Adding VPN options for IKE version and IKE split connections.

api/src/main/java/com/cloud/network/Site2SiteCustomerGateway.java

@@ -43,5 +43,9 @@ public interface Site2SiteCustomerGateway extends ControlledEntity, Identity, In
 
     public Date getRemoved();
 
+    public Boolean getSplitConnections();
+
+    public String getIkeVersion();
+
     String getName();
 }

api/src/main/java/org/apache/cloudstack/api/ApiConstants.java

@@ -628,12 +628,14 @@ public class ApiConstants {
     public static final String GUEST_IP = "guestip";
     public static final String REMOVED = "removed";
     public static final String COMPLETED = "completed";
+    public static final String IKE_VERSION = "ikeversion";
     public static final String IKE_POLICY = "ikepolicy";
     public static final String ESP_POLICY = "esppolicy";
     public static final String IKE_LIFETIME = "ikelifetime";
     public static final String ESP_LIFETIME = "esplifetime";
     public static final String DPD = "dpd";
     public static final String FORCE_ENCAP = "forceencap";
+    public static final String SPLIT_CONNECTIONS = "splitconnections";
     public static final String FOR_VPC = "forvpc";
     public static final String SHRINK_OK = "shrinkok";
     public static final String NICIRA_NVP_DEVICE_ID = "nvpdeviceid";

api/src/main/java/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java

@@ -92,6 +92,12 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
             description = "create site-to-site VPN customer gateway for the project", since = "4.6")
     private Long projectId;
 
+    @Parameter(name = ApiConstants.SPLIT_CONNECTIONS, type = CommandType.BOOLEAN, required = false, description = "For IKEv2, whether to split multiple right subnet cidrs into multiple connection statements.")
+    private Boolean splitConnections;
+
+    @Parameter(name = ApiConstants.IKE_VERSION, type = CommandType.STRING, required = false, description = "Which IKE Version to use, one of ike (autoselect), ikev1, or ikev2. Defaults to ike")
+    private String ikeVersion;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -146,6 +152,14 @@ public Long getProjectId() {
         return projectId;
     }
 
+    public Boolean getSplitConnections() {
+        return splitConnections;
+    }
+
+    public String getIkeVersion() {
+        return ikeVersion;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////

api/src/main/java/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java

@@ -94,6 +94,12 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
                    + "gateway associated with the account for the specified domain.")
     private Long domainId;
 
+    @Parameter(name = ApiConstants.SPLIT_CONNECTIONS, type = CommandType.BOOLEAN, required = false, description = "For IKEv2, whether to split multiple right subnet cidrs into multiple connection statements.")
+    private Boolean splitConnections;
+
+    @Parameter(name = ApiConstants.IKE_VERSION, type = CommandType.STRING, required = false, description = "Which IKE Version to use, one of ike (autoselect), ikev1, or ikev2. Defaults to ike")
+    private String ikeVersion;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -140,6 +146,14 @@ public Boolean getDpd() {
 
     public Boolean getEncap() { return encap; }
 
+    public boolean getSplitConnections() {
+        return splitConnections;
+    }
+
+    public String getIkeVersion() {
+        return ikeVersion;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////

api/src/main/java/org/apache/cloudstack/api/response/Site2SiteCustomerGatewayResponse.java

@@ -102,6 +102,14 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co
     @Param(description = "the date and time the host was removed")
     private Date removed;
 
+    @SerializedName(ApiConstants.SPLIT_CONNECTIONS)
+    @Param(description = "For IKEv2, whether to split multiple right subnet cidrs into multiple connection statements.")
+    private Boolean splitConnections;
+
+    @SerializedName(ApiConstants.IKE_VERSION)
+    @Param(description = "Which IKE Version to use, one of ike (autoselect), ikev1, or ikev2. Defaults to ike")
+    private String ikeVersion;
+
     public void setId(String id) {
         this.id = id;
     }
@@ -148,6 +156,14 @@ public void setDpd(Boolean dpd) {
 
     public void setEncap(Boolean encap) { this.encap = encap; }
 
+    public void setSplitConnections(Boolean splitConnections) {
+        this.splitConnections = splitConnections;
+    }
+
+    public void setIkeVersion(String ikeVersion) {
+        this.ikeVersion = ikeVersion;
+    }
+
     public void setRemoved(Date removed) {
         this.removed = removed;
     }

api/src/main/java/org/apache/cloudstack/api/response/Site2SiteVpnConnectionResponse.java

