upgrades?
- Rohit
<https://cloudstack.apache.org>
From: Khosrow Moossavi
Sent: Thursday, April 5, 2018 3:15:07 AM
To: dev
Subject: Re: [DISCUSS] New VPN implementation based on IKEv2 backed by Vault
Thanks Ilya for the feedback.
The way I currently imple
ramework. CloudStack
> can
> > > > manage certificates now, including creating them itself and acting
> as a
> > > > root CA.
> > > >
> > > >
> > > >
> > > >
> > > > Kind regards,
> > >
> >
> > > Paul Angus
> > >
> > > paul.an...@shapeblue.com
> > > www.shapeblue.com
> > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > > @shapeblue
> > >
> > >
> > >
> > >
> > >
aul Angus
> >
> > paul.an...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> >
> > -Original Message-----
> > From: Rafael Weingärtner
> > Sent: 04 Ap
N 4HSUK
> @shapeblue
>
>
>
>
> -Original Message-
> From: Rafael Weingärtner
> Sent: 04 April 2018 16:51
> To: dev
> Subject: Re: [DISCUSS] New VPN implementation based on IKEv2 backed by
> Vault
>
> Thanks for sharing the details. Now I have a better pe
-Original Message-
From: Rafael Weingärtner
Sent: 04 April 2018 16:51
To: dev
Subject: Re: [DISCUSS] New VPN implementation based on IKEv2 backed by Vault
Thanks for sharing the details. Now I have a better perspective of the
proposal.It is an interesting integration of CloudStack VPN
Thanks for sharing the details. Now I have a better perspective of the
proposal.It is an interesting integration of CloudStack VPN service with
Vault PKI feature.
On Wed, Apr 4, 2018 at 12:38 PM, Khosrow Moossavi
wrote:
> One of the things Vault does is essentially one of the thing Let's Encrypt
One of the things Vault does is essentially one of the thing Let's Encrypt
does,
acting as CA and generating/signing certificates.
>From the Vault website itself:
"HashiCorp Vault secures, stores, and tightly controls access to tokens,
passwords,
certificates, API keys, and other secrets in moder
Got it. Thanks for the explanations.
There is one other thing I do not understand. This Vault thing that you
mention, how does it work? Is it similar to let's encrypt?
On Wed, Apr 4, 2018 at 12:15 PM, Khosrow Moossavi
wrote:
> On Wed, Apr 4, 2018 at 10:36 AM, Rafael Weingärtner <
> rafaelweingar
On Wed, Apr 4, 2018 at 10:36 AM, Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:
> So, you need a certificate that is signed by the CA that is used by the VPN
> service. Is that it?
>
>
Correct, a self signed "server certificate" against CA, to be installed
directly on VR.
>
> It has be
So, you need a certificate that is signed by the CA that is used by the VPN
service. Is that it?
It has been a while that I do not configure these VPN systems; do you need
access to the private key of the CA? Or, does the program simply validate
the user (VPN client) certificate to see if it is
Rafael,
We cannot use SshKeyPair functionality because the proposed VPN
implementation
does need a signed certificate and not a ssh key pair. The process is as
follow:
1) generate root CA (if doesn't exist)
2) generate bunch of intermediate steps (config urls, CRLs, role name, ...)
[I'm not going
Khosrow thanks for the interesting feature. You mention two possible
methods to manage certificates; one using the CA framework, and other using
third party such as Vault and Let’s Encrypt.
Have you considered using the sshKeyPair API methods (is it part of the CA
framework?)? I mean, users alread
Hi Community
I want to open up a discussion around the new Remote Access VPN
implementation on VRs. Currently
we have only L2TP implementation, which lacks different features (such as
verbos logging), so we
decided to start developing new implementation based on IKEv2 (on top of
the existing stron
14 matches
Mail list logo
