etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,213 Commits 324 Branches 325 Tags 928 MiB
Commit Graph

398 Commits

Author SHA1 Message Date
kishan c5d2a84ade bug CS-15852: Add vpn usage rules in iptables magle table 
status CS-15852: resolved fixed
 2012-08-09 23:21:26 +05:30
kishan 23aa4bff69 bug CS-15221: Support multiple public interfaces 2012-08-08 13:42:14 +05:30
Sheng Yang 3b0d7d373f S2S VPN: CS-15641: Enable UDP port 4500 for NAT-T 2012-08-06 16:54:26 -07:00
Sheng Yang 5cacd059ee S2S VPN: CS-15852: Add vpninmask for VPN network usage 2012-08-06 14:24:20 -07:00
kishan b87800c159 bug CS-15852: Added VPN network usage. Uses vpn mark 0x525 to match VPN packets 2012-08-06 03:19:58 +05:30
Sheng Yang 7779097653 S2S VPN: CS-15642: Re-initiate the VPN connections after router reboot 2012-08-03 15:37:34 -07:00
anthony d8ab3e1c36 VPC : handle Revoke rules for staticroute 2012-08-02 18:48:05 -07:00
Sheng Yang c2250fecf7 S2S VPN: CS-15511: Add PFS support for VPN connection 2012-08-02 18:45:03 -07:00
Sheng Yang 0f603daff6 S2S VPN: CS-15472: Separate IKE lifetime and ESP lifetime 2012-08-02 18:01:58 -07:00
anthony 66b006096d VPC : typo 2012-08-02 15:26:04 -07:00
kishan 8c53b79cfe bug CS-15577: Added per gateway network usage for VPC 2012-08-02 17:14:57 +05:30
anthony a17c542fd6 CS-15680 : set broadcast IP 2012-07-30 12:24:07 -07:00
anthony 9500080488 CS-15708 : fix network cleanup 2012-07-30 12:06:43 -07:00
Sheng Yang 30d9411078 CS-15731: Make S2S VPN no-nat rule the top of POSTROUTING 2012-07-27 18:38:28 -07:00
anthony 3f411d7dda CS-15706 : remove rules for unplugged eth on nat table 2012-07-26 13:08:08 -07:00
Sheng Yang cc35ea2be3 S2S VPN: CS-15650: Add connection status update to s2s vpn 2012-07-25 22:00:40 -07:00
anthony 97feeaad6a VPC : remove unused code 2012-07-25 10:53:36 -07:00
Sheng Yang 76abb27a3c S2S VPN: Add back pfs=no for ipsec.conf 
According to ipsec.conf manual:

pfs

whether Perfect Forward Secrecy of keys is desired on the connection's keying
channel (with PFS, penetration of the key-exchange protocol does not compromise
keys negotiated earlier); Since there is no reason to ever refuse PFS, Openswan
will allow a connection defined with pfs=no to use PFS anyway. Acceptable values
are yes (the default) and no.

Found removing the option would make it impossible to work with no PFS setting
router. It may related to CS-15511.
 2012-07-23 19:33:11 -07:00
Sheng Yang 67557f313a S2S VPN: Support for multiply VPN connections per VPC/VPN gateway 2012-07-23 19:02:52 -07:00
anthony 165b85fab5 empty dhcp information when start domr 2012-07-23 16:48:13 -07:00
anthony 5e3e3a7a1c CS-15635 : fixed the part introduced by VPC, there is anther part needs to be fixed for regular network 2012-07-23 16:11:47 -07:00
Vijayendra Bhamidipati f7be2a9352 CS-15657: Mgmt server fails to associate ip addess to public interface on VPC router VM 
Description:

	Fixing syntax error in ipassoc.sh.
 2012-07-23 11:17:54 -07:00
Sheng Yang 664c8b3b2c CS-15511: Fix parameter transfer in bash 2012-07-18 15:31:59 -07:00
Sheng Yang 0ff69f11a4 CS-15536: Insert VPN mangle policy to FORWARD and OUTPUT 
In order to get traffic tagged while ACL chain involved in PREROUTING chain.

Also using more generic tag checking in nat table.
 2012-07-17 17:22:00 -07:00
Sheng Yang c36de737db S2S VPN: Use source NAT ip address for VPN gateway 2012-07-17 17:22:00 -07:00
anthony 065eeb6141 VPC : remove rules in nat table if ip is removed 2012-07-11 16:05:15 -07:00
anthony c5f8712b4b VPC : CS-11503, deleting staticnat works even ip is not there. 
this can fix the issue for VPC,
  but Cloudstack should not send out ipdeassociate before applying ruls on this ip
 2012-07-11 14:44:32 -07:00
anthony 5d224ed592 VPC : in no route in setStaticRoute, just remove all routes 2012-07-10 18:41:13 -07:00
anthony d7fe4468f2 VPC : CS-15520, fix for acl revoke 2012-07-10 16:19:12 -07:00
anthony ed0b6c07ec VPC : CS-15492, fix static route 2012-07-10 15:16:15 -07:00
anthony 815584ead0 VPC : CS-15507, use correct chain for lb 2012-07-09 18:33:37 -07:00
anthony 5cd6516d21 CS-15506 : allow traffic going out domr in FORWARD chain 2012-07-09 18:33:37 -07:00
anthony 87a7fd1a26 VPC : CS-15501, outbound only work on new connection 2012-07-09 11:48:28 -07:00
anthony 417c435622 VPC : loadbalance go through inbound chain 2012-07-09 10:16:33 -07:00
anthony 94e26a00f4 VPC : VMs may access this static nat ip 2012-07-09 09:53:52 -07:00
anthony c18da90355 VPC : move egress chain to PREROUTING 2012-07-06 19:05:01 -07:00
anthony f737a21881 VPC : open 80 for vmdata 2012-07-06 17:59:26 -07:00
anthony 0f3f69f095 VPC : do not set mark for static nat 2012-07-06 16:11:05 -07:00
anthony e0fec2ef22 VPC : configure apache2 for each guest network 2012-07-06 16:09:07 -07:00
anthony af45bf03ad VPC : clean up host file for domr 2012-07-06 16:09:07 -07:00
anthony c258664a69 VPC : CS-15463 allow input traffic for established connection 2012-07-05 14:24:52 -07:00
Murali Reddy 2195f3ad83 VPC : CS-15424 default route & gateway is missing for private network in VPC virtual router on Vmware 
reviewd by : Anthony

adding route configuration through eth0 when VPC router
 2012-07-05 13:45:29 -07:00
anthony 38befcd228 CS-15427 : always provide gateway as DNS server due to no traffic is allowed by ACL, the external DNS doesn't work by default 2012-07-03 19:13:44 -07:00
anthony 051acd2306 VPC : clean up rt_table when stop domr 2012-07-03 12:25:25 -07:00
Sheng Yang 7e4841a117 CS-6840: Fix wrong path of check s2s vpn script 2012-07-03 11:09:00 -07:00
anthony 079d7ef1aa VPC : setup hairpin 2012-07-02 17:59:40 -07:00
anthony 2967ccd0d9 VPC : fix in unplug 2012-07-02 17:53:18 -07:00
anthony b5e8f7943f VPC : acl use eth* as chain name 2012-07-02 17:50:45 -07:00
anthony 810fe381bf VPC : static route, add route table in cloud-early-config 2012-07-02 17:42:10 -07:00
anthony 2af007a739 VPC : add static route 2012-07-02 17:28:54 -07:00