@@ -132,6 +132,14 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont
     @Param(description = "is connection for display to the regular user", since = "4.4", authorized = {RoleType.Admin})
     private Boolean forDisplay;
 
+    @SerializedName(ApiConstants.SPLIT_CONNECTIONS)
+    @Param(description = "Split multiple remote networks into multiple phase 2 SAs. Often used with Cisco some products.")
+    private Boolean splitConnections;
+
+    @SerializedName(ApiConstants.IKE_VERSION)
+    @Param(description = "Which IKE Version to use, one of ike (autoselect), ikev1, or ikev2. Defaults to ike")
+    private String ikeVersion;
+
     public void setId(String id) {
         this.id = id;
     }
@@ -200,6 +208,14 @@ public void setRemoved(Date removed) {
         this.removed = removed;
     }
 
+    public void setSplitConnections(Boolean splitConnections) {
+        this.splitConnections = splitConnections;
+    }
+
+    public void setIkeVersion(String ikeVersion) {
+        this.ikeVersion = ikeVersion;
+    }
+
     @Override
     public void setAccountName(String accountName) {
         this.accountName = accountName;

core/src/main/java/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java

@@ -35,6 +35,8 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
     private boolean dpd;
     private boolean passive;
     private boolean encap;
+    private boolean splitConnections;
+    private String ikeVersion;
 
     @Override
     public boolean executeInSequence() {
@@ -46,7 +48,8 @@ public Site2SiteVpnCfgCommand() {
     }
 
     public Site2SiteVpnCfgCommand(boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr, String peerGatewayIp, String peerGuestCidrList,
-            String ikePolicy, String espPolicy, String ipsecPsk, Long ikeLifetime, Long espLifetime, Boolean dpd, boolean passive, boolean encap) {
+            String ikePolicy, String espPolicy, String ipsecPsk, Long ikeLifetime, Long espLifetime, Boolean dpd, boolean passive, boolean encap,
+            boolean splitConnections, String ikeVersion) {
         this.create = create;
         this.setLocalPublicIp(localPublicIp);
         this.setLocalPublicGateway(localPublicGateway);
@@ -61,6 +64,8 @@ public Site2SiteVpnCfgCommand(boolean create, String localPublicIp, String local
         this.dpd = dpd;
         this.passive = passive;
         this.encap = encap;
+        this.splitConnections = splitConnections;
+        this.ikeVersion = ikeVersion;
     }
 
     public boolean isCreate() {
@@ -174,4 +179,20 @@ public boolean isPassive() {
     public void setPassive(boolean passive) {
         this.passive = passive;
     }
+
+    public boolean getSplitConnections() {
+        return splitConnections;
+    }
+
+    public void setSplitConnections(boolean splitConnections) {
+        this.splitConnections = splitConnections;
+    }
+
+    public String getIkeVersion() {
+        return ikeVersion;
+    }
+
+    public void setIkeVersion(String ikeVersion) {
+        this.ikeVersion = ikeVersion;
+    }
 }

core/src/main/java/com/cloud/agent/resource/virtualnetwork/facade/Site2SiteVpnConfigItem.java

@@ -36,7 +36,7 @@ public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
 
         final Site2SiteVpn site2siteVpn = new Site2SiteVpn(command.getLocalPublicIp(), command.getLocalGuestCidr(), command.getLocalPublicGateway(), command.getPeerGatewayIp(),
                 command.getPeerGuestCidrList(), command.getEspPolicy(), command.getIkePolicy(), command.getIpsecPsk(), command.getIkeLifetime(), command.getEspLifetime(), command.isCreate(), command.getDpd(),
-                command.isPassive(), command.getEncap());
+                command.isPassive(), command.getEncap(), command.getSplitConnections(), command.getIkeVersion());
         return generateConfigItems(site2siteVpn);
     }
 

core/src/main/java/com/cloud/agent/resource/virtualnetwork/model/Site2SiteVpn.java

