Are you creating a site to site vpn or connecting to an external network? On Wed, May 21, 2014 at 5:02 PM, Daan Hoogland <daan.hoogl...@gmail.com> wrote: > Erik, If it doesn't work it is probably been blocked on purpose but I > don't see why it is. I don't know your use case either and it seems an > unlikely one. But if the 50.0.1 net is out of your control you maybe > should be able to configure this. So I would say it is a bug/lack of > feature. I'll look into the code for the place the error is generated. > > in short: file a ticket > > On Wed, May 21, 2014 at 2:34 PM, Erik Weber <terbol...@gmail.com> wrote: >> I understand that, but what my client wants is to connect public ips >> instead of rfc1918 on one of the sides. >> >> e.g. one network has 10.0.1.0/24 and ip 1.2.3.4 >> the other has 50.0.1.0/24 and ip 50.0.0.1 >> >> but cloudstack currently does not let you do that, because it expects cidrs >> to be rfc1918. see log excerpt: >> >> 2014-05-21 12:30:42,326 WARN [c.c.u.n.NetUtils] >> (API-Job-Executor-7:job-3072 ctx-bf3922b1) cidr 50.0.1.0/24 is not RFC 1918 >> compliant >> 2014-05-21 12:30:42,335 ERROR [c.c.a.ApiAsyncJobDispatcher] >> (API-Job-Executor-7:job-3072) Unexpected exception while executing >> org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd >> com.cloud.exception.InvalidParameterValueException: The customer gateway >> guest cidr list 50.0.1.0/24 is invalid guest cidr! >> at >> com.cloud.network.vpn.Site2SiteVpnManagerImpl.createCustomerGateway(Site2SiteVpnManagerImpl.java:176) >> >> I'm wondering if this is a bug/lacking feature, or intended. >> As I initially said I'm not a network guy, so there might be perfectly good >> reasons this shouldn't be allowed. >> >> But if it's a bug/lacking feature it would be great to know so that I could >> file a ticket for it. >> >> -- >> Erik Weber >> >> >> On Wed, May 21, 2014 at 2:09 PM, Daan Hoogland >> <daan.hoogl...@gmail.com>wrote: >> >>> Erik, >>> >>> The vpn let's you connect to all the computers in the network on the >>> other site on their private adresses. This means that you can give the >>> cidr of the remote network in the definition on vpn connection. >>> >>> one network has 10.0.1.0/24 and ip 1.2.3.4 >>> the other has 10.0.2.0/24 and ip 4.3.2.1 >>> >>> on the first you define endpoint/gateway 4.3.2.1 with cidr 10.0.1.0/24 >>> and you make it passive >>> on the second you define the adresses of the first and stat is without >>> the passive function >>> now you can ping a machine with address 10.0.1.123 from a machine with >>> ip 10.0.2.246 >>> >>> Of course you can do this to an external network as well, which makes >>> far more sense. >>> >>> On Wed, May 21, 2014 at 12:14 PM, Erik Weber <terbol...@gmail.com> wrote: >>> > >>> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Installation_Guide/vpn.html#site-to-site-vpnstates >>> : >>> > >>> > >>> > - *CIDR list*: The guest CIDR list of the remote subnets. Enter a CIDR >>> > or a comma-separated list of CIDRs. Ensure that a guest CIDR list is >>> not >>> > overlapped with the VPC’s CIDR, or another guest CIDR. The CIDR must >>> be >>> > RFC1918-compliant. >>> > >>> > >>> > I'm not a network guy, so excuse the question if it's obvious, but if a >>> > customer only has public ip's on their end, why is rfc1918 required? >>> > >>> > >>> > -- >>> > Erik Weber >>> >>> >>> >>> -- >>> Daan >>> > > > > -- > Daan
-- Daan
