicts:
        
api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
        server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java


> Allowing non rfc1918 networks on the other end of VPC Site 2 Site VPN
> ---------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6747
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6747
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server, Network Controller, Virtual Router
>    Affects Versions: 4.2.0, 4.3.0
>            Reporter: Erik Weber
>            Assignee: Daan Hoogland
>             Fix For: Future
>
>
> When you configure a Site 2 Site VPN Customer gateway the other end from 
> CloudStack point of view is not allowed to be outside rfc1918 address scope.
> There are use cases where the client / remote networks use official/public 
> addresses and you want to encrypt / secure the traffic with VPN.
> Log excerpt:
> 2014-05-21 12:30:42,326 WARN  [c.c.u.n.NetUtils] (API-Job-Executor-7:job-3072 
> ctx-bf3922b1) cidr 50.0.1.0/24 is not RFC 1918 compliant
> 2014-05-21 12:30:42,335 ERROR [c.c.a.ApiAsyncJobDispatcher] 
> (API-Job-Executor-7:job-3072) Unexpected exception while executing 
> org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd
> com.cloud.exception.InvalidParameterValueException: The customer gateway 
> guest cidr list 50.0.1.0/24 is invalid guest cidr!
> at 
> com.cloud.network.vpn.Site2SiteVpnManagerImpl.createCustomerGateway(Site2SiteVpnManagerImpl.java:176)
> Expected behavior is that guest cidr should be allowed as long as it's a 
> valid cidr, including if it's outside of RFC1918



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to