etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloudstack/ui/scripts
History
Rajani Karuturi 13bfdd71e6 Merge pull request #1741 from swill/strongswanvpn 
Updated StrongSwan VPN ImplementationThis PR is a merge of @jayapalu changes in #872 and the changes I had to make to get the functionality working.

I have done pretty extensive testing of this code so far and we are looking to be in pretty good shape.  One thing to note is that a `Diffie-Hellman` group **is required** in order for this feature to work correctly.  It is not highlighted in the tests below, but I have shown that the `PFS` is not required for this feature to work.  In #872 I have shown a more exhaustive set of tests of this code, but I have limited this set of tests to a recommended `IKE` and `ESP` configuration in order to reduce the noise and test the other areas of functionality.

**Test Results**
I am testing this functionality by creating two VPCs with VMs in each and creating a S2S VPN connection between the two VPCs. Then I SSH into a VM in one VPC and I ping the private IP of a VM in the other VPC. Then I tear it down and try a different configuration.

_Setup_

```
VPC 1                          VPC 2
=====                          =====
VPN Gateway                    VPN Gateway
VPN Customer Gateway           VPN Customer Gateway
VPN Connection        <--->    VPN Connection
 - Passive = True               - Passive = False
```

_Legend_
`SKIP` => At least one of the VPN Connections did not come up, so no test was run.
`OK` => The ping test was successful over the S2S VPN connection.
`FAIL` => The ping test failed over the S2S VPN connection.

`Passive` => Specifies if either the `<vpc_1> : <vpc_2>` sides of the VPN Connection is set to passive.
`Conn State` => Specifies the connection status of the `<vpc_1> : <vpc_2>` VPN Connection in the UI.
`Requires Reset` => If the ping test does not result in an `OK`, then a VPN Connection Reset is performed on either `<vpc_1> : <vpc_2>` sides of the VPN Connection based on which side is not showing `Connected`.  The results in the `Status` column is the final result after the reset is performed.

_Results_

```
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| Status | IKE & ESP            | DPD   | Encap | IKE Life | ESP Life | Passive       | Conn State                  | Requires Reset |
+========+======================+=======+=======+==========+==========+===============+=============================+================+
| OK     | aes128-sha1;modp1536 | True  | False | 86400    | 3600     | True : False  | Disconnected : Connected    | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | True  | True  | 86400    | 3600     | True : False  | Disconnected : Connected    | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | True  | False |          | 3600     | True : False  | Disconnected : Connected    | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | True  | False | 86400    |          | True : False  | Disconnected : Connected    | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | True  | False |          |          | True : False  | Disconnected : Connected    | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | True  | False | 86400    | 3600     | False : False | Connected : Connected       | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | True  | False | 86400    | 3600     | True : True   | Disconnected : Disconnected | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | True  | False | 86400    | 3600     | False : True  | Connected : Disconnected    | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | False | False | 86400    | 3600     | False : False | Connected : Connected       | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | False | False | 86400    | 3600     | True : False  | Disconnected : Connected    | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | False | False | 86400    | 3600     | True : True   | Disconnected : Disconnected | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| OK     | aes128-sha1;modp1536 | False | False | 86400    | 3600     | False : True  | Connected : Disconnected    | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| SKIP   | aes128-sha1          | True  | False | 86400    | 3600     | True : False  | Disconnected : Error        | True : False   |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| SKIP   | aes128-sha1          | False | False | 86400    | 3600     | True : False  | Disconnected : Error        | True : False   |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| FAIL   | aes128-sha1          | True  | False | 86400    | 3600     | True : True   | Disconnected : Disconnected | True : True    |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
| SKIP   | aes128-sha1          | True  | False | 86400    | 3600     | False : False | Connected : Error           | False : False  |
+--------+----------------------+-------+-------+----------+----------+---------------+-----------------------------+----------------+
```

