diff --git a/api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java b/api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java index 6e438f27fda..f9ec641ff15 100644 --- a/api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java +++ b/api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java @@ -11,7 +11,9 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand { private String ipsecPsk; private String ikePolicy; private String espPolicy; - private long lifetime; + private long ikeLifetime; + private long espLifetime; + private boolean dpd; @Override public boolean executeInSequence() { @@ -22,8 +24,8 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand { this.create = false; } - public Site2SiteVpnCfgCommand (boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr, - String peerGatewayIp, String peerGuestCidrList, String ikePolicy, String espPolicy, long lifetime, String ipsecPsk) { + public Site2SiteVpnCfgCommand (boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr, String peerGatewayIp, + String peerGuestCidrList, String ikePolicy, String espPolicy, String ipsecPsk, Long ikeLifetime, Long espLifetime, Boolean dpd) { this.create = create; this.setLocalPublicIp(localPublicIp); this.setLocalPublicGateway(localPublicGateway); @@ -33,7 +35,9 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand { this.ipsecPsk = ipsecPsk; this.ikePolicy = ikePolicy; this.espPolicy = espPolicy; - this.lifetime = lifetime; + this.ikeLifetime = ikeLifetime; + this.espLifetime = espLifetime; + this.dpd = dpd; } public boolean isCreate() { @@ -68,12 +72,28 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand { this.espPolicy = espPolicy; } - public long getLifetime() { - return lifetime; + public long getIkeLifetime() { + return ikeLifetime; } - public void setLifetime(long lifetime) { - this.lifetime = lifetime; + public void setikeLifetime(long ikeLifetime) { + this.ikeLifetime = ikeLifetime; + } + + public long getEspLifetime() { + return espLifetime; + } + + public void setEspLifetime(long espLifetime) { + this.espLifetime = espLifetime; + } + + public Boolean getDpd() { + return dpd; + } + + public void setDpd(Boolean dpd) { + this.dpd = dpd; } public String getLocalPublicIp() { diff --git a/api/src/com/cloud/api/ApiConstants.java b/api/src/com/cloud/api/ApiConstants.java index 9971d058988..7dd885cfe99 100755 --- a/api/src/com/cloud/api/ApiConstants.java +++ b/api/src/com/cloud/api/ApiConstants.java @@ -371,7 +371,9 @@ public class ApiConstants { public static final String REMOVED = "removed"; public static final String IKE_POLICY = "ikepolicy"; public static final String ESP_POLICY = "esppolicy"; - public static final String LIFETIME = "lifetime"; + public static final String IKE_LIFETIME = "ikelifetime"; + public static final String ESP_LIFETIME = "esplifetime"; + public static final String DPD = "dpd"; public static final String FOR_VPC = "forvpc"; public static final String SOURCE = "source"; public static final String COUNTER_ID = "counterid"; diff --git a/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java b/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java index e29a4f75079..bfb39fd43f5 100644 --- a/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java +++ b/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java @@ -54,8 +54,14 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd { @Parameter(name=ApiConstants.ESP_POLICY, type=CommandType.STRING, required=true, description="ESP policy of the customer gateway") private String espPolicy; - @Parameter(name=ApiConstants.LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of vpn connection to the customer gateway, in seconds") - private Long lifetime; + @Parameter(name=ApiConstants.IKE_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 1 VPN connection to the customer gateway, in seconds") + private Long ikeLifetime; + + @Parameter(name=ApiConstants.ESP_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 2 VPN connection to the customer gateway, in seconds") + private