cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Smart <>
Subject VR VPN + LDAP access
Date Thu, 04 Aug 2016 18:06:23 GMT

Thanks for the info. My next step is to engage the dev mailing list to 
see if there is any interest in my team contributing to add ldap or 
radius (not familiar with the available plugins for open/strong swan) 
support to the VR. I assume the SAML support in cloudstack is for the UI 
just like the LDAP support?

In the meantime, I see two options that I want to run by you guys. The 
first being creating a VM cluster in a special account that has access 
to all of the isolated networks to use as a master VPN server. 
Essentially, I would be replicate my current non-cloudstack setup as a 
temporary solution. Given that I am more than qualified to manually 
manipulate the api, db, and configs to associate this VM with all of the 
isolated guest networks. Is this even possible?

The other, less appealing option is to override the current VR VM with 
one I have configured with the ppp ldap plugin and configs I would need 
to support what I want to do. Obviously, I don't like the idea of 
breaking my ability to upgrade the VR as new versions are released but I 
think this is doable in that the VR looks to be just a Debian VM. If I 
am careful I should be able to add my changes without breaking it... but 
given my current knowledge of the VR and networking internals of 
Cloudstack I could easily break something in some subtle way that does 
not present until we are in production. Not ideal.

What do you guys recommend as a course forward until we get a more 
modular access/auth subsystem contributed to the project? I am so close 
to having cloudstack do exactly what I want. It is 95% perfect for us. I 
just need to figure out this other 5%.


Matthew Smart
Smart Software Solutions Inc.
108 S Pierre St.
Pierre, SD 57501

Phone: (605) 280-0383
Skype: msmart13

On 08/03/2016 12:48 AM, ilya wrote:
> VR VPN + LDAP access

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message