* pr/1741:
  complete implementation of the StrongSwan VPN feature

Signed-off-by: Rajani Karuturi <rajani.karuturi@accelerite.com>
 		2017-02-14 17:59:17 +05:30
..
ui Merge pull request #1270 from anshul1886/CLOUDSTACK-9194 2016-04-28 16:00:47 -04:00
ui-custom Merge pull request #1767 from nvazquez/userVmAndTemplatesDetails 2017-02-08 12:12:37 +05:30
accounts.js CLOUDSTACK-8562: DB-Backed Dynamic Role Based API Access Checker 2016-05-11 09:45:19 +05:30
accountsWizard.js CLOUDSTACK-8562: DB-Backed Dynamic Role Based API Access Checker 2016-05-11 09:45:19 +05:30
affinity.js Removed leading tabs from ui/scripts/*.js 2015-08-07 11:58:13 +02:00
autoscaler.js CLOUDSTACK-9229: Autoscale policy creation failing in VPC due to zoneid missing in createAutoScaleVmProfile 2016-01-13 15:47:06 +05:30
cloud.core.callbacks.js Removed leading tabs from ui/scripts/*.js 2015-08-07 11:58:13 +02:00
cloudStack.js CLOUDSTACK-8562: DB-Backed Dynamic Role Based API Access Checker 2016-05-11 09:45:19 +05:30
configuration.js CLOUDSTACK-9403: Support for shared networks in Nuage VSP plugin 2016-12-07 10:03:28 +01:00
dashboard.js CLOUDSTACK-9335: fix typo in dashboard's fetchlatest usage 2016-04-07 23:14:21 +05:30
docs.js Merge pull request #1319 from nitin-maharana/CloudStack-Nitin15_4.7 2016-01-19 17:44:56 +01:00
domains.js CLOUDSTACK-9220 Sort list of domains on Domain tab in UI 2016-01-09 21:02:38 +01:00
events.js Removed trailing whitespace from ui/scripts/*.js 2015-08-07 11:25:15 +02:00
globalSettings.js Removed leading tabs from ui/scripts/*.js 2015-08-07 11:58:13 +02:00
installWizard.js api: avoid sending sensitive data in api response 2015-03-11 16:34:56 +05:30
instanceWizard.js Merge release branch 4.6 to 4.7 2016-01-28 13:31:26 +01:00
instances.js Merge pull request #844 from ustcweizhou/assignvm-master 2017-02-09 11:54:40 +05:30
lbStickyPolicy.js CLOUDSTACK-8744 Add missing localization (l10n) for several parts in the UI 2015-08-18 11:16:14 +01:00
metrics.js Merge branch '4.8' into 4.9 2016-11-01 14:05:43 +05:30
network.js complete implementation of the StrongSwan VPN feature 2017-02-02 16:18:06 -05:00
plugins.js Plugin API: Support multiple JS includes per plugin 2014-01-27 12:39:36 -08:00
projects.js Add to project detail page: cpu,memory,template,storage and VMs count 2016-08-08 20:04:55 -04:00
regions.js CLOUDSTACK-9272: No option in UI to add GSLB with service type "HTTP" 2016-02-03 09:52:13 +05:30
roles.js CLOUDSTACK-8562: DB-Backed Dynamic Role Based API Access Checker 2016-05-11 09:45:19 +05:30
sharedFunctions.js CLOUDSTACK-676: IPv6 In -and Egress filtering for Basic Networking 2017-01-26 15:36:20 +01:00
storage.js CLOUDSTACK-8746: vm snapshot implementation for KVM 2017-01-24 21:47:30 +01:00
system.js Merge branch '4.9' 2016-12-22 11:59:02 +05:30
templates.js CLOUDSTACK-9457: Allow retrieval and modification of VM and template details via API and UI 2016-12-27 23:33:50 -03:00
vpc.js Merge pull request #1301 from nitin-maharana/CloudStack-Nitin3_4.7 2016-01-16 19:40:07 +01:00
zoneWizard.js CLOUDSTACK-9044: Add RBD Primary Storage to the Zone Wizard. 2015-11-08 18:22:39 +01:00