Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
4.2.0, 4.3.0
-
Security Level: Public (Anyone can view this level - this is the default.)
-
None
Description
When you configure a Site 2 Site VPN Customer gateway the other end from CloudStack point of view is not allowed to be outside rfc1918 address scope.
There are use cases where the client / remote networks use official/public addresses and you want to encrypt / secure the traffic with VPN.
Log excerpt:
2014-05-21 12:30:42,326 WARN [c.c.u.n.NetUtils] (API-Job-Executor-7:job-3072 ctx-bf3922b1) cidr 50.0.1.0/24 is not RFC 1918 compliant
2014-05-21 12:30:42,335 ERROR [c.c.a.ApiAsyncJobDispatcher] (API-Job-Executor-7:job-3072) Unexpected exception while executing org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd
com.cloud.exception.InvalidParameterValueException: The customer gateway guest cidr list 50.0.1.0/24 is invalid guest cidr!
at com.cloud.network.vpn.Site2SiteVpnManagerImpl.createCustomerGateway(Site2SiteVpnManagerImpl.java:176)
Expected behavior is that guest cidr should be allowed as long as it's a valid cidr, including if it's outside of RFC1918