DeepthiMachiraju created CLOUDSTACK-9943: --------------------------------------------
Summary: Remote access VPN fails to establish from Windows Machine. Key: CLOUDSTACK-9943 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9943 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Affects Versions: 4.10.0.0 Reporter: DeepthiMachiraju Priority: Blocker Fix For: 4.10.0.0 Attachments: management-server.log - Create an isolated Network N1 and deploy a VM. - On the Source Nat IP enable Remote Access VPN. - Configure the VPN connection from a window machine by providing the Public IP of VR , TYpe of VPN : L2TP / IPSec and provide preshared key for authentication. - Try connecting by providing the VPN users details. Observation : Remote access VPn fails to establish . ============================================== Please find the relevant logs below : root@r-42-VM:/etc/cloudstack# ipsec --version Linux strongSwan U5.2.1/K3.2.0-4-amd64 Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil, Switzerland See 'ipsec --copyright' for copyright information. =================================================== root@r-42-VM:/etc/cloudstack# ipsec status Security Associations (0 up, 0 connecting): none ====================auth.log========================== Jun 6 09:54:44 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main Mode IKE_SA Jun 6 09:54:44 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[1] established between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32] Jun 6 09:54:44 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{1} established with SPIs c217d307_i dc6d5497_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:54:44 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{1} established with SPIs cbeda395_i 21bba84d_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:54:44 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs c217d307_i (0 bytes) dc6d5497_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:54:47 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{1} established with SPIs c9a8105d_i 28d44ba0_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:54:47 r-42-VM charon: 13[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs cbeda395_i (0 bytes) 21bba84d_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:54:51 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{1} established with SPIs ccd1db39_i 17c5c576_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:54:51 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs c9a8105d_i (0 bytes) 28d44ba0_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:54:59 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{1} established with SPIs c3dcf5e4_i 40af5f4d_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:54:59 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs ccd1db39_i (0 bytes) 17c5c576_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session closed for user root Jun 6 09:55:09 r-42-VM charon: 16[IKE] CHILD_SA L2TP-PSK{1} established with SPIs c8d60ec4_i f675adb5_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:55:09 r-42-VM charon: 05[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs c3dcf5e4_i (0 bytes) 40af5f4d_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:55:19 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs c8d60ec4_i (0 bytes) f675adb5_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:55:19 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[1] between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32] ====================auth.log========================== IPsec status when ike is established : root@r-42-VM:/etc/cloudstack# ipsec status Security Associations (1 up, 0 connecting): L2TP-PSK[3]: ESTABLISHED 31 seconds ago, 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32] L2TP-PSK{3}: INSTALLED, TRANSPORT, ESP in UDP SPIs: c6066660_i a020e46f_o L2TP-PSK{3}: 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] ====================daemon.log======================= Jun 6 09:57:03 r-42-VM charon: 14[NET] received packet: from 10.233.89.32[500] to 10.147.30.117[500] (384 bytes) Jun 6 09:57:03 r-42-VM charon: 14[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ] Jun 6 09:57:03 r-42-VM charon: 14[IKE] received MS NT5 ISAKMPOAKLEY vendor ID Jun 6 09:57:03 r-42-VM charon: 14[IKE] received NAT-T (RFC 3947) vendor ID Jun 6 09:57:03 r-42-VM charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Jun 6 09:57:03 r-42-VM charon: 14[IKE] received FRAGMENTATION vendor ID Jun 6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20 Jun 6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19 Jun 6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52 Jun 6 09:57:03 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main Mode IKE_SA Jun 6 09:57:03 r-42-VM charon: 14[ENC] generating ID_PROT response 0 [ SA V V V ] Jun 6 09:57:03 r-42-VM charon: 14[NET] sending packet: from 10.147.30.117[500] to 10.233.89.32[500] (136 bytes) Jun 6 09:57:03 r-42-VM charon: 15[NET] received packet: from 10.233.89.32[500] to 10.147.30.117[500] (388 bytes) Jun 6 09:57:03 r-42-VM charon: 15[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Jun 6 09:57:03 r-42-VM charon: 15[IKE] faking NAT situation to enforce UDP encapsulation Jun 6 09:57:03 r-42-VM charon: 15[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Jun 6 09:57:03 r-42-VM charon: 15[NET] sending packet: from 10.147.30.117[500] to 10.233.89.32[500] (372 bytes) Jun 6 09:57:03 r-42-VM charon: 16[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes) Jun 6 09:57:03 r-42-VM charon: 16[ENC] parsed