Hi, [RESOLVED] Would like to share that I managed to find the workaround to the problem by emptying the password ipsec_psk field on the entry inside s2s_customer_gateway table, delete the VPN connection, modify the VPN customer gateway with the new password (we will notice that the encrypted format of the password will be populated into the ipsec_psk field), and then recreate the VPN connection. The VPN connection will then be established.
Hope the above can help others. Thank you. On Sun, Nov 6, 2016 at 6:16 PM, Cloud List <cloud-l...@sg.or.id> wrote: > Hi, > > Another issue we noted after upgrading ACS from 4.2 to 4.8.1.1 is that > site-to-site VPN is not working. From GUI, I cannot even go to Home > > Network > Select view: VPN customer gateway with below error messages shown > on the GUI: > > ==== > Caught: com.mysql.jdbc.JDBC4PreparedStatement@45ae1e69: SELECT > s2s_customer_gateway.id, s2s_customer_gateway.uuid, > s2s_customer_gateway.name, s2s_customer_gateway.gateway_ip, > s2s_customer_gateway.guest_cidr_list, s2s_customer_gateway.ipsec_psk, > s2s_customer_gateway.ike_policy, s2s_customer_gateway.esp_policy, > s2s_customer_gateway.ike_lifetime, s2s_customer_gateway.esp_lifetime, > s2s_customer_gateway.dpd, s2s_customer_gateway.force_encap, > s2s_customer_gateway.domain_id, s2s_customer_gateway.account_id, > s2s_customer_gateway.removed FROM s2s_customer_gateway INNER JOIN account > ON s2s_customer_gateway.account_id=account.id WHERE > s2s_customer_gateway.removed IS NULL AND (account.type != 5 ) ORDER BY > s2s_customer_gateway.id DESC LIMIT 0, 20 > ==== > > This is the error messages on CloudStack management server: > > ==== > 2016-11-06 18:00:30,218 DEBUG [c.c.u.c.DBEncryptionUtil] > (http-8080-2:ctx-da483727 ctx-695addac) (logid:3d3a6225) Error while > decrypting: XXXXXXXX > 2016-11-06 18:00:30,218 ERROR [c.c.a.ApiServer] (http-8080-2:ctx-da483727 > ctx-695addac) (logid:3d3a6225) unhandled exception executing api command: > [Ljava.lang.String;@ > 6ad8a1d4 > com.cloud.utils.exception.CloudRuntimeException: Caught: com.mysql.jdbc. > JDBC4PreparedStatement@55edbe9c: SELECT s2s_customer_gateway.id, > s2s_customer_gateway.uuid, s2s_ > customer_gateway.name, s2s_customer_gateway.gateway_ip, > s2s_customer_gateway.guest_cidr_list, s2s_customer_gateway.ipsec_psk, > s2s_customer_gateway.ike_policy, s2s_custo > mer_gateway.esp_policy, s2s_customer_gateway.ike_lifetime, > s2s_customer_gateway.esp_lifetime, s2s_customer_gateway.dpd, > s2s_customer_gateway.force_encap, s2s_customer_g > ateway.domain_id, s2s_customer_gateway.account_id, > s2s_customer_gateway.removed FROM s2s_customer_gateway INNER JOIN account > ON s2s_customer_gateway.account_id=account > .id WHERE s2s_customer_gateway.removed IS NULL AND (account.type != 5 ) > ORDER BY s2s_customer_gateway.id DESC LIMIT 0, 20 > ==== > > Note that on "Error while decrypting: XXXXXXXX", I checked that XXXXXXXX > is the cleartext IPsec preshared key (ipsec_psk field on > s2s_customer_gateway table on the database). It seems that CloudStack tries > to decrypt a clear-text / non-encrypted password? Does the ipsec_psk field > on the database supposed to store the encrypted IPsec pre-shared key for > the VPN connection under CloudStack version 4.8.1.1? > > I am able to execute the SELECT command on the database directly without > any issues. > > Any help is greatly appreciated. > > Thank you. >
