Erik, The vpn let's you connect to all the computers in the network on the other site on their private adresses. This means that you can give the cidr of the remote network in the definition on vpn connection.
one network has 10.0.1.0/24 and ip 1.2.3.4 the other has 10.0.2.0/24 and ip 4.3.2.1 on the first you define endpoint/gateway 4.3.2.1 with cidr 10.0.1.0/24 and you make it passive on the second you define the adresses of the first and stat is without the passive function now you can ping a machine with address 10.0.1.123 from a machine with ip 10.0.2.246 Of course you can do this to an external network as well, which makes far more sense. On Wed, May 21, 2014 at 12:14 PM, Erik Weber <terbol...@gmail.com> wrote: > http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Installation_Guide/vpn.html#site-to-site-vpnstates: > > > - *CIDR list*: The guest CIDR list of the remote subnets. Enter a CIDR > or a comma-separated list of CIDRs. Ensure that a guest CIDR list is not > overlapped with the VPC’s CIDR, or another guest CIDR. The CIDR must be > RFC1918-compliant. > > > I'm not a network guy, so excuse the question if it's obvious, but if a > customer only has public ip's on their end, why is rfc1918 required? > > > -- > Erik Weber -- Daan