@@ -21,17 +21,17 @@
 
 public class Site2SiteVpn extends ConfigBase {
 
-    private String localPublicIp, localGuestCidr, localPublicGateway, peerGatewayIp, peerGuestCidrList, espPolicy, ikePolicy, ipsecPsk;
+    private String localPublicIp, localGuestCidr, localPublicGateway, peerGatewayIp, peerGuestCidrList, espPolicy, ikePolicy, ipsecPsk, ikeVersion;
     private Long ikeLifetime, espLifetime;
-    private boolean create, dpd, passive, encap;
+    private boolean create, dpd, passive, encap, splitConnections;
 
     public Site2SiteVpn() {
         super(ConfigBase.SITE2SITEVPN);
     }
 
     public Site2SiteVpn(String localPublicIp, String localGuestCidr, String localPublicGateway, String peerGatewayIp, String peerGuestCidrList, String espPolicy,
  String ikePolicy,
-            String ipsecPsk, Long ikeLifetime, Long espLifetime, boolean create, Boolean dpd, boolean passive, boolean encap) {
+            String ipsecPsk, Long ikeLifetime, Long espLifetime, boolean create, Boolean dpd, boolean passive, boolean encap, boolean splitConnections, String ikeVersion) {
         super(ConfigBase.SITE2SITEVPN);
         this.localPublicIp = localPublicIp;
         this.localGuestCidr = localGuestCidr;
@@ -47,6 +47,8 @@ public Site2SiteVpn(String localPublicIp, String localGuestCidr, String localPub
         this.dpd = dpd;
         this.passive = passive;
         this.encap = encap;
+        this.splitConnections = splitConnections;
+        this.ikeVersion = ikeVersion;
     }
 
     public String getLocalPublicIp() {
@@ -161,4 +163,20 @@ public void setEncap(boolean encap) {
         this.encap = encap;
     }
 
+    public boolean getSplitConnections() {
+        return splitConnections;
+    }
+
+    public void setSplitConnections(boolean splitConnections) {
+        this.splitConnections = splitConnections;
+    }
+
+    public String getIkeVersion() {
+        return ikeVersion;
+    }
+
+    public void setIkeVersion(String ikeVersion) {
+        this.ikeVersion = ikeVersion;
+    }
+
 }

core/src/test/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java

@@ -495,17 +495,17 @@ private void verifyArgs(final SetMonitorServiceCommand cmd, final String script,
     public void testSite2SiteVpnCfgCommand() {
         _count = 0;
 
-        Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(true, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), true, false, false);
+        Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(true, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), true, false, false, false, "ike");
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, ROUTERNAME);
         Answer answer = _resource.executeRequest(cmd);
         assertTrue(answer.getResult());
 
-        cmd = new Site2SiteVpnCfgCommand(true, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), false, true, false);
+        cmd = new Site2SiteVpnCfgCommand(true, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), false, true, false, false, "ike");
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, ROUTERNAME);
         answer = _resource.executeRequest(cmd);
         assertTrue(answer.getResult());
 
-        cmd = new Site2SiteVpnCfgCommand(false, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), false, true, false);
+        cmd = new Site2SiteVpnCfgCommand(false, "64.10.1.10", "64.10.1.1", "192.168.1.1/16", "124.10.1.10", "192.168.100.1/24", "3des-sha1,aes128-sha1;modp1536", "3des-sha1,aes128-md5", "psk", Long.valueOf(1800), Long.valueOf(1800), false, true, false, false, "ike");
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, ROUTERNAME);
         answer = _resource.executeRequest(cmd);
         assertTrue(answer.getResult());

engine/schema/src/main/java/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java

@@ -79,14 +79,20 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
     @Column(name = "account_id")
     private Long accountId;
 
