etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

S2S VPN: CS-15472: Separate IKE lifetime and ESP lifetime

This commit is contained in:
Sheng Yang 2012-08-06 15:19:26 -07:00
parent 469e180515
commit 1b5103c501
15 changed files with 238 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
View File

@ -11,7 +11,9 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
private String ipsecPsk;
private String ikePolicy;
private String espPolicy;
private long lifetime;
private long ikeLifetime;
private long espLifetime;
private boolean dpd;
@Override
public boolean executeInSequence() {
@ -22,8 +24,8 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.create = false;
}
public Site2SiteVpnCfgCommand (boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr,
String peerGatewayIp, String peerGuestCidrList, String ikePolicy, String espPolicy, long lifetime, String ipsecPsk) {
public Site2SiteVpnCfgCommand (boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr, String peerGatewayIp,
String peerGuestCidrList, String ikePolicy, String espPolicy, String ipsecPsk, Long ikeLifetime, Long espLifetime, Boolean dpd) {
this.create = create;
this.setLocalPublicIp(localPublicIp);
this.setLocalPublicGateway(localPublicGateway);
@ -33,7 +35,9 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.ipsecPsk = ipsecPsk;
this.ikePolicy = ikePolicy;
this.espPolicy = espPolicy;
this.lifetime = lifetime;
this.ikeLifetime = ikeLifetime;
this.espLifetime = espLifetime;
this.dpd = dpd;
}
public boolean isCreate() {
@ -68,12 +72,28 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.espPolicy = espPolicy;
}
public long getLifetime() {
return lifetime;
public long getIkeLifetime() {
return ikeLifetime;
}
public void setLifetime(long lifetime) {
this.lifetime = lifetime;
public void setikeLifetime(long ikeLifetime) {
this.ikeLifetime = ikeLifetime;
}
public long getEspLifetime() {
return espLifetime;
}
public void setEspLifetime(long espLifetime) {
this.espLifetime = espLifetime;
}
public Boolean getDpd() {
return dpd;
}
public void setDpd(Boolean dpd) {
this.dpd = dpd;
}
public String getLocalPublicIp() {

4
api/src/com/cloud/api/ApiConstants.java
View File

@ -373,7 +373,9 @@ public class ApiConstants {
public static final String REMOVED = "removed";
public static final String IKE_POLICY = "ikepolicy";
public static final String ESP_POLICY = "esppolicy";
public static final String LIFETIME = "lifetime";
public static final String IKE_LIFETIME = "ikelifetime";
public static final String ESP_LIFETIME = "esplifetime";
public static final String DPD = "dpd";
public static final String FOR_VPC = "forvpc";
public static final String NICIRA_NVP_DEVICE_ID = "nvpdeviceid";
public static final String NICIRA_NVP_TRANSPORT_ZONE_UUID = "transportzoneuuid";

22
api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java
View File

@ -58,8 +58,14 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ESP_POLICY, type=CommandType.STRING, required=true, description="ESP policy of the customer gateway")
private String espPolicy;
@Parameter(name=ApiConstants.LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of vpn connection to the customer gateway, in seconds")
private Long lifetime;
@Parameter(name=ApiConstants.IKE_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 1 VPN connection to the customer gateway, in seconds")
private Long ikeLifetime;
@Parameter(name=ApiConstants.ESP_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 2 VPN connection to the customer gateway, in seconds")
private Long espLifetime;
@Parameter(name=ApiConstants.DPD, type=CommandType.BOOLEAN, required=false, description="If DPD is enabled for VPN connection")
private Boolean dpd;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the gateway. Must be used with the domainId parameter.")
private String accountName;
@ -101,8 +107,16 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
return espPolicy;
}
public Long getLifetime() {
return lifetime;
public Long getIkeLifetime() {
return ikeLifetime;
}
public Long getEspLifetime() {
return espLifetime;
}
public Boolean getDpd() {
return dpd;
}
public String getAccountName() {

