etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,512 Commits 324 Branches 325 Tags 928 MiB
Commit Graph

412 Commits

Author SHA1 Message Date
Anthony Xu 2972cdec90 CS-16254: 
passwd_server listen on every interface, but only guest interface is enabled for that port

reviewed-by: kelven
 2012-08-31 17:37:20 -07:00
Jayapal Reddy c800454cb8 CS-16243: Redundant VRs are not compatible with the old password get script 
Reviewed-by: Abhi
 2012-08-31 16:35:21 +05:30
Vijayendra Bhamidipati 106ccc5b7b CS-16207: Inver-Vlan-Routing: Creating ACL rules with traffic type "Egress" Fails 
Reviewed-by: Vijayendra Bhamidipati
Description:

    Capturing return status of iptables commands when setting ingress/egress ACL
    rules immediately after they execute.
 2012-08-29 19:19:53 -07:00
Anthony Xu 099cf848e6 VPC : by default , outgoing traffic is allowed out, once egress rules are added, only traffic specified in those are allowed out, others are blocked 
reviewed-by: kelven
 2012-08-24 16:43:25 -07:00
kishan 99706c7c45 bug CS-16112: During unplug nic iptables rules are cleaned up in both cloud_nic.sh and vpc_netusage.sh. Consolidated this code in cloud_nic.sh 
status CS-16112: resolved fixed
reviewed-by: Nitin
 2012-08-21 20:16:35 +05:30
Sheng Yang adaaaea128 S2S VPN: CS-16092: Add ESP rule to iptables 
Otherwise the other end cannot initiate connection.
 2012-08-20 11:16:53 -07:00
Rohit Yadav b9f5d29234 CS-15942: Failed to apply Port Forwarding rule to Redundant router 
Previously failed due to error in iptables command to use a list of IPs.
Fixed by using only its first assigned IP and subnet for guest IP network.

Reviewed-by: Jayapal Uradi and Abhinandan Prateek.

Signed-off-by: Rohit Yadav <rohit.yadav@citrix.com>
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
 2012-08-16 19:42:53 +05:30
kishan 02a8ee911d bug CS-15878: created network usage rules after ipassoc during reboot 
status CS-15878: resolved fixed
 2012-08-16 17:38:20 +05:30
Rohit Yadav 718c281a87 CS-15970: Fix Redundant Router status for master and backup routers 
Bug found when host is XenServer
Fixes path from /root to /opt/cloud/bin for both XenServer and VMWare hosts

Signed-off-by: Rohit Yadav <rohit.yadav@citrix.com>
Signed-off-by: unknown <aprateek@aprateek-PC.(none)>
 2012-08-16 12:30:10 +05:30
kishan ddc50606d7 bug CS-15982: corrected order of sent and rcvd usage rules 
status CS-15982: resolved fixed
 2012-08-14 16:36:48 +05:30
kishan 7c1a9658fc bug CS-15972: Insert iptable rules to set vpn mark before vpn usage chain 
status CS-15972: resolved fixed
 2012-08-13 20:57:38 +05:30
kishan 6246191084 bug CS-15954: Corrected return status of get usage in vpc_netusage 
status CS-15954: resolved fixed
 2012-08-13 15:40:43 +05:30
Sheng Yang f8182e8555 S2S VPN: Don't consider VPN is down if IPsec SA still existed 
Because ISAKMP SA wouldn't be updated after expiration if IPsec SA is still in
affect.
 2012-08-10 10:58:17 -07:00
kishan 9fc16802c7 bug CS-15852: Add vpn usage rules in iptables magle table 
status CS-15852: resolved fixed
 2012-08-10 09:55:34 +05:30
kishan c5d2a84ade bug CS-15852: Add vpn usage rules in iptables magle table 
status CS-15852: resolved fixed
 2012-08-09 23:21:26 +05:30
kishan 23aa4bff69 bug CS-15221: Support multiple public interfaces 2012-08-08 13:42:14 +05:30
Sheng Yang 3b0d7d373f S2S VPN: CS-15641: Enable UDP port 4500 for NAT-T 2012-08-06 16:54:26 -07:00
Sheng Yang 5cacd059ee S2S VPN: CS-15852: Add vpninmask for VPN network usage 2012-08-06 14:24:20 -07:00
kishan b87800c159 bug CS-15852: Added VPN network usage. Uses vpn mark 0x525 to match VPN packets 2012-08-06 03:19:58 +05:30
Sheng Yang 7779097653 S2S VPN: CS-15642: Re-initiate the VPN connections after router reboot 2012-08-03 15:37:34 -07:00
anthony d8ab3e1c36 VPC : handle Revoke rules for staticroute 2012-08-02 18:48:05 -07:00
Sheng Yang c2250fecf7 S2S VPN: CS-15511: Add PFS support for VPN connection 2012-08-02 18:45:03 -07:00
Sheng Yang 0f603daff6 S2S VPN: CS-15472: Separate IKE lifetime and ESP lifetime 2012-08-02 18:01:58 -07:00
anthony 66b006096d VPC : typo 2012-08-02 15:26:04 -07:00
kishan 8c53b79cfe bug CS-15577: Added per gateway network usage for VPC 2012-08-02 17:14:57 +05:30
anthony a17c542fd6 CS-15680 : set broadcast IP 2012-07-30 12:24:07 -07:00
anthony 9500080488 CS-15708 : fix network cleanup 2012-07-30 12:06:43 -07:00
Sheng Yang 30d9411078 CS-15731: Make S2S VPN no-nat rule the top of POSTROUTING 2012-07-27 18:38:28 -07:00
anthony 3f411d7dda CS-15706 : remove rules for unplugged eth on nat table 2012-07-26 13:08:08 -07:00
Sheng Yang cc35ea2be3 S2S VPN: CS-15650: Add connection status update to s2s vpn 2012-07-25 22:00:40 -07:00
anthony 97feeaad6a VPC : remove unused code 2012-07-25 10:53:36 -07:00
Sheng Yang 76abb27a3c S2S VPN: Add back pfs=no for ipsec.conf 
According to ipsec.conf manual:

