THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Page History
...
- the main feature is pretty straight forward, a global setting is added to distinguish between L2TP and IKEv2 implementation
- the scripts changes on VR are pretty straight forward as well, the type of VPN added in the command being sent to VR and the corresponding ipsec config file will be loaded
- the main part of the design document will be around using external or start implementing internal PKI backend engine. which we will have multiple options (at least two)
- Using Vault as the PKI engine (recommended by author and fully implemented as of Apr 2018)
- Using Cloudstack as a self contained PKI engine (it's not recommended and it's not implemented)
- Using external services (such as Let's Encrypt) to generate and sign certificates (this is nice to have but will need to be discussed on ML)
- list of added settings are
| Name | Description | Default Value |
|---|---|---|
| pki.engine.certificate.brand | Brand name to be used in Certificate's common name | Cloudstack |
| pki.engine.certificate.common.name | Certificate's common name template (brand will be filled from 'pki.engine.certificate.brand', domain will be provided on the fly | __BRAND__ VPN __DOMAIN__ CA |
| pki.engine.vault.cca.ttl | Vault PKI root CA TTL (e.g. 87600h) | 87600h |
| pki.engine.vault.enabled | Enable Vault as the backend PKI engine | false |
| pki.engine.vault.mount.path | Vault PKI mount point prefix (must not end with trailing slash) | pki/cloudstack |
| pki.engine.vault.role.name | Vault PKI role name | cloudstack-vpn |
| pki.engine.vault.role.ttl | Vault PKI role TTL (e.g. 43800h) | 43800h |
| pki.engine.vault.token | Token to access Vault | (empty) |
| pki.engine.vault.token.role.id | App Role id to be used to fetch token to access Vault | (empty) |
| pki.engine.vault.token.secret.id | Secret id to be used to fetch token to access Vault | (empty) |
| pki.engine.vault.ttl | Vault PKI TTL (e.g. 87600h) | 87600h |
| pki.engine.vault.url | Full URL of Vault endpoint (e.g. http://127.0.0.1:8200) | http://127.0.0.1:8200 |
Web Services APIs
list changes to existing web services APIs and new APIs introduced with signatures and throughout documentation
...
Overview
Content Tools
Apps