22
api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java
View File

@ -59,8 +59,14 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ESP_POLICY, type=CommandType.STRING, required=true, description="ESP policy of the customer gateway")
private String espPolicy;
@Parameter(name=ApiConstants.LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of vpn connection to the customer gateway, in seconds")
private Long lifetime;
@Parameter(name=ApiConstants.IKE_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 1 VPN connection to the customer gateway, in seconds")
private Long ikeLifetime;
@Parameter(name=ApiConstants.ESP_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 2 VPN connection to the customer gateway, in seconds")
private Long espLifetime;
@Parameter(name=ApiConstants.DPD, type=CommandType.BOOLEAN, required=false, description="If DPD is enabled for VPN connection")
private Boolean dpd;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the gateway. Must be used with the domainId parameter.")
private String accountName;
@ -102,8 +108,16 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
return espPolicy;
}
public Long getLifetime() {
return lifetime;
public Long getIkeLifetime() {
return ikeLifetime;
}
public Long getEspLifetime() {
return espLifetime;
}
public Boolean getDpd() {
return dpd;
}
/////////////////////////////////////////////////////

22
api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java
View File

@ -49,8 +49,14 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co
@SerializedName(ApiConstants.ESP_POLICY) @Param(description="IPsec policy of customer gateway")
private String espPolicy;
@SerializedName(ApiConstants.LIFETIME) @Param(description="Lifetime of IKE and IPsec policy of customer gateway")
private Long lifetime;
@SerializedName(ApiConstants.IKE_LIFETIME) @Param(description="Lifetime of IKE SA of customer gateway")
private Long ikeLifetime;
@SerializedName(ApiConstants.ESP_LIFETIME) @Param(description="Lifetime of ESP SA of customer gateway")
private Long espLifetime;
@SerializedName(ApiConstants.DPD) @Param(description="if DPD is enabled for customer gateway")
private Boolean dpd;
@SerializedName(ApiConstants.ACCOUNT) @Param(description="the owner")
private String accountName;
@ -102,8 +108,16 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co
this.espPolicy = espPolicy;
}
public void setLifetime(Long lifetime) {
this.lifetime = lifetime;
public void setIkeLifetime(Long ikeLifetime) {
this.ikeLifetime = ikeLifetime;
}
public void setEspLifetime(Long espLifetime) {
this.espLifetime = espLifetime;
}
public void setDpd(Boolean dpd) {
this.dpd= dpd;
}
public void setRemoved(Date removed) {

24
api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java
View File

@ -52,8 +52,14 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont
@SerializedName(ApiConstants.ESP_POLICY) @Param(description="ESP policy of the customer gateway") //from CustomerGateway
private String espPolicy;
@SerializedName(ApiConstants.LIFETIME) @Param(description="Lifetime of vpn connection to the customer gateway, in seconds") //from CustomerGateway
private Long lifetime;
@SerializedName(ApiConstants.IKE_LIFETIME) @Param(description="Lifetime of IKE SA of customer gateway") //from CustomerGateway
private Long ikeLifetime;
@SerializedName(ApiConstants.ESP_LIFETIME) @Param(description="Lifetime of ESP SA of customer gateway") //from CustomerGateway
private Long espLifetime;
@SerializedName(ApiConstants.DPD) @Param(description="if DPD is enabled for customer gateway") //from CustomerGateway
private Boolean dpd;
@SerializedName(ApiConstants.STATE) @Param(description="State of vpn connection")
private String state;
@ -115,9 +121,17 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont
this.espPolicy = espPolicy;
}
public void setLifetime(Long lifetime) {
this.lifetime = lifetime;
}
public void setIkeLifetime(Long ikeLifetime) {
this.ikeLifetime = ikeLifetime;
}
public void setEspLifetime(Long espLifetime) {
this.espLifetime = espLifetime;
}
public void setDpd(Boolean dpd) {
this.dpd= dpd;
}
public void setState(String state) {
this.state = state;