pfs

whether Perfect Forward Secrecy of keys is desired on the connection's keying
channel (with PFS, penetration of the key-exchange protocol does not compromise
keys negotiated earlier); Since there is no reason to ever refuse PFS, Openswan
will allow a connection defined with pfs=no to use PFS anyway. Acceptable values
are yes (the default) and no.

Found removing the option would make it impossible to work with no PFS setting
router. It may related to CS-15511.
 2012-07-23 19:33:11 -07:00
Sheng Yang 67557f313a S2S VPN: Support for multiply VPN connections per VPC/VPN gateway 2012-07-23 19:02:52 -07:00
anthony 165b85fab5 empty dhcp information when start domr 2012-07-23 16:48:13 -07:00
anthony 5e3e3a7a1c CS-15635 : fixed the part introduced by VPC, there is anther part needs to be fixed for regular network 2012-07-23 16:11:47 -07:00
Vijayendra Bhamidipati f7be2a9352 CS-15657: Mgmt server fails to associate ip addess to public interface on VPC router VM 
Description:

	Fixing syntax error in ipassoc.sh.
 2012-07-23 11:17:54 -07:00
Sheng Yang 664c8b3b2c CS-15511: Fix parameter transfer in bash 2012-07-18 15:31:59 -07:00
Sheng Yang 0ff69f11a4 CS-15536: Insert VPN mangle policy to FORWARD and OUTPUT 
In order to get traffic tagged while ACL chain involved in PREROUTING chain.

Also using more generic tag checking in nat table.
 2012-07-17 17:22:00 -07:00
Sheng Yang c36de737db S2S VPN: Use source NAT ip address for VPN gateway 2012-07-17 17:22:00 -07:00
anthony 065eeb6141 VPC : remove rules in nat table if ip is removed 2012-07-11 16:05:15 -07:00
anthony c5f8712b4b VPC : CS-11503, deleting staticnat works even ip is not there. 
this can fix the issue for VPC,
  but Cloudstack should not send out ipdeassociate before applying ruls on this ip
 2012-07-11 14:44:32 -07:00
anthony 5d224ed592 VPC : in no route in setStaticRoute, just remove all routes 2012-07-10 18:41:13 -07:00
anthony d7fe4468f2 VPC : CS-15520, fix for acl revoke 2012-07-10 16:19:12 -07:00
anthony ed0b6c07ec VPC : CS-15492, fix static route 2012-07-10 15:16:15 -07:00
anthony 815584ead0 VPC : CS-15507, use correct chain for lb 2012-07-09 18:33:37 -07:00
anthony 5cd6516d21 CS-15506 : allow traffic going out domr in FORWARD chain 2012-07-09 18:33:37 -07:00
anthony 87a7fd1a26 VPC : CS-15501, outbound only work on new connection 2012-07-09 11:48:28 -07:00
anthony 417c435622 VPC : loadbalance go through inbound chain 2012-07-09 10:16:33 -07:00
anthony 94e26a00f4 VPC : VMs may access this static nat ip 2012-07-09 09:53:52 -07:00
anthony c18da90355 VPC : move egress chain to PREROUTING 2012-07-06 19:05:01 -07:00