Hi guys,
sha1-aes256;modp3072 works if I use the UI or cloudmonkey, that's why I am
thinking it must be terraform or some weird encoding issues.
I tried replacing ; with - and also using modp2048, to no avail.
"* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer Gateway
test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway
IKE policy sha1-aes256-modp2048 is invalid! Verify the required Diffie Hellman
(DH) group is specified."}"
Logs here
https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
> From: "Jayapal Uradi" <[email protected]>
> To: "dev" <[email protected]>
> Sent: Wednesday, 22 November, 2017 04:20:53
> Subject: Re: Fail with vpn customer gateway creation through terraform
> Hi Lucian,
>
> Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the
> config.
>
> New: "sha1-aes256-modp3072”
> Old: "sha1-aes256;modp3072”
>
> Thanks,
> Jayapal
> On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion
> <[email protected]<mailto:[email protected]>> wrote:
>
> Hi Nux,
>
> Could it be your cloudstack version ? modp3072 is recent I think in
> CloudStack so if you run a older version maybe it's not there?
>
>
>
> On Tue, Nov 21, 2017 at 6:55 PM, Nux! <[email protected]<mailto:[email protected]>>
> wrote:
>
> Thanks Chiradeep,
>
> Checked but brain says no. What should I have learned from there?
>
> AFAIK this is a terraform fail.
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro<http://www.nux.ro>
>
> ----- Original Message -----
> From: "Chiradeep Vittal" <[email protected]>
> To: "dev" <[email protected]>
> Sent: Tuesday, 21 November, 2017 19:14:16
> Subject: Re: Fail with vpn customer gateway creation through terraform
>
> Check
> https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2
> ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221
>
> On Tue, Nov 21, 2017 at 10:11 AM, Nux! <[email protected]> wrote:
>
> Hi,
>
> I'm trying out terraform and had success so far, except for the vpn
> customer gateway feature.
> For some reason, terraform fails to create it, though I use the same
> options as in UI/cloudmonkey where it works just fine.
>
> The snippet for it is:
>
> resource "cloudstack_vpn_customer_gateway" "default" {
> name = "test-vpc"
> cidr = "10.0.0.0/24"
> esp_policy = "aes256-sha1"
> gateway = "1.2.3.4"
> ike_policy = "sha1-aes256;modp3072"
> ipsec_psk = "terraformxyz7"
> }
>
> It always complains about the ike_policy:
> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer
> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The
> customer gateway IKE policy sha1-aes256;modp3072 is invalid! Verify the
> required Diffie Hellman (DH) group is specified."}
>
> I tried all sorts of ways to write the ike_policy, escaped, web
> encoded/decoded, nothing worked. What am I missing?
> The example terraform docs provide suffers the same fate.
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the
> property of Accelerite, a Persistent Systems business. It is intended only for
> the use of the individual or entity to which it is addressed. If you are not
> the intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Accelerite, a Persistent Systems business does not accept any liability for
> virus infected mails.