4
api/src/com/cloud/network/Site2SiteCustomerGateway.java
View File

@ -11,7 +11,9 @@ public interface Site2SiteCustomerGateway extends ControlledEntity {
public String getIpsecPsk();
public String getIkePolicy();
public String getEspPolicy();
public Long getLifetime();
public Long getIkeLifetime();
public Long getEspLifetime();
public Boolean getDpd();
public Date getRemoved();
String getName();
}

10
core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
View File

@ -596,9 +596,17 @@ public class VirtualRoutingResource implements Manager {
args += " -i ";
args += "\"" + cmd.getIkePolicy() + "\"";
args += " -t ";
args += Long.toString(cmd.getLifetime());
args += Long.toString(cmd.getIkeLifetime());
args += " -T ";
args += Long.toString(cmd.getEspLifetime());
args += " -s ";
args += "\"" + cmd.getIpsecPsk() + "\"";
args += " -d ";
if (cmd.getDpd()) {
args += "1";
} else {
args += "0";
}
} else {
args = "-D";
args += " -r ";

33
patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
View File

@ -23,7 +23,7 @@ vpnconfdir="/etc/ipsec.d"
vpnoutmark="0x525"
usage() {
printf "Usage: %s: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <lifetime> -s <pre-shared secret> \n" $(basename $0) >&2
printf "Usage: %s: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime> -T <esp lifetime> -s <pre-shared secret> -d <dpd 0 or 1> \n" $(basename $0) >&2
}
#set -x
@ -122,7 +122,7 @@ ipsec_tunnel_add() {
logger -t cloud "$(basename $0): creating configuration for ipsec tunnel: left peer=$leftpeer \
left net=$leftnet left gateway=$leftgw right peer=$rightpeer right network=$rightnets phase1 policy=$ikepolicy \
phase2 policy=$esppolicy lifetime=$time secret=$secret"
phase2 policy=$esppolicy secret=$secret"
[ "$op" == "-A" ] && ipsec_tunnel_del
@ -137,20 +137,23 @@ ipsec_tunnel_add() {
sudo echo " type=tunnel" >> $vpnconffile &&
sudo echo " authby=secret" >> $vpnconffile &&
sudo echo " keyexchange=ike" >> $vpnconffile &&
sudo echo " pfs=no" >> $vpnconffile &&
sudo echo " esp=$esppolicy" >> $vpnconffile &&
sudo echo " salifetime=${time}s" >> $vpnconffile &&
sudo echo " ike=$ikepolicy" >> $vpnconffile &&
sudo echo " ikelifetime=${time}s" >> $vpnconffile &&
sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile &&
sudo echo " esp=$esppolicy" >> $vpnconffile &&
sudo echo " salifetime=${esplifetime}s" >> $vpnconffile &&
sudo echo " pfs=no" >> $vpnconffile &&
sudo echo " keyingtries=3" >> $vpnconffile &&
sudo echo " dpddelay=30" >> $vpnconffile &&
sudo echo " dpdtimeout=120" >> $vpnconffile &&
sudo echo " dpdaction=restart" >> $vpnconffile &&
sudo echo " auto=add" >> $vpnconffile &&
sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile &&
sudo chmod 0400 $vpnsecretsfile
if [ $dpd -ne 0 ]
then
sudo echo " dpddelay=30" >> $vpnconffile &&
sudo echo " dpdtimeout=120" >> $vpnconffile &&
sudo echo " dpdaction=restart" >> $vpnconffile
fi
enable_iptables_subnets
sudo ipsec auto --rereadall
@ -192,7 +195,7 @@ Iflag=
sflag=
op=""
while getopts 'ADl:n:g:r:N:e:i:t:s:' OPTION
while getopts 'ADl:n:g:r:N:e:i:t:T:s:d:' OPTION
do
case $OPTION in
A) opflag=1
@ -223,11 +226,17 @@ do
ikepolicy="$OPTARG"
;;
t) tflag=1
time="$OPTARG"
ikelifetime="$OPTARG"
;;
T) Tflag=1
esplifetime="$OPTARG"
;;
s) sflag=1
secret="$OPTARG"
;;
d) dflag=1
dpd="$OPTARG"
;;
?) usage
unlock_exit 2 $lock $locked
;;

