etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloudstack/utils
History
Wei Zhou 8659d9691b
Netris FR1b: Support Remote Access VPN and Site-to-Site VPN in VPC VR (#41) 
* Static Routes: support nexthop

* Update api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java

Co-authored-by: Pearl Dsilva <pearl1594@gmail.com>

* PR#10064 VR: apply iptables rules when add/remove static routes

* PR#10065 UI: fix cannot open 'Edit tags' modal for static routes

* PR#10066 Static Routes: fix check on wrong global configuration

* PR#10067 VR: fix site-2-site VPN if split connections is enabled

* PR#10081 server: do not allocate nic on public network for NSX VPC VR

* PR#10082 UI: create VPC network offering with conserve mode

* PR#10083 VR: allow outgoing traffic from RAS/VPN clients

* PR#10086 server: fix typo removeaccessvpn in VirtualRouterElement

* server: Add check on Public IP for remote access VPN

* Revert "PR#10083 VR: allow outgoing traffic from RAS/VPN clients"

This reverts commit 2f9b9f428947cac91de322fbdf4a980902a1c0a0.

* VPC: fetch same used IP for domain router if VR is not Source NAT

* VR: pass has_public_network to VR and configure RA/S2S VPN left peers

* Revert "PR#10081 server: do not allocate nic on public network for NSX VPC VR"

This reverts commit 809e269ed6b361d9df1fcef6537762c5612863e0.

* VPC: fetch same used IP for domain router if VR is not Source NAT (v2)

* VR: fix /etc/hosts and nameservers in dnsmasq.conf if VPC VR is not guest gateway

prior to this PR
```
root@r-1167-VM:~# cat /etc/hosts
127.0.0.1	localhost
127.0.1.1	r-1167-VM
::1	localhost ip6-localhost ip6-loopback
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.21.1.33	dummy-vpc-vpn-001
172.21.1.1	r-1167-VM data-server

root@r-1167-VM:~# cat /etc/dnsmasq.d/cloud.conf
dhcp-hostsfile=/etc/dhcphosts.txt
listen-address=127.0.0.1,172.21.1.234
dhcp-range=set:interface-eth1-0,172.21.1.234,static
dhcp-option=tag:interface-eth1-0,15,cs2cloud.internal
dhcp-option=tag:interface-eth1-0,6,172.21.1.1,10.0.32.1,8.8.8.8
dhcp-option=tag:interface-eth1-0,3,172.21.1.1
dhcp-option=eth1,26,1500
dhcp-option=tag:interface-eth1-0,1,255.255.255.0
```

the lines should be
```
172.21.1.234  r-1167-VM data-server

dhcp-option=tag:interface-eth1-0,6,10.0.32.1,8.8.8.8
```

* server: Enable static NAT for Domain router if it is not Source NAT

* server: Enable static NAT for Domain router on UI

* server: assign Public IP to VPC VR and enable static nat if VR is not Source NAT

* server: configure dns1 if VR is not Source NAT

* server: remove check on Firewall service when list network service providers

* UI: remove dot from message.enabled.vpn

* systemvm: add default route via first guest gateway if VR does not have public IP/interface

* VR: add fw_dhcpserver for shared network

* VR: pass has_public_network to VR and configure RA/S2S VPN left peers (v2)

* UI: fix request error when create a VPC tier in a non-Netris/NSX env

* systemvm: add default route via first guest gateway (v2)

* VR: configure iptables rules for S2S vpn on first guest interface

* VR: allow FORWARD to guest interfaces if VR is not Public

* VR: configure remote access vpn on first guest interface if not public

* VR: fix error 789 in RA VPN client when both RA and S2S are configured

* server: Apply Static Route for RA/S2S VPN in VPC VR

* VR: do not set mark for Public interface when VR is not really public

* VPN: do not disable static nat if it is used by a RA/S2S VPN

* server: skip check on network conserve mode if disable/enable RA VPN on Router IP

* server: set forRouter to false when release a IP

* VR: diable IP spoofing protection on default guest network

* VR: fix iptables rules only when only S2S vpn is enabled

* UI: show 'VPN Connections' section

* VPC: new methods to configure/reconfigure Static NAT for VPC VR

* API: set Type in ip address response to DomainRouter if it is used by VR

* server: do not allow IP release if it is used by RA or S2S VPN gateway

* VR: check if interface is added

* VR: add default route only when ip is associated to first guest interface

* VR: fix ipsec conf for l2tp and s2s vpn

* server: save placeholder IP for VPC VR to fix the new VR IP when vpc tier is auto-shutdown

* server: get non-placeholder NIC for VPC VR

* VR: wait 15 seconds after starting password server

* server: fix unable to configure static nat due to 'invalid virtual machine id'

* UI: fix link of router in info card

* VPC: apply static route for VPC VPN if needed (refactoring)

* server: fix VR IP of first VPC tier is the VM gateway

* server: update or remove all existing static routes when shutdown a network

* server: update ipaddress after disabling static nat to fix vpc deletion issue

* servr: disable remote access VPN as part of VPC dstroy

* server: apply static routes when implement a vpc tier

* server: apply static routes even if next hop is null

* server: fix Cannot invoke "com.cloud.vm.NicProfile.getRequestedIPv4()" because "requested" is null

* Netris: Update Vpn provider to VpcVirtualRouter

* Netris: Add Vpn service to network offerings and networks

* server: fix CIDR of VPN ip range

* server: set isVrGuestGateway by SoureNat/Gateway service with Provider.VPCVirtualRouter

* VR: password server takes 10-15 seconds to start if VR IP is not configured in /etc/hosts

* Netris: add back routesPutBody.setStateStatus

* engine/schema: remove SQL changes in schema-41910to42000.sql

---------

Co-authored-by: Pearl Dsilva <pearl1594@gmail.com>
 		2024-12-20 08:53:48 -05:00
..
bindir fixing utils license header 2012-06-06 23:06:02 -04:00
conf Normalize loggers and upgrade log4j 1.2 to log4j 2.19 (#7131) 2024-02-08 09:55:41 -03:00
src Netris FR1b: Support Remote Access VPN and Site-to-Site VPN in VPC VR (#41) 2024-12-20 08:53:48 -05:00
pom.xml Updating pom.xml version numbers for release 4.20.0.0 2024-11-19 08:54:07 -03:00