ID_PROT request 0 [ ID HASH ] Jun 6 09:57:03 r-42-VM charon: 16[CFG] looking for pre-shared key peer configs matching 10.147.30.117...10.233.89.32[10.233.89.32] Jun 6 09:57:03 r-42-VM charon: 16[CFG] selected peer config "L2TP-PSK" Jun 6 09:57:03 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[2] established between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32] Jun 6 09:57:03 r-42-VM charon: 16[ENC] generating ID_PROT response 0 [ ID HASH ] Jun 6 09:57:03 r-42-VM charon: 16[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500] (76 bytes) Jun 6 09:57:03 r-42-VM charon: 04[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes) Jun 6 09:57:03 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:03 r-42-VM charon: 04[IKE] received 3600s lifetime, configured 0s Jun 6 09:57:03 r-42-VM charon: 04[IKE] received 250000000 lifebytes, configured 0 Jun 6 09:57:03 r-42-VM charon: 04[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:03 r-42-VM charon: 04[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes) Jun 6 09:57:03 r-42-VM charon: 03[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes) Jun 6 09:57:03 r-42-VM charon: 03[ENC] parsed QUICK_MODE request 1 [ HASH ] Jun 6 09:57:03 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{2} established with SPIs cbff1661_i 9c25b6cc_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:03 r-42-VM charon: 02[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes) Jun 6 09:57:03 r-42-VM charon: 02[ENC] parsed QUICK_MODE request 2 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:03 r-42-VM charon: 02[IKE] received 3600s lifetime, configured 0s Jun 6 09:57:03 r-42-VM charon: 02[IKE] received 250000000 lifebytes, configured 0 Jun 6 09:57:03 r-42-VM charon: 02[IKE] detected rekeying of CHILD_SA L2TP-PSK{2} Jun 6 09:57:03 r-42-VM charon: 02[ENC] generating QUICK_MODE response 2 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:03 r-42-VM charon: 02[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes) Jun 6 09:57:03 r-42-VM charon: 01[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes) Jun 6 09:57:03 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 2 [ HASH ] Jun 6 09:57:03 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{2} established with SPIs c25a7f96_i 0abe04de_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:03 r-42-VM charon: 11[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes) Jun 6 09:57:03 r-42-VM charon: 11[ENC] parsed INFORMATIONAL_V1 request 103224265 [ HASH D ] Jun 6 09:57:03 r-42-VM charon: 11[IKE] received DELETE for ESP CHILD_SA with SPI 9c25b6cc Jun 6 09:57:03 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs cbff1661_i (0 bytes) 9c25b6cc_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:06 r-42-VM charon: 06[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes) Jun 6 09:57:06 r-42-VM charon: 06[ENC] parsed QUICK_MODE request 3 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:06 r-42-VM charon: 06[IKE] received 3600s lifetime, configured 0s Jun 6 09:57:06 r-42-VM charon: 06[IKE] received 250000000 lifebytes, configured 0 Jun 6 09:57:06 r-42-VM charon: 06[IKE] detected rekeying of CHILD_SA L2TP-PSK{2} Jun 6 09:57:06 r-42-VM charon: 06[ENC] generating QUICK_MODE response 3 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:06 r-42-VM charon: 06[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes) Jun 6 09:57:06 r-42-VM charon: 12[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes) Jun 6 09:57:06 r-42-VM charon: 12[ENC] parsed QUICK_MODE request 3 [ HASH ] Jun 6 09:57:06 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{2} established with SPIs c9e9610c_i 83b1c870_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:06 r-42-VM charon: 12[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes) Jun 6 09:57:06 r-42-VM charon: 12[ENC] parsed INFORMATIONAL_V1 request 1590197566 [ HASH D ] Jun 6 09:57:06 r-42-VM charon: 12[IKE] received DELETE for ESP CHILD_SA with SPI 0abe04de Jun 6 09:57:06 r-42-VM charon: 12[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs c25a7f96_i (0 bytes) 0abe04de_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:10 r-42-VM charon: 05[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes) Jun 6 09:57:10 r-42-VM charon: 05[ENC] parsed QUICK_MODE request 4 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:10 r-42-VM charon: 05[IKE] received 3600s lifetime, configured 0s Jun 6 09:57:10 r-42-VM charon: 05[IKE] received 250000000 lifebytes, configured 0 Jun 6 09:57:10 r-42-VM charon: 05[IKE] detected rekeying of CHILD_SA L2TP-PSK{2} Jun 6 09:57:10 r-42-VM charon: 05[ENC] generating QUICK_MODE response 4 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:10 r-42-VM charon: 05[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes) Jun 6 09:57:10 r-42-VM charon: 04[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes) Jun 6 09:57:10 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 4 [ HASH ] Jun 6 09:57:10 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{2} established with SPIs cffce783_i 16ad4fef_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:10 r-42-VM charon: 03[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes) Jun 6 09:57:10 r-42-VM charon: 03[ENC] parsed INFORMATIONAL_V1 request 2703531821 [ HASH D ] Jun 6 09:57:10 r-42-VM charon: 03[IKE] received DELETE for ESP CHILD_SA with SPI 83b1c870 Jun 6 09:57:10 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs c9e9610c_i (0 bytes) 83b1c870_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:18 r-42-VM charon: 