Closed laptom closed 5 months ago
Here's an example CustomerGatewayConfiguration
XML document:
<?xml version="1.0" encoding="UTF-8"?>
<vpn_connection id="vpn-09f52119b40664ba7">
<customer_gateway_id>cgw-0772974805f81a8e8</customer_gateway_id>
<vpn_gateway_id />
<vpn_connection_type>ipsec.1</vpn_connection_type>
<ipsec_tunnel>
<customer_gateway>
<tunnel_outside_address>
<ip_address>178.0.0.1</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.45.98</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<tunnel_inside_ipv6_address>
<ip_address>fd00:2001:db8:2:2d1:81ff:fe41:d202</ip_address>
<prefix_length>128</prefix_length>
</tunnel_inside_ipv6_address>
<bgp>
<asn>65530</asn>
<hold_time>30</hold_time>
</bgp>
</customer_gateway>
<vpn_gateway>
<tunnel_outside_address>
<ip_address>34.208.157.248</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.45.97</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<tunnel_inside_ipv6_address>
<ip_address>fd00:2001:db8:2:2d1:81ff:fe41:d201</ip_address>
<prefix_length>128</prefix_length>
</tunnel_inside_ipv6_address>
<bgp>
<asn>64512</asn>
<hold_time>30</hold_time>
</bgp>
</vpn_gateway>
<ike>
<authentication_protocol>sha1</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>28800</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>main</mode>
<pre_shared_key>XOahDXx1hVNyMTXoBnTgDY_F.fLjymEx</pre_shared_key>
</ike>
<ipsec>
<protocol>esp</protocol>
<authentication_protocol>hmac-sha1-96</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>3600</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>tunnel</mode>
<clear_df_bit>true</clear_df_bit>
<fragmentation_before_encryption>true</fragmentation_before_encryption>
<tcp_mss_adjustment>1379</tcp_mss_adjustment>
<dead_peer_detection>
<interval>10</interval>
<retries>3</retries>
</dead_peer_detection>
</ipsec>
</ipsec_tunnel>
<ipsec_tunnel>
<customer_gateway>
<tunnel_outside_address>
<ip_address>178.0.0.1</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.72.22</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<tunnel_inside_ipv6_address>
<ip_address>fd00:2001:db8:2:2d1:81ff:fe41:d206</ip_address>
<prefix_length>128</prefix_length>
</tunnel_inside_ipv6_address>
<bgp>
<asn>65530</asn>
<hold_time>30</hold_time>
</bgp>
</customer_gateway>
<vpn_gateway>
<tunnel_outside_address>
<ip_address>54.191.70.45</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.72.21</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<tunnel_inside_ipv6_address>
<ip_address>fd00:2001:db8:2:2d1:81ff:fe41:d205</ip_address>
<prefix_length>128</prefix_length>
</tunnel_inside_ipv6_address>
<bgp>
<asn>64512</asn>
<hold_time>30</hold_time>
</bgp>
</vpn_gateway>
<ike>
<authentication_protocol>sha1</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>28800</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>main</mode>
<pre_shared_key>MtQoL5ZDf8Y_FbkHxIZQQuVm7ES0Hcbi</pre_shared_key>
</ike>
<ipsec>
<protocol>esp</protocol>
<authentication_protocol>hmac-sha1-96</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>3600</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>tunnel</mode>
<clear_df_bit>true</clear_df_bit>
<fragmentation_before_encryption>true</fragmentation_before_encryption>
<tcp_mss_adjustment>1379</tcp_mss_adjustment>
<dead_peer_detection>
<interval>10</interval>
<retries>3</retries>
</dead_peer_detection>
</ipsec>
</ipsec_tunnel>
</vpn_connection>
Hi Team,
The thing is the IPv4 tunnel addressing is exposed in an easy way to consume. We can easily call tunnel1_cgw_inside_address or tunnel1_vgw_inside_address to get tunnel addressing.
To get the same for IPv6 XML needs to be parsed. Is there any chance to have consistent access to addresses for IPv4 and IPv6 like for IPv4?
tunnel1_cgw_inside_address = "169.254.202.198" tunnel1_vgw_inside_address = "169.254.202.197”
Otherwise, can you share some examples how easily those variables can be extracted from XLM code.
Thanks in advance.
Regards, Tomasz
Forthcoming unavailability: N/A
Tomasz Lapa Accenture Technology CCS Strategy & Governance Accenture | Intelligent Cloud and Infrastructure | Infrastructure Services for Accenture Warsaw, PL @.D71584.74238430]Mobile +48 664 788 224 @*.**@*.***>
From: Kit Ewbank @.> Sent: wtorek, 9 marca 2021 20:28 To: hashicorp/terraform-provider-aws @.> Cc: Lapa, Tomasz @.>; Author @.> Subject: [External] Re: [hashicorp/terraform-provider-aws] AWS transit Gateway, Ipv6 (#17998)
This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
Here's an example CustomerGatewayConfiguration XML document:
<?xml version="1.0" encoding="UTF-8"?>
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.
If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Hi Team,
We are deploying VPN tunnels towards AWS Transit GW (Ipv4 and IPv6) and base of AWS conf we are using OUTPUT to get some of the variables and then create conf base on it for remote router. We are able to extract variables (tunnel addressing details) for IPv4 but same for IPv6 are not available.
For IPv4 tunnels created with TF code I can retrive Ipv4 tunnel addressing like: "tunnel1_cgw_inside_address" = aws_vpn_connection.DEMO_IPv4.tunnel1_cgw_inside_address "tunnel1_vgw_inside_address" = aws_vpn_connection.DEMO_IPv4.tunnel1_vgw_inside_address
I hope it's something you can implement? something like:
"tunnel1_cgw_inside_address" = aws_vpn_connection.DEMO_IPv6.tunnel1_cgw_inside_address "tunnel1_vgw_inside_address" = aws_vpn_connection.DEMO_IPv6.tunnel1_vgw_inside_address