Changed 'auto=add' to 'auto=start' to make sure the tunnel starts.
When both sides are there they will connect. This resolves the
issue that there is only a small time frame in which the VPN
would connect.
(cherry picked from commit b95addd3ef)
Biglock breaks creating VPN's when other scripts run at the
same time that also use the same biglock. These other scripts
do nothing that could harm our deployment and even multiple
vpn's can safely be created simultaniously.
(cherry picked from commit 8b412ce194)
The booting sequence result in change of IPv6 related sysctl options was
overrided by sysctl.conf which is loaded later.
So this patch would patch sysctl.conf in VR as well, ensure IPv6 would be
enabled during booting period otherwise the network setup may not work, result
in IPv6 VM deployment failure.
The old way would disconnect all the existing connections through haproxy when
reload the config.
This new way would ensure that all the existing connections would still alive
after reload the config.
Just prefer TLS over SSL in apache configuration in systemvm
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 88acc9bd53)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
OSX always declaims it's behind NAT no matter it's true or not, thus result in
confusion of openswan.
Add parameter "forceencaps=yes" to openswan to make sure non NAT VPN connection
from OSX can pass through.
This fix is to correct the JP keyboard mapping for VMs with windows and centOS GUI
and CLI OS on VMware hypervisor. Also fixed some known issues on centOS CLI on XS
hypervisor. Fix is not causing any regression.
Sometime in VR ntpd would move time backward to keep sync with NTP server, which
can result in false alarm of keepalived monitering process.
This patch adds 3 strikes for keepalived process dead detection to avoid falsely
shutdown keepalived process due to time adjustment for only once.
Made changes so that uploading custom certificate works for ssvm.
1. Reboot ssvm only when private key is passed meaning the server cert is passed. This is because while uploading the server cert is the last to be uploaded. And we want to propagate the entire chain once uploading is done.
2. Change the SecStorageSetupCommand sent to ssvm so that it also carries the root cert apart from having the chain and the server cert and key.
3. Change ssvm agent code to be able to configure root cert to the java key store.
4. Change ssvm configure ssl script to insert the chain certs correctly.
5. Fix order of chain certificates for apache webserver in SSVM
6. Remove double encoding and decoding for uploadCustomCertificate API from UI and server code respectively, so that API call without UI works fine
7. Java 1.7 - disable using SNI since copyTemplate doesnt work for SSL.
In some network environment, 1*3 seconds by default make RvR setup too
sensitive. A configurable parameter would be better for fitting different
network environments.
Remi Bergsma
Sheng Yang
David Bierce
Joris van Lieshout
Rohit Yadav
Sanjay Tripathi
Saksham Srivastava
David Nalley
Frank Zhang
Daan Hoogland
Bharat Kumar
Jayapal
Fred Clift
Wido den Hollander
Hugo Trippaers
Saurav Lahiri
Nitin Mehta