You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Feature Reference

Unable to render Jira issues macro, execution error.

Introduction

Purpose

Provide the new VPN implementation based on IKEv2 rather than using existing L2TP implementation.

References

  • relevant links

Document History

Feature Specifications

  • provide a global settings to switch between L2TP and IKEv2 (only one can be active throughout an installation)
  • out of the box configuration of ipsec will be provided in /etc/ipsec.d/ikev2.conf
  • authentication will be done with EAP and Public Key
  • it will use self-signed certificates per domain act as CA on VRs
  • PKI backend engine (out of the box support)
    • Vault by HashiCorp
    • Default internal implementation (TBD on dev@)
    • External Services (such as Let's Encrypt) (TBD on dev@)
  • explain configuration characteristics:
    • configuration parameters or files introduced/changed
    • branding parameters or files introduced/changed
    • highlight parameters for performance tweaking
    • highlight how installation/upgrade scenarios change
  • deployment requirements (fresh install vs. upgrade) if any
  • system requirements: no special requirements needed
  • interoperability and compatibility requirements:
    • Tested on Debian 7 on VR
    • All major OSes (Linux, Windows 10, Mac X) as client of VPN
  • list localization and internationalization specifications
    • one language key added (message.enabled.vpn.ca.certificate)
  • explain the impact and possible upgrade/migration solution introduced by the feature 
  • explain levels or types of users communities of this feature (e.g. admin, user, etc)
    • this will be used by both infra admin, customer admin and customer user as it will be the Remove Access VPN implementation

Architecture and Design description

  • discussion of alternatives amongst design ideas, their resources/time tradeoffs and limitations. Explain why a certain design idea is chosen over others
  • highlight architectural patterns being used (queues, async/sync, state machines, etc)
  • talk about main algorithms used
  • explain what components are being changed and what the dependent components are
  • regarding database: talk about tables being added/modified
  • performance implications: what are the improvements or risks introduced to capacity, response time, resources usage and other relevant KPIs
  • preferably show class diagrams, sequence diagrams and state diagrams
  • if possible, publish signatures of all methods classes and interfaces implement, and the explain the object information of different classes

Web Services APIs

list changes to existing web services APIs and new APIs introduced with signatures and throughout documentation

  • Added API
    • ListVpnCaCertificateCmd
      • input:
        • domain (uuid)
      • output (CertificateResponse)
        • certificate: The client certificate
        • privateKey: Private key for the certificate
        • caCertificate: The CA certificate(s)
  • Modified API
    • RemoteAccessVpnResponse: two additional fields
      • type: the type of remote access vpn implementation (e.g. l2tp or ikev2)
      • certificate: the client certificate

 

UI flow

  • either demonstrate it visually here or link to relevant mockups

IP Clearance

Usage Impact

  • None

  • No labels