Long espLifetime; + + @Parameter(name=ApiConstants.DPD, type=CommandType.BOOLEAN, required=false, description="If DPD is enabled for VPN connection") + private Boolean dpd; @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the gateway. Must be used with the domainId parameter.") private String accountName; @@ -97,8 +103,16 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd { return espPolicy; } - public Long getLifetime() { - return lifetime; + public Long getIkeLifetime() { + return ikeLifetime; + } + + public Long getEspLifetime() { + return espLifetime; + } + + public Boolean getDpd() { + return dpd; } public String getAccountName() { diff --git a/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java b/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java index 28f5a908429..70390c53454 100644 --- a/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java +++ b/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java @@ -55,8 +55,14 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd { @Parameter(name=ApiConstants.ESP_POLICY, type=CommandType.STRING, required=true, description="ESP policy of the customer gateway") private String espPolicy; - @Parameter(name=ApiConstants.LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of vpn connection to the customer gateway, in seconds") - private Long lifetime; + @Parameter(name=ApiConstants.IKE_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 1 VPN connection to the customer gateway, in seconds") + private Long ikeLifetime; + + @Parameter(name=ApiConstants.ESP_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 2 VPN connection to the customer gateway, in seconds") + private Long espLifetime; + + @Parameter(name=ApiConstants.DPD, type=CommandType.BOOLEAN, required=false, description="If DPD is enabled for VPN connection") + private Boolean dpd; @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the gateway. Must be used with the domainId parameter.") private String accountName; @@ -98,8 +104,16 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd { return espPolicy; } - public Long getLifetime() { - return lifetime; + public Long getIkeLifetime() { + return ikeLifetime; + } + + public Long getEspLifetime() { + return espLifetime; + } + + public Boolean getDpd() { + return dpd; } ///////////////////////////////////////////////////// diff --git a/api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java b/api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java index 0b5d286dce6..d896863cae6 100644 --- a/api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java +++ b/api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java @@ -45,8 +45,14 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co @SerializedName(ApiConstants.ESP_POLICY) @Param(description="IPsec policy of customer gateway") private String espPolicy; - @SerializedName(ApiConstants.LIFETIME) @Param(description="Lifetime of IKE and IPsec policy of customer gateway") - private Long lifetime; + @SerializedName(ApiConstants.IKE_LIFETIME) @Param(description="Lifetime of IKE SA of customer gateway") + private Long ikeLifetime; + + @SerializedName(ApiConstants.ESP_LIFETIME) @Param(description="Lifetime of ESP SA of customer gateway") + private Long espLifetime; + + @SerializedName(ApiConstants.DPD) @Param(description="if DPD is enabled for customer gateway") + private Boolean dpd; @SerializedName(ApiConstants.ACCOUNT) @Param(description="the owner") private String accountName; @@ -98,8 +104,16 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co this.espPolicy = espPolicy; } - public void setLifetime(Long lifetime) { - this.lifetime = lifetime; + public void setIkeLifetime(Long ikeLifetime) { + this.ikeLifetime = ikeLifetime; + } + + public void setEspLifetime(Long espLifetime) { + this.espLifetime = espLifetime; + } + + public void setDpd(Boolean dpd) { + this.dpd= dpd; } public void setRemoved(Date removed) { diff --git a/api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java