MitchellGulledge / Meraki-vWAN

5 stars 4 forks source link

Same tag on multiple network causes VPN issue #11

Closed yujiterada closed 4 years ago

yujiterada commented 4 years ago

Configuring the same tag on multiple networks creates the same Non Meraki VPN tunnel with the same VPN gateway IP addresses for each network, and this creates an issue on MX for Non Meraki VPN. The same tag should only create 2 Non Meraki VPN configuration for Instance 1 and Instance 2.

Expected Behavior

Only create 2 Non Meraki VPN entries per tag.

Steps to Reproduce

  1. Configure everything on Meraki and Azure
  2. Tag 2 networks with the specified tag
  3. 4 Non Meraki VPN entries are created

Detailed Description

4 Non Meraki VPN entries are created when putting the tag "vwan-hub-west-1" on "Office - Sydney" and "Home - Tokyo" networks.

Screenshot_2020-08-03 VPN Configuration - Meraki Dashboard

The MX in "Home - Tokyo" has 2 Non Meraki VPN tunnels with the same destination IP address.

Screenshot_2020-08-03 VPN Status - Meraki Dashboard(1)

Possible Solution

Check if Non Meraki VPN entry already exists for that tag and validate the configuration. If validation is successful, do not create the same Non Meraki VPN.

JackStromberg commented 4 years ago

@yujiterada this is a misconfiguration and not supported per documentation. How do you know which of the two peers to accept as the final output? If additional networks are added and the order of networks is changed from the Meraki API, how does that affect which of the two is considered to be the acceptable configuration? I think there are trade offs for what is considered acceptable when handling a blatant misconfiguration.

yujiterada commented 4 years ago

@JackStromberg You're definitely right. I was testing a scenario which isn't supported. Thanks!