10
plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
View File

@ -7420,9 +7420,17 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
args += " -i ";
args += "\"" + cmd.getIkePolicy() + "\"";
args += " -t ";
args += Long.toString(cmd.getLifetime());
args += Long.toString(cmd.getIkeLifetime());
args += " -T ";
args += Long.toString(cmd.getEspLifetime());
args += " -s ";
args += "\"" + cmd.getIpsecPsk() + "\"";
args += " -d ";
if (cmd.getDpd()) {
args += "1";
} else {
args += "0";
}
} else {
args += " -D";
args += " -r ";

11
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -3841,7 +3841,10 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIpsecPsk(result.getIpsecPsk());
response.setIkePolicy(result.getIkePolicy());
response.setEspPolicy(result.getEspPolicy());
response.setLifetime(result.getLifetime());
response.setIkeLifetime(result.getIkeLifetime());
response.setEspLifetime(result.getEspLifetime());
response.setDpd(result.getDpd());
response.setRemoved(result.getRemoved());
response.setObjectName("vpncustomergateway");
@ -3875,7 +3878,9 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIpsecPsk(customerGateway.getIpsecPsk());
response.setIkePolicy(customerGateway.getIkePolicy());
response.setEspPolicy(customerGateway.getEspPolicy());
response.setLifetime(customerGateway.getLifetime());
response.setIkeLifetime(customerGateway.getIkeLifetime());
response.setEspLifetime(customerGateway.getEspLifetime());
response.setDpd(customerGateway.getDpd());
}
populateAccount(response, result.getAccountId());
@ -3887,4 +3892,4 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setObjectName("vpnconnection");
return response;
}
}
}

43
server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java
View File

@ -41,8 +41,14 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
@Column(name="esp_policy")
private String espPolicy;
@Column(name="lifetime")
private long lifetime;
@Column(name="ike_lifetime")
private long ikeLifetime;
@Column(name="esp_lifetime")
private long espLifetime;
@Column(name="dpd")
private boolean dpd;
@Column(name="domain_id")
private Long domainId;
@ -55,14 +61,17 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
public Site2SiteCustomerGatewayVO() { }
public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy, String espPolicy, long lifetime) {
public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy, String espPolicy,
long ikeLifetime, long espLifetime, boolean dpd) {
this.name = name;
this.gatewayIp = gatewayIp;
this.guestCidrList = guestCidrList;
this.ipsecPsk = ipsecPsk;
this.ikePolicy = ikePolicy;
this.espPolicy = espPolicy;
this.lifetime = lifetime;
this.ikeLifetime = ikeLifetime;
this.espLifetime = espLifetime;
this.dpd = dpd;
this.uuid = UUID.randomUUID().toString();
this.accountId = accountId;
this.domainId = domainId;
@ -119,12 +128,21 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
}
@Override
public Long getLifetime() {
return lifetime;
public Long getIkeLifetime() {
return ikeLifetime;
}
public void setLifetime(long lifetime) {
this.lifetime = lifetime;
public void setIkeLifetime(long ikeLifetime) {
this.ikeLifetime = ikeLifetime;
}
@Override
public Long getEspLifetime() {
return espLifetime;
}
public void setEspLifetime(long espLifetime) {
this.espLifetime = espLifetime;
}
@Override
@ -145,6 +163,15 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
this.espPolicy = espPolicy;
}
@Override
public Boolean getDpd() {
return dpd;
}
public void setDpd(boolean dpd) {
this.dpd = dpd;
}
public String getUuid() {
return uuid;
}

6
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
View File

@ -917,8 +917,10 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
}
if (router.getState() != State.Running) {
for (Site2SiteVpnConnectionVO conn : conns) {
conn.setState(Site2SiteVpnConnection.State.Disconnected);
_s2sVpnConnectionDao.persist(conn);
if (conn.getState() != Site2SiteVpnConnection.State.Error) {
conn.setState(Site2SiteVpnConnection.State.Disconnected);
_s2sVpnConnectionDao.persist(conn);
}
}
continue;
}