b/api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java index a167711690b..9fe68d9ba10 100644 --- a/api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java +++ b/api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java @@ -48,8 +48,14 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont @SerializedName(ApiConstants.ESP_POLICY) @Param(description="ESP policy of the customer gateway") //from CustomerGateway private String espPolicy; - @SerializedName(ApiConstants.LIFETIME) @Param(description="Lifetime of vpn connection to the customer gateway, in seconds") //from CustomerGateway - private Long lifetime; + @SerializedName(ApiConstants.IKE_LIFETIME) @Param(description="Lifetime of IKE SA of customer gateway") //from CustomerGateway + private Long ikeLifetime; + + @SerializedName(ApiConstants.ESP_LIFETIME) @Param(description="Lifetime of ESP SA of customer gateway") //from CustomerGateway + private Long espLifetime; + + @SerializedName(ApiConstants.DPD) @Param(description="if DPD is enabled for customer gateway") //from CustomerGateway + private Boolean dpd; @SerializedName(ApiConstants.STATE) @Param(description="State of vpn connection") private String state; @@ -111,9 +117,17 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont this.espPolicy = espPolicy; } - public void setLifetime(Long lifetime) { - this.lifetime = lifetime; - } + public void setIkeLifetime(Long ikeLifetime) { + this.ikeLifetime = ikeLifetime; + } + + public void setEspLifetime(Long espLifetime) { + this.espLifetime = espLifetime; + } + + public void setDpd(Boolean dpd) { + this.dpd= dpd; + } public void setState(String state) { this.state = state; diff --git a/api/src/com/cloud/network/Site2SiteCustomerGateway.java b/api/src/com/cloud/network/Site2SiteCustomerGateway.java index 29f580f18ba..623721b0f82 100644 --- a/api/src/com/cloud/network/Site2SiteCustomerGateway.java +++ b/api/src/com/cloud/network/Site2SiteCustomerGateway.java @@ -11,7 +11,9 @@ public interface Site2SiteCustomerGateway extends ControlledEntity { public String getIpsecPsk(); public String getIkePolicy(); public String getEspPolicy(); - public Long getLifetime(); + public Long getIkeLifetime(); + public Long getEspLifetime(); + public Boolean getDpd(); public Date getRemoved(); String getName(); } diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java index f09f23b65e7..936608c8b9e 100755 --- a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java +++ b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java @@ -592,9 +592,17 @@ public class VirtualRoutingResource implements Manager { args += " -i "; args += "\"" + cmd.getIkePolicy() + "\""; args += " -t "; - args += Long.toString(cmd.getLifetime()); + args += Long.toString(cmd.getIkeLifetime()); + args += " -T "; + args += Long.toString(cmd.getEspLifetime()); args += " -s "; args += "\"" + cmd.getIpsecPsk() + "\""; + args += " -d "; + if (cmd.getDpd()) { + args += "1"; + } else { + args += "0"; + } } else { args = "-D"; args += " -r "; diff --git a/core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java b/core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java index bb3b86d4b05..23b0a642233 100755 --- a/core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java +++ b/core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java @@ -1136,9 +1136,17 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa args += " -i "; args += "\"" + cmd.getIkePolicy() + "\""; args += " -t "; - args += Long.toString(cmd.getLifetime()); + args += Long.toString(cmd.getIkeLifetime()); + args += " -T "; + args += Long.toString(cmd.getEspLifetime()); args += " -s "; args += "\"" + cmd.getIpsecPsk() + "\""; + args += " -d "; + if (cmd.getDpd()) { + args += "1"; + } else { + args += "0"; + } } else { args += " -D"; args += " -r "; diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index d10fc9781e2..933182804a7 100644 --- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -7391,9 +7391,17 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe args += " -i "; args += "\"" + cmd.getIkePolicy() + "\""; args += " -t "; - args += Long.toString(cmd.getLifetime()); + args += Long.toString(cmd.getIkeLifetime()); + args += " -T "; + args += Long.toString(cmd.getEspLifetime()); args += " -s "; args += "\"" + cmd.getIpsecPsk() + "\""; + args += " -d "; + if (cmd.getDpd()) { + args += "1"; + } else { + args += "0"; + } } else { args += " -D"; args += " -r "; diff --git a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh index 15eb4c2f7ad..74d31191804 100755 --- a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh +++ b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh @@ -23,7 +23,7 @@ vpnconfdir="/etc/ipsec.d" vpnoutmark="0x525" usage() { - printf "Usage: %s: (-A|-D) -l -n -g -r -N -e -i -t -s \n" $(basename $0) >&2 + printf "Usage: %s: (-A|-D) -l -n -g -r -N -e -i -t -T -s -d \n" $(basename $0) >&2 } #set -x @@ -122,7 +122,7 @@ ipsec_tunnel_add() { logger -t cloud "$(basename $0): creating configuration for ipsec tunnel: left peer=$leftpeer \ left net=$leftnet left gateway=$leftgw right peer=$rightpeer right network=$rightnets phase1 policy=$ikepolicy \ - phase2 policy=$esppolicy lifetime=$time secret=$secret" + phase2 policy=$esppolicy secret=$secret" [ "$op" == "-A" ] && ipsec_tunnel_del @@ -137,20 +137,23 @@ ipsec_tunnel_add() { sudo echo " type=tunnel" >> $vpnconffile && sudo echo " authby=secret" >> $vpnconffile && sudo echo " keyexchange=ike" >> $vpnconffile && - sudo echo " pfs=no" >> $vpnconffile && - sudo echo " esp=$esppolicy" >> $vpnconffile && - sudo echo " salifetime=${time}s" >> $vpnconffile && sudo echo " ike=$ikepolicy" >> $vpnconffile && - sudo echo " ikelifetime=${time}s" >> $vpnconffile && + sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile && + sudo echo " esp=$esppolicy" >> $vpnconffile && + sudo echo " salifetime=${esplifetime}s" >> $vpnconffile && + sudo echo " pfs=no" >> $vpnconffile && sudo echo " keyingtries=3" >> $vpnconffile && - sudo echo " dpddelay=30" >> $vpnconffile && - sudo echo " dpdtimeout=120" >> $vpnconffile && - sudo echo " dpdaction=restart" >> $vpnconffile && sudo echo " auto=add" >> $vpnconffile && sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile && - sudo chmod 0400 $vpnsecretsfile + if [ $dpd -ne 0 ] + then + sudo echo " dpddelay=30" >> $vpnconffile && + sudo echo " dpdtimeout=120" >> $vpnconffile && + sudo echo " dpdaction=restart" >> $vpnconffile + fi + enable_iptables_subnets sudo ipsec auto --rereadall @@ -192,7 +195,7 @@ Iflag= sflag= op="" -while getopts 'ADl:n:g:r:N:e:i:t:s:' OPTION +while getopts 'ADl:n:g:r:N:e:i:t:T:s:d:' OPTION do case $OPTION in A) opflag=1 @@ -223,11 +226,17 @@ do ikepolicy="$OPTARG" ;; t) tflag=1 - time="$OPTARG" + ikelifetime="$OPTARG" + ;; + T) Tflag=1 + esplifetime="$OPTARG" ;; s) sflag=1 secret="$OPTARG" ;; + d) dflag=1 + dpd="$OPTARG" + ;; ?) usage unlock_exit 2 $lock $locked ;; diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index 3395a29c697..81b0901d86a 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -3927,7 +3927,9 @@ public class ApiResponseHelper implements ResponseGenerator { response.setIpsecPsk(result.getIpsecPsk()); response.setIkePolicy(result.getIkePolicy()); response.setEspPolicy(result.getEspPolicy()); - response.setLifetime(result.getLifetime()); + response.setIkeLifetime(result.getIkeLifetime()); + response.setEspLifetime(result.getEspLifetime()); + response.setDpd(result.getDpd()); response.setRemoved(result.getRemoved()); response.setObjectName("vpncustomergateway"); @@ -3962,7 +3964,9 @@ public class ApiResponseHelper implements ResponseGenerator { response.setIpsecPsk(customerGateway.getIpsecPsk()); response.setIkePolicy(customerGateway.getIkePolicy()); response.setEspPolicy(customerGateway.getEspPolicy()); - response.setLifetime(customerGateway.getLifetime()); + response.setIkeLifetime(customerGateway.getIkeLifetime()); + response.setEspLifetime(customerGateway.getEspLifetime()); + response.setDpd(customerGateway.getDpd()); } populateAccount(response, result.getAccountId()); diff --git