Search in sources :

Example 21 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.

the class RemoteAccessVpnManagerImpl method createRemoteAccessVpn.

@Override
@DB
public RemoteAccessVpn createRemoteAccessVpn(final long publicIpId, String ipRange, boolean openFirewall, final Boolean forDisplay) throws NetworkRuleConflictException {
    CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();
    final PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIpId);
    if (ipAddr == null) {
        throw new InvalidParameterValueException(String.format("Unable to create remote access VPN, invalid public IP address {\"id\": %s}.", publicIpId));
    }
    _accountMgr.checkAccess(caller, null, true, ipAddr);
    if (!ipAddr.readyToUse()) {
        throw new InvalidParameterValueException("The Ip address is not ready to be used yet: " + ipAddr.getAddress());
    }
    IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId);
    Long networkId = ipAddress.getAssociatedWithNetworkId();
    if (networkId != null) {
        _networkMgr.checkIpForService(ipAddress, Service.Vpn, null);
    }
    final Long vpcId = ipAddress.getVpcId();
    if (vpcId != null && ipAddress.isSourceNat()) {
        assert networkId == null;
        openFirewall = false;
    }
    final boolean openFirewallFinal = openFirewall;
    if (networkId == null && vpcId == null) {
        throw new InvalidParameterValueException("Unable to create remote access vpn for the ipAddress: " + ipAddr.getAddress().addr() + " as ip is not associated with any network or VPC");
    }
    RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);
    if (vpnVO != null) {
        if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
            return vpnVO;
        }
        throw new InvalidParameterValueException(String.format("A remote Access VPN already exists for the public IP address [%s].", ipAddr.getAddress().toString()));
    }
    if (ipRange == null) {
        ipRange = RemoteAccessVpnClientIpRange.valueIn(ipAddr.getAccountId());
    }
    validateIpRange(ipRange, InvalidParameterValueException.class);
    String[] range = ipRange.split("-");
    Pair<String, Integer> cidr = null;
    if (networkId != null) {
        long ipAddressOwner = ipAddr.getAccountId();
        vpnVO = _remoteAccessVpnDao.findByAccountAndNetwork(ipAddressOwner, networkId);
        if (vpnVO != null) {
            if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
                return vpnVO;
            }
            throw new InvalidParameterValueException(String.format("A remote access VPN already exists for the account [%s].", ipAddressOwner));
        }
        Network network = _networkMgr.getNetwork(networkId);
        if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Vpn)) {
            throw new InvalidParameterValueException("Vpn service is not supported in network id=" + ipAddr.getAssociatedWithNetworkId());
        }
        cidr = NetUtils.getCidr(network.getCidr());
    } else {
        Vpc vpc = _vpcDao.findById(vpcId);
        cidr = NetUtils.getCidr(vpc.getCidr());
    }
    String[] guestIpRange = NetUtils.getIpRangeFromCidr(cidr.first(), cidr.second());
    if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
        throw new InvalidParameterValueException("Invalid ip range: " + ipRange + " overlaps with guest ip range " + guestIpRange[0] + "-" + guestIpRange[1]);
    }
    long startIp = NetUtils.ip2Long(range[0]);
    final String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
    final String sharedSecret = PasswordGenerator.generatePresharedKey(_pskLength);
    return Transaction.execute(new TransactionCallbackWithException<RemoteAccessVpn, NetworkRuleConflictException>() {

        @Override
        public RemoteAccessVpn doInTransaction(TransactionStatus status) throws NetworkRuleConflictException {
            if (vpcId == null) {
                _rulesMgr.reservePorts(ipAddr, NetUtils.UDP_PROTO, Purpose.Vpn, openFirewallFinal, caller, NetUtils.VPN_PORT, NetUtils.VPN_L2TP_PORT, NetUtils.VPN_NATT_PORT);
            }
            RemoteAccessVpnVO vpnVO = new RemoteAccessVpnVO(ipAddr.getAccountId(), ipAddr.getDomainId(), ipAddr.getAssociatedWithNetworkId(), publicIpId, vpcId, range[0], newIpRange, sharedSecret);
            if (forDisplay != null) {
                vpnVO.setDisplay(forDisplay);
            }
            return _remoteAccessVpnDao.persist(vpnVO);
        }
    });
}
Also used : Account(com.cloud.user.Account) RemoteAccessVpnVO(com.cloud.network.dao.RemoteAccessVpnVO) Vpc(com.cloud.network.vpc.Vpc) TransactionStatus(com.cloud.utils.db.TransactionStatus) CallContext(org.apache.cloudstack.context.CallContext) NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException) PublicIpAddress(com.cloud.network.PublicIpAddress) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) Network(com.cloud.network.Network) IPAddressVO(com.cloud.network.dao.IPAddressVO) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn) DB(com.cloud.utils.db.DB)

Example 22 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.

the class VpcVirtualRouterElementTest method testApplyVpnUsersException1.

@Test
public void testApplyVpnUsersException1() {
    vpcVirtualRouterElement._vpcRouterMgr = _vpcRouterMgr;
    final AdvancedNetworkTopology advancedNetworkTopology = Mockito.mock(AdvancedNetworkTopology.class);
    final BasicNetworkTopology basicNetworkTopology = Mockito.mock(BasicNetworkTopology.class);
    networkTopologyContext.setAdvancedNetworkTopology(advancedNetworkTopology);
    networkTopologyContext.setBasicNetworkTopology(basicNetworkTopology);
    networkTopologyContext.init();
    final RemoteAccessVpn remoteAccessVpn = Mockito.mock(RemoteAccessVpn.class);
    final List<VpnUser> users = new ArrayList<VpnUser>();
    when(remoteAccessVpn.getVpcId()).thenReturn(null);
    try {
        final String[] results = vpcVirtualRouterElement.applyVpnUsers(remoteAccessVpn, users);
        assertNull(results);
    } catch (final ResourceUnavailableException e) {
        fail(e.getMessage());
    }
    verify(remoteAccessVpn, times(1)).getVpcId();
}
Also used : BasicNetworkTopology(org.apache.cloudstack.network.topology.BasicNetworkTopology) VpnUser(com.cloud.network.VpnUser) ArrayList(java.util.ArrayList) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) AdvancedNetworkTopology(org.apache.cloudstack.network.topology.AdvancedNetworkTopology) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn) Test(org.junit.Test)

Aggregations

RemoteAccessVpn (com.cloud.network.RemoteAccessVpn)22 ArrayList (java.util.ArrayList)11 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)9 VpnUser (com.cloud.network.VpnUser)7 Test (org.junit.Test)6 RemoteAccessVpnResponse (com.cloud.api.response.RemoteAccessVpnResponse)5 Vpc (com.cloud.network.vpc.Vpc)5 Network (com.cloud.network.Network)4 PublicIpAddress (com.cloud.network.PublicIpAddress)4 Zone (com.cloud.db.model.Zone)3 NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)3 IPAddressVO (com.cloud.network.dao.IPAddressVO)3 RemoteAccessVpnVO (com.cloud.network.dao.RemoteAccessVpnVO)3 FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)3 NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)3 DomainRouterVO (com.cloud.vm.DomainRouterVO)3 List (java.util.List)3 RemoteAccessVpnResponse (org.apache.cloudstack.api.response.RemoteAccessVpnResponse)3 AdvancedNetworkTopology (org.apache.cloudstack.network.topology.AdvancedNetworkTopology)3 BasicNetworkTopology (org.apache.cloudstack.network.topology.BasicNetworkTopology)3