Currently VR is using openSwan ipsec vpn. This is an opensource ipsec vpn package that provides the Site-to-Site as well as Remote Access VPN in cloudstack VR.
This feature will replace OpenSwan ipsec with the StrongSwan ipsec vpn.
Features of strongswan over openswan is:
There are no use case changes w.r.t openswan ipsec.
Strongswan supports below vpn models as openswan.
VR template is installed with the StrongSwan U4.5.2 package.
After upgrade if there existing vpn tunnels then these tunnels works with opnswan ipsec untill the VR is upgraded.
Once the VR is upgraded existing/new vpn tunnel will use the strongswan ipsec tunnel.
For existing tunnels to come up strongswan ipsec daemon, VR needs to be upgraded.
CS will apply new vpn (strongswan) configuration on VR.
For end user perspective there is no change in configuration. Only the changes are in VR ipsec configuration.
The below the configuration files get updated in the VR.
Once the VRs are restarted, previously existing VPN connections will be broken. Once the VR rebooted successfully then VPN clients can re-establish the tunnels strongswan ipsec.
# Manual: ipsec.conf.5
root@r-5-QA:/etc/ipsec.d# cat ipsec.vpn-10.147.52.174.conf
root@r-5-QA:/etc/ipsec.d# cat /etc/ipsec.secrets
@moon @sun : PSK "123456789"