terraform-provider-vcd icon indicating copy to clipboard operation
terraform-provider-vcd copied to clipboard

Published 20 hours ago verified publisher icon vmware

vcd_edgegateway_vpn - id for vpn tunnel not unique

Open username-is-already-taken2 opened this issue 4 years ago • 8 comments

Hi there,

I noticed today when using 'vcd_edgegateway_vpn' resource to define an additional vpn tunnel that terraform wasn't adding the second tunnel it was amending the vpn tunnel that was already there.

It looks like the resource is defaulting to the edge gateway name as the ID for each tunnel. image

I'm not very good with go to confirm that within the code but I thought I would mention it.

Terraform Version

Terraform v0.12.20

  • provider.vcd v2.6.0

Affected Resource(s)

Please list the resources as a list, for example:

  • vcd_edgegateway_vpn

username-is-already-taken2 avatar Feb 27 '20 12:02 username-is-already-taken2

Yes, you may be right and there are some tasks which I am cross-referencing other VPN related tasks - #398, #440

Didainius avatar Feb 28 '20 17:02 Didainius

Also confirming the issue, now it's not possible to create more than one instance of vcd_edgegateway_vpn resource using the same edge gateway.

thundertaker avatar May 13 '20 14:05 thundertaker

Also confirming the issue, from the picture you can see that we have 2 different vpn's in the state file, but since they have the same ID only one of them is created.

same_id

Every other apply will try to destroy current vpn and replace it with the one which is not created.

fwslash avatar Jul 08 '20 11:07 fwslash

Also confirming the issue

hmilkovi avatar Jul 08 '20 11:07 hmilkovi

Additionaly, seems Diffie Hellman cannot be adjusted via terraform, if that can be also added

total13 avatar Jul 08 '20 13:07 total13

Also confirming the issue, now it's not possible to create more than one instance of vcd_edgegateway_vpn resource using the same edge gateway.

I am trying to understand - is this a 1 IPSEC tunnel per edge gateway, or there can be more than one but each must have unique ID ?

Thanks

igorgnip-gmail avatar Aug 17 '20 13:08 igorgnip-gmail

Also, while deploying terraform defined vpn tunnel, even manually configured tunnels (which had same local id) were deleted.

igorgnip-gmail avatar Aug 17 '20 13:08 igorgnip-gmail

Also confirming the issue, now it's not possible to create more than one instance of vcd_edgegateway_vpn resource using the same edge gateway.

I am trying to understand - is this a 1 IPSEC tunnel per edge gateway, or there can be more than one but each must have unique ID ?

Thanks

Hello, these are 2 completely different VPN tunnels, which are having same ID in the terraform state file, which leads to missconfiguration in the virtual cloud director.

fwslash avatar Aug 18 '20 19:08 fwslash

We are not investing into NSX-V anymore, but NSX-T has it's own resource for VPN

Didainius avatar Nov 28 '22 12:11 Didainius