6
server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
View File

@ -1095,10 +1095,12 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
String ipsecPsk = gw.getIpsecPsk();
String ikePolicy = gw.getIkePolicy();
String espPolicy = gw.getEspPolicy();
Long lifetime = gw.getLifetime();
Long ikeLifetime = gw.getIkeLifetime();
Long espLifetime = gw.getEspLifetime();
Boolean dpd = gw.getDpd();
Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(isCreate, localPublicIp, localPublicGateway, localGuestCidr,
peerGatewayIp, peerGuestCidrList, ikePolicy, espPolicy, lifetime, ipsecPsk);
peerGatewayIp, peerGuestCidrList, ikePolicy, espPolicy, ipsecPsk, ikeLifetime, espLifetime, dpd);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());

53
server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
View File

@ -158,14 +158,28 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
if (!NetUtils.isValidS2SVpnPolicy(espPolicy)) {
throw new InvalidParameterValueException("The customer gateway ESP policy " + espPolicy + " is invalid!");
}
Long lifetime = cmd.getLifetime();
if (lifetime == null) {
Long ikeLifetime = cmd.getIkeLifetime();
if (ikeLifetime == null) {
// Default value of lifetime is 1 day
lifetime = (long) 86400;
ikeLifetime = (long) 86400;
}
if (lifetime > 86400) {
throw new InvalidParameterValueException("The lifetime " + lifetime + " of vpn connection is invalid!");
if (ikeLifetime > 86400) {
throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!");
}
Long espLifetime = cmd.getEspLifetime();
if (espLifetime == null) {
// Default value of lifetime is 1 day
espLifetime = (long) 3600;
}
if (espLifetime > 86400) {
throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!");
}
Boolean dpd = cmd.getDpd();
if (dpd == null) {
dpd = false;
}
if (_customerGatewayDao.findByGatewayIp(gatewayIp) != null) {
throw new InvalidParameterValueException("The customer gateway with ip " + gatewayIp + " already existed!");
}
@ -173,7 +187,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
throw new InvalidParameterValueException("The customer gateway with name " + name + " already existed!");
}
Site2SiteCustomerGatewayVO gw = new Site2SiteCustomerGatewayVO(name, owner.getAccountId(), owner.getDomainId(), gatewayIp, guestCidrList, ipsecPsk,
ikePolicy, espPolicy, lifetime);
ikePolicy, espPolicy, ikeLifetime, espLifetime, dpd);
_customerGatewayDao.persist(gw);
return gw;
}
@ -347,20 +361,35 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
if (!NetUtils.isValidS2SVpnPolicy(espPolicy)) {
throw new InvalidParameterValueException("The customer gateway ESP policy" + espPolicy + " is invalid!");
}
Long lifetime = cmd.getLifetime();
if (lifetime == null) {
Long ikeLifetime = cmd.getIkeLifetime();
if (ikeLifetime == null) {
// Default value of lifetime is 1 day
lifetime = (long) 86400;
ikeLifetime = (long) 86400;
}
if (lifetime > 86400) {
throw new InvalidParameterValueException("The lifetime " + lifetime + " of vpn connection is invalid!");
if (ikeLifetime > 86400) {
throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!");
}
Long espLifetime = cmd.getEspLifetime();
if (espLifetime == null) {
// Default value of lifetime is 1 day
espLifetime = (long) 3600;
}
if (espLifetime > 86400) {
throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!");
}
Boolean dpd = cmd.getDpd();
if (dpd == null) {
dpd = false;
}
gw.setGatewayIp(gatewayIp);
gw.setGuestCidrList(guestCidrList);
gw.setIkePolicy(ikePolicy);
gw.setEspPolicy(espPolicy);
gw.setIpsecPsk(ipsecPsk);
gw.setLifetime(lifetime);
gw.setIkeLifetime(ikeLifetime);
gw.setEspLifetime(espLifetime);
gw.setDpd(dpd);
_customerGatewayDao.persist(gw);
return gw;
}