Erik, If it doesn't work it is probably been blocked on purpose but I don't see why it is. I don't know your use case either and it seems an unlikely one. But if the 50.0.1 net is out of your control you maybe should be able to configure this. So I would say it is a bug/lack of feature. I'll look into the code for the place the error is generated.
in short: file a ticket On Wed, May 21, 2014 at 2:34 PM, Erik Weber <terbol...@gmail.com> wrote: > I understand that, but what my client wants is to connect public ips > instead of rfc1918 on one of the sides. > > e.g. one network has 10.0.1.0/24 and ip 1.2.3.4 > the other has 50.0.1.0/24 and ip 50.0.0.1 > > but cloudstack currently does not let you do that, because it expects cidrs > to be rfc1918. see log excerpt: > > 2014-05-21 12:30:42,326 WARN [c.c.u.n.NetUtils] > (API-Job-Executor-7:job-3072 ctx-bf3922b1) cidr 50.0.1.0/24 is not RFC 1918 > compliant > 2014-05-21 12:30:42,335 ERROR [c.c.a.ApiAsyncJobDispatcher] > (API-Job-Executor-7:job-3072) Unexpected exception while executing > org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd > com.cloud.exception.InvalidParameterValueException: The customer gateway > guest cidr list 50.0.1.0/24 is invalid guest cidr! > at > com.cloud.network.vpn.Site2SiteVpnManagerImpl.createCustomerGateway(Site2SiteVpnManagerImpl.java:176) > > I'm wondering if this is a bug/lacking feature, or intended. > As I initially said I'm not a network guy, so there might be perfectly good > reasons this shouldn't be allowed. > > But if it's a bug/lacking feature it would be great to know so that I could > file a ticket for it. > > -- > Erik Weber > > > On Wed, May 21, 2014 at 2:09 PM, Daan Hoogland <daan.hoogl...@gmail.com>wrote: > >> Erik, >> >> The vpn let's you connect to all the computers in the network on the >> other site on their private adresses. This means that you can give the >> cidr of the remote network in the definition on vpn connection. >> >> one network has 10.0.1.0/24 and ip 1.2.3.4 >> the other has 10.0.2.0/24 and ip 4.3.2.1 >> >> on the first you define endpoint/gateway 4.3.2.1 with cidr 10.0.1.0/24 >> and you make it passive >> on the second you define the adresses of the first and stat is without >> the passive function >> now you can ping a machine with address 10.0.1.123 from a machine with >> ip 10.0.2.246 >> >> Of course you can do this to an external network as well, which makes >> far more sense. >> >> On Wed, May 21, 2014 at 12:14 PM, Erik Weber <terbol...@gmail.com> wrote: >> > >> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Installation_Guide/vpn.html#site-to-site-vpnstates >> : >> > >> > >> > - *CIDR list*: The guest CIDR list of the remote subnets. Enter a CIDR >> > or a comma-separated list of CIDRs. Ensure that a guest CIDR list is >> not >> > overlapped with the VPC’s CIDR, or another guest CIDR. The CIDR must >> be >> > RFC1918-compliant. >> > >> > >> > I'm not a network guy, so excuse the question if it's obvious, but if a >> > customer only has public ip's on their end, why is rfc1918 required? >> > >> > >> > -- >> > Erik Weber >> >> >> >> -- >> Daan >> -- Daan
