VPN setting changes are not propagated to the Virtual Router

[kiranchavala]

problem

VPN setting change is immediately applied on the router

versions

ACS 4.22 and previous versions

The steps to reproduce the bug

Steps to reproduce the issue

1. Create a vpc network

2. Create a vpn connection in the vpc

Execute the following API CALL on the public ipaddress which is (Source NAT )

Give the iprange prameter

(localcloud) 🐱 > create remoteaccessvpn publicipid=b37982a6-00db-4448-8313-663f9d96fabc iprange=172.33.1.2-172.33.1.9
{
  "remoteaccessvpn": {
    "account": "admin",
    "domain": "ROOT",
    "domainid": "d3ef52dc-bfad-11f0-8635-bc24116ce151",
    "domainpath": "ROOT",
    "fordisplay": true,
    "id": "0cced683-e219-4947-8b0e-444c2ff17989",
    "iprange": "172.33.1.3-172.33.1.9",
    "presharedkey": "zq27dvDNaCupQ7hvgFCBg3t2",
    "publicip": "192.168.55.52",
    "publicipid": "b37982a6-00db-4448-8313-663f9d96fabc",
    "state": "Running"
  }
}

3. Now from a vpn client, connect to the VPN >> VPN connection is successfull and the client gets an ip in the range of 172.33.1.3-172.33.1.9

4. Delete the remoteaccessvpn

 (localcloud) 🐱 > delete remoteaccessvpn publicipid=b37982a6-00db-4448-8313-663f9d96fabc
{
  "success": true
}

5. Create again a vpn connetion in the vpc with a different ip range

(localcloud) 🐱 > create remoteaccessvpn publicipid=b37982a6-00db-4448-8313-663f9d96fabc iprange=10.3.1.1-10.3.1.9
{
  "remoteaccessvpn": {
    "account": "admin",
    "domain": "ROOT",
    "domainid": "d3ef52dc-bfad-11f0-8635-bc24116ce151",
    "domainpath": "ROOT",
    "fordisplay": true,
    "id": "0cced684-e219-4947-8b0e-444c2ff17989",
    "iprange": "10.3.1.1-10.3.1.9",
    "presharedkey": "CBbYRAVx3K8Wa7c7FkBpKQvV",
    "publicip": "192.168.55.52",
    "publicipid": "b37982a6-00db-4448-8313-663f9d96fabc",
    "state": "Running"
  }
}

6. Now from a vpn client, connect to the VPN >> VPN connection is successfull and the client still gets an ip in the range of 172.33.1.3-172.33.1.9

Workaround

Either to restart the xl2tp service in the router

service xl2tpd restart

or

Restart the vpc with cleanup option

From the vpn client connect again, this time the correct ip from the range is assigned

What to do about it?

Expected behaviour

CloudStack should automatically restart the service whenever there is a change in the vpn setting

[weizhouapache]

this issue may occur with older versions, right ? @kiranchavala

I found several vpn issues before (#10063). Almost all have been fixed, except one which may be related to this issue

Remote access VPN configuration (l2tp.conf) is not removed in VR when VPN is disabled

[kiranchavala]

this issue may occur with older versions, right ? @kiranchavala

I found several vpn issues before (#10063). Almost all have been fixed, except one which may be related to this issue

Remote access VPN configuration (l2tp.conf) is not removed in VR when VPN is disabled

@weizhouapache You mean older versions of Cloudstack ?

[weizhouapache]

@weizhouapache You mean older versions of Cloudstack ?

yes @kiranchavala

I made some changes on VPN implementation in ACS 4.22. just to confirm it is not caused by my changes 😄

[kiranchavala]

@weizhouapache the issue is also observed in the 4.20.1 release

[weizhouapache]

@weizhouapache the issue is also observed in the 4.20.1 release

thanks @kiranchavala

assigning to me. I will work on it in the bugfest