a/server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java b/server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java index 573d5f1445b..1a46f4c7695 100644 --- a/server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java +++ b/server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java @@ -41,8 +41,14 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway { @Column(name="esp_policy") private String espPolicy; - @Column(name="lifetime") - private long lifetime; + @Column(name="ike_lifetime") + private long ikeLifetime; + + @Column(name="esp_lifetime") + private long espLifetime; + + @Column(name="dpd") + private boolean dpd; @Column(name="domain_id") private Long domainId; @@ -55,14 +61,17 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway { public Site2SiteCustomerGatewayVO() { } - public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy, String espPolicy, long lifetime) { + public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy, String espPolicy, + long ikeLifetime, long espLifetime, boolean dpd) { this.name = name; this.gatewayIp = gatewayIp; this.guestCidrList = guestCidrList; this.ipsecPsk = ipsecPsk; this.ikePolicy = ikePolicy; this.espPolicy = espPolicy; - this.lifetime = lifetime; + this.ikeLifetime = ikeLifetime; + this.espLifetime = espLifetime; + this.dpd = dpd; this.uuid = UUID.randomUUID().toString(); this.accountId = accountId; this.domainId = domainId; @@ -119,12 +128,21 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway { } @Override - public Long getLifetime() { - return lifetime; + public Long getIkeLifetime() { + return ikeLifetime; } - public void setLifetime(long lifetime) { - this.lifetime = lifetime; + public void setIkeLifetime(long ikeLifetime) { + this.ikeLifetime = ikeLifetime; + } + + @Override + public Long getEspLifetime() { + return espLifetime; + } + + public void setEspLifetime(long espLifetime) { + this.espLifetime = espLifetime; } @Override @@ -145,6 +163,15 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway { this.espPolicy = espPolicy; } + @Override + public Boolean getDpd() { + return dpd; + } + + public void setDpd(boolean dpd) { + this.dpd = dpd; + } + public String getUuid() { return uuid; } diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 2d36e751a31..ba25d7256f1 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -908,8 +908,10 @@ VirtualMachineGuru, Listener { } if (router.getState() != State.Running) { for (Site2SiteVpnConnectionVO conn : conns) { - conn.setState(Site2SiteVpnConnection.State.Disconnected); - _s2sVpnConnectionDao.persist(conn); + if (conn.getState() != Site2SiteVpnConnection.State.Error) { + conn.setState(Site2SiteVpnConnection.State.Disconnected); + _s2sVpnConnectionDao.persist(conn); + } } continue; } diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java index 947ea278086..5c07efa078d 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java @@ -1135,10 +1135,12 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian String ipsecPsk = gw.getIpsecPsk(); String ikePolicy = gw.getIkePolicy(); String espPolicy = gw.getEspPolicy(); - Long lifetime = gw.getLifetime(); + Long ikeLifetime = gw.getIkeLifetime(); + Long espLifetime = gw.getEspLifetime(); + Boolean dpd = gw.getDpd(); Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(isCreate, localPublicIp, localPublicGateway, localGuestCidr, - peerGatewayIp, peerGuestCidrList, ikePolicy, espPolicy, lifetime, ipsecPsk); + peerGatewayIp, peerGuestCidrList, ikePolicy, espPolicy, ipsecPsk, ikeLifetime, espLifetime, dpd); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); diff --git a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java index 4f7277256a4..212965045cb 100644 --- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java +++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java @@ -161,14 +161,29 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { if (!NetUtils.isValidS2SVpnPolicy(espPolicy)) { throw new InvalidParameterValueException("The customer gateway ESP