01[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes) Jun 6 09:57:18 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 5 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:18 r-42-VM charon: 01[IKE] received 3600s lifetime, configured 0s Jun 6 09:57:18 r-42-VM charon: 01[IKE] received 250000000 lifebytes, configured 0 Jun 6 09:57:18 r-42-VM charon: 01[IKE] detected rekeying of CHILD_SA L2TP-PSK{2} Jun 6 09:57:18 r-42-VM charon: 01[ENC] generating QUICK_MODE response 5 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:18 r-42-VM charon: 01[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes) Jun 6 09:57:18 r-42-VM charon: 11[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes) Jun 6 09:57:18 r-42-VM charon: 11[ENC] parsed QUICK_MODE request 5 [ HASH ] Jun 6 09:57:18 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{2} established with SPIs cd088e05_i 381bd68f_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:18 r-42-VM charon: 06[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes) Jun 6 09:57:18 r-42-VM charon: 06[ENC] parsed INFORMATIONAL_V1 request 4078387132 [ HASH D ] Jun 6 09:57:18 r-42-VM charon: 06[IKE] received DELETE for ESP CHILD_SA with SPI 16ad4fef Jun 6 09:57:18 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs cffce783_i (0 bytes) 16ad4fef_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:28 r-42-VM charon: 14[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes) Jun 6 09:57:28 r-42-VM charon: 14[ENC] parsed QUICK_MODE request 6 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:28 r-42-VM charon: 14[IKE] received 3600s lifetime, configured 0s Jun 6 09:57:28 r-42-VM charon: 14[IKE] received 250000000 lifebytes, configured 0 Jun 6 09:57:28 r-42-VM charon: 14[IKE] detected rekeying of CHILD_SA L2TP-PSK{2} Jun 6 09:57:28 r-42-VM charon: 14[ENC] generating QUICK_MODE response 6 [ HASH SA No ID ID NAT-OA NAT-OA ] Jun 6 09:57:28 r-42-VM charon: 14[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes) Jun 6 09:57:28 r-42-VM charon: 15[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes) Jun 6 09:57:28 r-42-VM charon: 15[ENC] parsed QUICK_MODE request 6 [ HASH ] Jun 6 09:57:28 r-42-VM charon: 15[IKE] CHILD_SA L2TP-PSK{2} established with SPIs cff9a578_i 93dc756b_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:28 r-42-VM charon: 16[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes) Jun 6 09:57:28 r-42-VM charon: 16[ENC] parsed INFORMATIONAL_V1 request 251215099 [ HASH D ] Jun 6 09:57:28 r-42-VM charon: 16[IKE] received DELETE for ESP CHILD_SA with SPI 381bd68f Jun 6 09:57:28 r-42-VM charon: 16[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs cd088e05_i (0 bytes) 381bd68f_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:38 r-42-VM charon: 02[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes) Jun 6 09:57:38 r-42-VM charon: 02[ENC] parsed INFORMATIONAL_V1 request 1078630831 [ HASH D ] Jun 6 09:57:38 r-42-VM charon: 02[IKE] received DELETE for ESP CHILD_SA with SPI 93dc756b Jun 6 09:57:38 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs cff9a578_i (0 bytes) 93dc756b_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f] Jun 6 09:57:38 r-42-VM charon: 01[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500] (92 bytes) Jun 6 09:57:38 r-42-VM charon: 01[ENC] parsed INFORMATIONAL_V1 request 1398070104 [ HASH D ] Jun 6 09:57:38 r-42-VM charon: 01[IKE] received DELETE for IKE_SA L2TP-PSK[2] Jun 6 09:57:38 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[2] between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32] ========================daemon.log========================= ========================l2tp.conf============================ root@r-42-VM:/etc/ipsec.d# cat l2tp.conf #ipsec remote access vpn configuration conn L2TP-PSK authby=psk pfs=no rekey=no keyingtries=3 keyexchange=ikev1 forceencaps=yes leftfirewall=yes leftnexthop=%defaultroute type=transport # # ---------------------------------------------------------- # The VPN server. # # Allow incoming connections on the external network interface. # If you want to use a different interface or if there is no # defaultroute, you can use: left=your.ip.addr.ess # left=10.147.30.117 # leftprotoport=17/1701 # If you insist on supporting non-updated Windows clients, # you can use: leftprotoport=17/%any # # ---------------------------------------------------------- # The remote user(s). # # Allow incoming connections only from this IP address. right=%any # If you want to allow multiple connections from any IP address, # you can use: right=%any # rightprotoport=17/%any # # ---------------------------------------------------------- # Change 'ignore' to 'add' to enable this configuration. # rightsubnetwithin=0.0.0.0/0 auto=add ========================l2tp.conf============================ root@r-42-VM:/etc/cloudstack# cat remoteaccessvpn.json { "10.147.30.117": { "create": true, "ip_range": "10.1.2.2-10.1.2.8", "local_cidr": "10.1.1.0/24", "local_ip": "10.1.2.1", "preshared_key": "egwnGVGcuGUQ4g4tgpum3qmp", "public_interface": "eth2", "type": "remoteaccessvpn", "vpn_server_ip": "10.147.30.117" }, "id": "remoteaccessvpn" }root@r-42-VM:/etc/cloudstack# ========================================================== root@r-42-VM:/etc/cloudstack# cat vpnuserlist.json { "aaa": { "add": true, "password": "aaa", "user": "aaa" }, "abc": { "add": true, "password": "abc", "user": "abc" }, "id": "vpnuserlist" }root@r-42-VM:/etc/cloudstack# ================================================= Attached MS log . -- This message was sent by Atlassian JIRA (v6.3.15#6346)