I have opened a Terraform issue about it, I guess for now we can't create vpn customer gw using it, I'll try to automate this by other means.
https://github.com/hashicorp/terraform/issues/16744 -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Nux!" <n...@li.nux.ro> > To: "dev" <dev@cloudstack.apache.org> > Sent: Wednesday, 22 November, 2017 14:01:36 > Subject: Re: Fail with vpn customer gateway creation through terraform > Ok, looking at the logs it looks like an encoding problem of sorts, when > terraform is making the calls, the policy appears as: > sha1-aes256%3Bmodp2048 > > When cloudmonkey makes the calls (successfully) the policy looks like it > should: > aes128-sha256;modp2048 > > Ideas? > > https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > ----- Original Message ----- >> From: "Nux!" <n...@li.nux.ro> >> To: "dev" <dev@cloudstack.apache.org> >> Sent: Wednesday, 22 November, 2017 09:11:28 >> Subject: Re: Fail with vpn customer gateway creation through terraform > >> Hi guys, >> >> sha1-aes256;modp3072 works if I use the UI or cloudmonkey, that's why I am >> thinking it must be terraform or some weird encoding issues. >> >> I tried replacing ; with - and also using modp2048, to no avail. >> >> "* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer >> Gateway >> test-vpc: Undefined error: {"errorcode":431,"errortext":"The customer gateway >> IKE policy sha1-aes256-modp2048 is invalid! Verify the required Diffie >> Hellman >> (DH) group is specified."}" >> >> >> Logs here >> >> https://paste.fedoraproject.org/paste/HpGdigqa33ZjTeIDrAwE9w >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro >> >> ----- Original Message ----- >>> From: "Jayapal Uradi" <jayapal.ur...@accelerite.com> >>> To: "dev" <dev@cloudstack.apache.org> >>> Sent: Wednesday, 22 November, 2017 04:20:53 >>> Subject: Re: Fail with vpn customer gateway creation through terraform >> >>> Hi Lucian, >>> >>> Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the >>> config. >>> >>> New: "sha1-aes256-modp3072” >>> Old: "sha1-aes256;modp3072” >>> >>> Thanks, >>> Jayapal >>> On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion >>> <pd...@cloudops.com<mailto:pd...@cloudops.com>> wrote: >>> >>> Hi Nux, >>> >>> Could it be your cloudstack version ? modp3072 is recent I think in >>> CloudStack so if you run a older version maybe it's not there? >>> >>> >>> >>> On Tue, Nov 21, 2017 at 6:55 PM, Nux! >>> <n...@li.nux.ro<mailto:n...@li.nux.ro>> >>> wrote: >>> >>> Thanks Chiradeep, >>> >>> Checked but brain says no. What should I have learned from there? >>> >>> AFAIK this is a terraform fail. >>> >>> Lucian >>> >>> -- >>> Sent from the Delta quadrant using Borg technology! >>> >>> Nux! >>> www.nux.ro<http://www.nux.ro> >>> >>> ----- Original Message ----- >>> From: "Chiradeep Vittal" <chirade...@gmail.com> >>> To: "dev" <dev@cloudstack.apache.org> >>> Sent: Tuesday, 21 November, 2017 19:14:16 >>> Subject: Re: Fail with vpn customer gateway creation through terraform >>> >>> Check >>> https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2 >>> ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221 >>> >>> On Tue, Nov 21, 2017 at 10:11 AM, Nux! <n...@li.nux.ro> wrote: >>> >>> Hi, >>> >>> I'm trying out terraform and had success so far, except for the vpn >>> customer gateway feature. >>> For some reason, terraform fails to create it, though I use the same >>> options as in UI/cloudmonkey where it works just fine. >>> >>> The snippet for it is: >>> >>> resource "cloudstack_vpn_customer_gateway" "default" { >>> name = "test-vpc" >>> cidr = "10.0.0.0/24" >>> esp_policy = "aes256-sha1" >>> gateway = "1.2.3.4" >>> ike_policy = "sha1-aes256;modp3072" >>> ipsec_psk = "terraformxyz7" >>> } >>> >>> It always complains about the ike_policy: >>> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer >>> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The >>> customer gateway IKE policy sha1-aes256;modp3072 is invalid! Verify the >>> required Diffie Hellman (DH) group is specified."} >>> >>> I tried all sorts of ways to write the ike_policy, escaped, web >>> encoded/decoded, nothing worked. What am I missing? >>> The example terraform docs provide suffers the same fate. >>> >>> Lucian >>> >>> -- >>> Sent from the Delta quadrant using Borg technology! >>> >>> Nux! >>> www.nux.ro >>> >>> >>> DISCLAIMER >>> ========== >>> This e-mail may contain privileged and confidential information which is the >>> property of Accelerite, a Persistent Systems business. It is intended only >>> for >>> the use of the individual or entity to which it is addressed. If you are not >>> the intended recipient, you are not authorized to read, retain, copy, print, >>> distribute or use this message. If you have received this communication in >>> error, please notify the sender and delete all copies of this message. >>> Accelerite, a Persistent Systems business does not accept any liability for > > > virus infected mails.
