Github user pdion891 commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/872#discussion_r47089553
--- Diff: systemvm/patches/debian/vpn/etc/ipsec.d/l2tp.conf ---
@@ -30,4 +35,5 @@ conn L2TP-PSK
# ----------------------------------------------------------
# Change 'ignore' to 'add' to enable this configuration.
#
+ rightsubnetwithin=10.1.2.0/8
--- End diff --
Having hardcoded 10.0.0.0/8 cannot work on remote management VPN. Because
if the remote client internal subnet is in the 10.0.0.0/8 the VPN will fail to
update routes on the client side.
Why not have /24 hardcoded but based on the ip range defined in the global
settings?
so if user set 172.16.0.10 - 18 it will be using 172.16.0.0/24? Or the
cleanest method would be to use the smallest available subnet but this would
require more code I guest. in this example the subnet would be set to
172.16.0.0/27
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
