Hi, Another issue we noted after upgrading ACS from 4.2 to 4.8.1.1 is that site-to-site VPN is not working. From GUI, I cannot even go to Home > Network > Select view: VPN customer gateway with below error messages shown on the GUI:
==== Caught: com.mysql.jdbc.JDBC4PreparedStatement@45ae1e69: SELECT s2s_customer_gateway.id, s2s_customer_gateway.uuid, s2s_customer_gateway.name, s2s_customer_gateway.gateway_ip, s2s_customer_gateway.guest_cidr_list, s2s_customer_gateway.ipsec_psk, s2s_customer_gateway.ike_policy, s2s_customer_gateway.esp_policy, s2s_customer_gateway.ike_lifetime, s2s_customer_gateway.esp_lifetime, s2s_customer_gateway.dpd, s2s_customer_gateway.force_encap, s2s_customer_gateway.domain_id, s2s_customer_gateway.account_id, s2s_customer_gateway.removed FROM s2s_customer_gateway INNER JOIN account ON s2s_customer_gateway.account_id=account.id WHERE s2s_customer_gateway.removed IS NULL AND (account.type != 5 ) ORDER BY s2s_customer_gateway.id DESC LIMIT 0, 20 ==== This is the error messages on CloudStack management server: ==== 2016-11-06 18:00:30,218 DEBUG [c.c.u.c.DBEncryptionUtil] (http-8080-2:ctx-da483727 ctx-695addac) (logid:3d3a6225) Error while decrypting: XXXXXXXX 2016-11-06 18:00:30,218 ERROR [c.c.a.ApiServer] (http-8080-2:ctx-da483727 ctx-695addac) (logid:3d3a6225) unhandled exception executing api command: [Ljava.lang.String;@ 6ad8a1d4 com.cloud.utils.exception.CloudRuntimeException: Caught: com.mysql.jdbc.JDBC4PreparedStatement@55edbe9c: SELECT s2s_customer_gateway.id, s2s_customer_gateway.uuid, s2s_ customer_gateway.name, s2s_customer_gateway.gateway_ip, s2s_customer_gateway.guest_cidr_list, s2s_customer_gateway.ipsec_psk, s2s_customer_gateway.ike_policy, s2s_custo mer_gateway.esp_policy, s2s_customer_gateway.ike_lifetime, s2s_customer_gateway.esp_lifetime, s2s_customer_gateway.dpd, s2s_customer_gateway.force_encap, s2s_customer_g ateway.domain_id, s2s_customer_gateway.account_id, s2s_customer_gateway.removed FROM s2s_customer_gateway INNER JOIN account ON s2s_customer_gateway.account_id=account .id WHERE s2s_customer_gateway.removed IS NULL AND (account.type != 5 ) ORDER BY s2s_customer_gateway.id DESC LIMIT 0, 20 ==== Note that on "Error while decrypting: XXXXXXXX", I checked that XXXXXXXX is the cleartext IPsec preshared key (ipsec_psk field on s2s_customer_gateway table on the database). It seems that CloudStack tries to decrypt a clear-text / non-encrypted password? Does the ipsec_psk field on the database supposed to store the encrypted IPsec pre-shared key for the VPN connection under CloudStack version 4.8.1.1? I am able to execute the SELECT command on the database directly without any issues. Any help is greatly appreciated. Thank you.