+    @Column(name = "split_connections")
+    private boolean splitConnections;
+
+    @Column(name = "ike_version")
+    private String ikeVersion;
+
     @Column(name = GenericDao.REMOVED_COLUMN)
     private Date removed;
 
     public Site2SiteCustomerGatewayVO() {
     }
 
     public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy,
-            String espPolicy, long ikeLifetime, long espLifetime, boolean dpd, boolean encap) {
+            String espPolicy, long ikeLifetime, long espLifetime, boolean dpd, boolean encap, boolean splitConnections, String ikeVersion) {
         this.name = name;
         this.gatewayIp = gatewayIp;
         this.guestCidrList = guestCidrList;
@@ -100,6 +106,8 @@ public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, St
         uuid = UUID.randomUUID().toString();
         this.accountId = accountId;
         this.domainId = domainId;
+        this.splitConnections = splitConnections;
+        this.ikeVersion = ikeVersion;
     }
 
     @Override
@@ -221,6 +229,24 @@ public long getAccountId() {
         return accountId;
     }
 
+    @Override
+    public Boolean getSplitConnections() {
+        return splitConnections;
+    }
+
+    public void setSplitConnections(Boolean splitConnections) {
+        this.splitConnections = splitConnections;
+    }
+
+    @Override
+    public String getIkeVersion() {
+        return ikeVersion;
+    }
+
+    public void setIkeVersion(String ikeVersion) {
+        this.ikeVersion = ikeVersion;
+    }
+
     @Override
     public Class<?> getEntityType() {
         return Site2SiteCustomerGateway.class;

engine/schema/src/main/resources/META-INF/db/schema-41510to41600.sql

@@ -301,3 +301,7 @@ from
         left join
     `cloud`.`resource_count` secondary_storage_count ON domain.id = secondary_storage_count.domain_id
         and secondary_storage_count.type = 'secondary_storage';
+
+ALTER TABLE `cloud`.`s2s_customer_gateway` ADD COLUMN `ike_version` varchar(5) NOT NULL DEFAULT 'ike' COMMENT 'one of ike, ikev1, ikev2';
+ALTER TABLE `cloud`.`s2s_customer_gateway` ADD COLUMN `split_connections` int(1) NOT NULL DEFAULT 0;
+

server/src/main/java/com/cloud/api/ApiResponseHelper.java

@@ -3208,6 +3208,8 @@ public Site2SiteCustomerGatewayResponse createSite2SiteCustomerGatewayResponse(S
         response.setDpd(result.getDpd());
         response.setEncap(result.getEncap());
         response.setRemoved(result.getRemoved());
+        response.setIkeVersion(result.getIkeVersion());
+        response.setSplitConnections(result.getSplitConnections());
         response.setObjectName("vpncustomergateway");
 
         populateAccount(response, result.getAccountId());
@@ -3247,6 +3249,8 @@ public Site2SiteVpnConnectionResponse createSite2SiteVpnConnectionResponse(Site2
                 response.setEspLifetime(customerGateway.getEspLifetime());
                 response.setDpd(customerGateway.getDpd());
                 response.setEncap(customerGateway.getEncap());
+                response.setIkeVersion(customerGateway.getIkeVersion());
+                response.setSplitConnections(customerGateway.getSplitConnections());
             }
         }
 

server/src/main/java/com/cloud/network/router/CommandSetupHelper.java

@@ -944,9 +944,11 @@ public void createSite2SiteVpnCfgCommands(final Site2SiteVpnConnection conn, fin
         final Long espLifetime = gw.getEspLifetime();
         final Boolean dpd = gw.getDpd();
         final Boolean encap = gw.getEncap();
+        final Boolean splitConnections = gw.getSplitConnections();
+        final String ikeVersion = gw.getIkeVersion();
 
         final Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(isCreate, localPublicIp, localPublicGateway, localGuestCidr, peerGatewayIp, peerGuestCidrList, ikePolicy,
-                espPolicy, ipsecPsk, ikeLifetime, espLifetime, dpd, conn.isPassive(), encap);
+                espPolicy, ipsecPsk, ikeLifetime, espLifetime, dpd, conn.isPassive(), encap, splitConnections, ikeVersion);
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());