Jeremy, I will give you here my observations and experience on ipsec and remote VPN per my experience (anyone please correct me if Im wrong - this is pure experience, not how it perhaps should be meant to be)
- ipsec tunesl - worked for us always (acs 4.5.1 + kvm - plus vxlan, previously vlan segmentation - doesnt really matter) - all remote locations to which you make ipsec tunnels and the VPC supercidr - must be NON-overlapping IPs/networks = whole VPC super CIDR must NOT exist on remote end, to avoid routing issue when VR decides to send packets to remote ipsec tunnel end or not. - obviously this is already working for you... - Remote VPN: - 4.4 had problems with Mac connecting at all, this was fixed in 4.5 - In 4.5 All windows/linux/mac should be able to connect at all. - When you setup Remote VPN, in order to be able to access IP/VMs inside VPC, you must route all traffic over VPN connections - or perhaps make static routes manually after the connection has been established (here you are - obviousy NOT routing all traffic over internet connection) - IF you route all traffic over VPC connection - than your laptop will not have internet access, only access to inside VPC. First way is better kind od spliting tunnel, but again seting static routes is PITA. Hope it helps, ping me with more specific questions if I can help... Thanks On 10 September 2015 at 11:31, Remi Bergsma <[email protected]> wrote: > @Jayapal can you verify VPN is supposed to work on Mac OSX or not? > > > > > On 10/09/15 01:47, "Jeremy Peterson" <[email protected]> wrote: > > >So I'm still looking into this has anyone ever tried this? > > > >Do you have anyone I can talk to? > > > >I've been asking since 8.29.2015 > > > >I guess the issue is on a Mac since my VPN network is 10.1.2.0/24 and my > VPC network is 192.168.2.0/24 he cannot connect. > >I tested it out on windows 8, 7, 10, 8.1 all work as expected. > > > >I don't have a Mac I can test with so I was hoping someone here would > have any advise. > > > >Jeremy > > > >-----Original Message----- > >From: Jeremy Peterson [mailto:[email protected]] > >Sent: Tuesday, September 8, 2015 8:12 AM > >To: [email protected] > >Subject: RE: VPC VPN Connectivity Issues > > > >No my issue is not resolved I've been reaching out to the IRC channel and > have not received notification of anyone knowing what my issue could be. > > > >It would be great to get some traction this week on the issue. I keep > having to open ACL for public access to the servers as this user is unable > to get to the server via VPN. > > > >Jeremy > > > >-----Original Message----- > >From: Remi Bergsma [mailto:[email protected]] > >Sent: Saturday, September 5, 2015 10:11 AM > >To: <[email protected]> <[email protected]> > >Subject: Re: VPC VPN Connectivity Issues > > > >Hi Jeremy, > > > >Did you already solve your problem? > > > >Not sure if it is possible to use the IPSec tunnels from remote VPN. > Firewall might be too strict, but haven't looked yet. > > > >Regards, Remi > > > >Sent from my iPhone > > > >> On 29 Aug 2015, at 17:00, Jeremy Peterson <[email protected]> > wrote: > >> > >> I am not sure if this was asked or answered but googling has led me no > where. > >> > >> > >> I am running cloudstack 4.5.0, XenServer 6.5, Advanced networking w/ > VLAN segmentation. > >> > >> > >> I have a VPC setup which i am using a IPSec tunnel back to a zywall > firewall and a monowall firewall. > >> > >> > >> Monowall Cloustack VPC zywall > >> > >> 192.168.1.0/24 192.168.2.0/24 192.168.71.0/24 > >> > >> > >> Tunnels are setup in vpc for both locations and servers in cloudstack > can connect to the world and connect to the monowall and zywall networks. > >> > >> > >> Everything is fine with that but when I have a remote user that needs > to VPN into the cloudstack VPC is where i am thrown into a whirlwind of > questions. > >> > >> > >> I setup a VPN connection on the VR for the VPC. > >> > >> I setup username/password. > >> > >> > >> The user sets up the connection on his Mac OSX and using split tunnel > can connect to the VPN. > >> > >> > >> My VPN network is 10.1.2.0/24 > >> > >> > >> He receives a 10.1.2.3 ip address. > >> > >> > >> He is unable to ping the IPSec Tunnel gateways 192.168.1.1 and > 192.168.71.1. > >> > >> > >> He can get to the world as his default gateway is his router. > >> > >> > >> I switched to push all traffic over the VPN to remove the split tunnel. > >> > >> > >> He is able to ping the 10.1.2.1 gateway on the VR > >> > >> > >> He is able to ping his gateway the VPC router 10.1.2.1. > >> > >> > >> He is able to ping the VPC network's gateway 192.168.2.1 > >> > >> He is unable to get to the world. I try to ping google dns 8.8.8.8 and > it doesnt' get past the VR 10.1.2.1 in traceroutes. > >> > >> I am looking for help on this as i'm confused. If I change him back to > a split tunnel as that would be prefered why is the tunnel not annoucing > all networks know to the VR. > >> > >> I was able to recreate this issue on windows 8.1. > >> > >> ?Jeremy > -- Andrija Panić