policy " + espPolicy + " is invalid!", null); } - Long lifetime = cmd.getLifetime(); - if (lifetime == null) { + + Long ikeLifetime = cmd.getIkeLifetime(); + if (ikeLifetime == null) { // Default value of lifetime is 1 day - lifetime = (long) 86400; + ikeLifetime = (long) 86400; } - if (lifetime > 86400) { - throw new InvalidParameterValueException("The lifetime " + lifetime + " of vpn connection is invalid!", null); + if (ikeLifetime > 86400) { + throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!", null); } + Long espLifetime = cmd.getEspLifetime(); + if (espLifetime == null) { + // Default value of lifetime is 1 day + espLifetime = (long) 3600; + } + if (espLifetime > 3600) { + throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!", null); + } + + Boolean dpd = cmd.getDpd(); + if (dpd == null) { + dpd = false; + } + if (_customerGatewayDao.findByGatewayIp(gatewayIp) != null) { throw new InvalidParameterValueException("The customer gateway with ip " + gatewayIp + " already existed!", null); } @@ -176,7 +191,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { throw new InvalidParameterValueException("The customer gateway with name " + name + " already existed!", null); } Site2SiteCustomerGatewayVO gw = new Site2SiteCustomerGatewayVO(name, owner.getAccountId(), owner.getDomainId(), gatewayIp, guestCidrList, ipsecPsk, - ikePolicy, espPolicy, lifetime); + ikePolicy, espPolicy, ikeLifetime, espLifetime, dpd); _customerGatewayDao.persist(gw); return gw; } @@ -365,20 +380,37 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { if (!NetUtils.isValidS2SVpnPolicy(espPolicy)) { throw new InvalidParameterValueException("The customer gateway ESP policy" + espPolicy + " is invalid!", null); } - Long lifetime = cmd.getLifetime(); - if (lifetime == null) { + + Long ikeLifetime = cmd.getIkeLifetime(); + if (ikeLifetime == null) { // Default value of lifetime is 1 day - lifetime = (long) 86400; + ikeLifetime = (long) 86400; } - if (lifetime > 86400) { - throw new InvalidParameterValueException("The lifetime " + lifetime + " of vpn connection is invalid!", null); + if (ikeLifetime > 86400) { + throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!", null); } + Long espLifetime = cmd.getEspLifetime(); + if (espLifetime == null) { + // Default value of lifetime is 1 day + espLifetime = (long) 3600; + } + if (espLifetime > 3600) { + throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!", null); + } + + Boolean dpd = cmd.getDpd(); + if (dpd == null) { + dpd = false; + } + gw.setGatewayIp(gatewayIp); gw.setGuestCidrList(guestCidrList); gw.setIkePolicy(ikePolicy); gw.setEspPolicy(espPolicy); gw.setIpsecPsk(ipsecPsk); - gw.setLifetime(lifetime); + gw.setIkeLifetime(ikeLifetime); + gw.setEspLifetime(espLifetime); + gw.setDpd(dpd); _customerGatewayDao.persist(gw); return gw; } diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index 161c941f9ad..1321a232b84 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -2170,7 +2170,9 @@ CREATE TABLE `cloud`.`s2s_customer_gateway` ( `ipsec_psk` varchar(256), `ike_policy` varchar(30) NOT NULL, `esp_policy` varchar(30) NOT NULL, - `lifetime` int, + `ike_lifetime` int NOT NULL DEFAULT 86400, + `esp_lifetime` int NOT NULL DEFAULT 3600, + `dpd` int(1) NOT NULL DEFAULT 0, `domain_id` bigint unsigned NOT NULL, `account_id` bigint unsigned NOT NULL, `removed` datetime COMMENT 'date removed if not null', diff --git a/setup/db/db/schema-304to305.sql b/setup/db/db/schema-304to305.sql index 52ffeb93c4d..219d50f555d 100755 --- a/setup/db/db/schema-304to305.sql +++ b/setup/db/db/schema-304to305.sql @@ -312,7 +312,9 @@ CREATE TABLE `cloud`.`s2s_customer_gateway` ( `ipsec_psk` varchar(256), `ike_policy` varchar(30) NOT NULL, `esp_policy` varchar(30) NOT NULL, - `lifetime` int, + `ike_lifetime` int NOT NULL DEFAULT 86400, + `esp_lifetime` int NOT NULL DEFAULT 86400, + `dpd` int(1) NOT NULL DEFAULT 0, `domain_id` bigint unsigned NOT NULL, `account_id` bigint unsigned NOT NULL, `removed` datetime COMMENT 'date removed if not null',