I understand that, but what my client wants is to connect public ips instead of rfc1918 on one of the sides.
e.g. one network has 10.0.1.0/24 and ip 1.2.3.4 the other has 50.0.1.0/24 and ip 50.0.0.1 but cloudstack currently does not let you do that, because it expects cidrs to be rfc1918. see log excerpt: 2014-05-21 12:30:42,326 WARN [c.c.u.n.NetUtils] (API-Job-Executor-7:job-3072 ctx-bf3922b1) cidr 50.0.1.0/24 is not RFC 1918 compliant 2014-05-21 12:30:42,335 ERROR [c.c.a.ApiAsyncJobDispatcher] (API-Job-Executor-7:job-3072) Unexpected exception while executing org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd com.cloud.exception.InvalidParameterValueException: The customer gateway guest cidr list 50.0.1.0/24 is invalid guest cidr! at com.cloud.network.vpn.Site2SiteVpnManagerImpl.createCustomerGateway(Site2SiteVpnManagerImpl.java:176) I'm wondering if this is a bug/lacking feature, or intended. As I initially said I'm not a network guy, so there might be perfectly good reasons this shouldn't be allowed. But if it's a bug/lacking feature it would be great to know so that I could file a ticket for it. -- Erik Weber On Wed, May 21, 2014 at 2:09 PM, Daan Hoogland <daan.hoogl...@gmail.com>wrote: > Erik, > > The vpn let's you connect to all the computers in the network on the > other site on their private adresses. This means that you can give the > cidr of the remote network in the definition on vpn connection. > > one network has 10.0.1.0/24 and ip 1.2.3.4 > the other has 10.0.2.0/24 and ip 4.3.2.1 > > on the first you define endpoint/gateway 4.3.2.1 with cidr 10.0.1.0/24 > and you make it passive > on the second you define the adresses of the first and stat is without > the passive function > now you can ping a machine with address 10.0.1.123 from a machine with > ip 10.0.2.246 > > Of course you can do this to an external network as well, which makes > far more sense. > > On Wed, May 21, 2014 at 12:14 PM, Erik Weber <terbol...@gmail.com> wrote: > > > http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Installation_Guide/vpn.html#site-to-site-vpnstates > : > > > > > > - *CIDR list*: The guest CIDR list of the remote subnets. Enter a CIDR > > or a comma-separated list of CIDRs. Ensure that a guest CIDR list is > not > > overlapped with the VPC’s CIDR, or another guest CIDR. The CIDR must > be > > RFC1918-compliant. > > > > > > I'm not a network guy, so excuse the question if it's obvious, but if a > > customer only has public ip's on their end, why is rfc1918 required? > > > > > > -- > > Erik Weber > > > > -- > Daan >
