Bug 1213148

Summary: VPNaaS - can't start site connection
Product: Red Hat OpenStack Reporter: Roey Dekel <rdekel>
Component: openstack-neutronAssignee: Terry Wilson <twilson>
Status: CLOSED ERRATA QA Contact: Eran Kuris <ekuris>
Severity: high Docs Contact:
Priority: low    
Version: 6.0 (Juno)CC: amuller, chrisw, ihrachys, mlopes, nyechiel, oblaut, pablo.iranzo, tfreger, yeylon
Target Milestone: ga   
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-neutron-vpnaas-2015.1.0-4.el7ost Doc Type: Bug Fix
Doc Text:
Red Hat Enterprise Linux OpenStack Platform 7 uses libreswan instead of openswan, however the OpenStack Networking (neutron) openswan VPNaaS driver does not function with libreswan. With this update, you can enable the libreswan-specific driver in vpnagent.ini: [vpnagent] vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDrive As a result, VPNaaS works as expected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-05 13:22:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1237134    
Bug Blocks: 1077162    
Attachments:
Description Flags
VPN log starting from creating VPN Service none

Description Roey Dekel 2015-04-19 13:06:21 UTC 
Description of problem:
Tried to start site connection between 2 sites (on different networks). [1]
VPN services are DOWN, IPSec Site Connections are stuck at Pending Create.

Version-Release number of selected component (if applicable):
puddle 2015-04-01.1
openstack-neutron-2014.2.2-5.el7ost.noarch
libreswan-3.12-5.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install VPNaaS
2. Try to start Site 2 Site connection

Additional info:
[1] https://tcms.engineering.redhat.com/case/324483/?from_plan=11743
Comment 3 Roey Dekel 2015-04-19 13:07:19 UTC 
Created attachment 1016086 [details]
VPN log starting from creating VPN Service
Comment 5 Eran Kuris 2015-07-22 08:29:25 UTC 
I have same problem on this version of neutron 

[root@puma15 ~]# rpm -qa |grep neutron 
python-neutron-vpnaas-2015.1.0-5.el7ost.noarch
openstack-neutron-common-2015.1.0-12.el7ost.noarch
openstack-neutron-ml2-2015.1.0-12.el7ost.noarch
python-neutronclient-2.4.0-1.el7ost.noarch
python-neutron-fwaas-2015.1.0-3.el7ost.noarch
openstack-neutron-vpnaas-2015.1.0-5.el7ost.noarch
openstack-neutron-fwaas-2015.1.0-3.el7ost.noarch
python-neutron-2015.1.0-12.el7ost.noarch
openstack-neutron-2015.1.0-12.el7ost.noarch
openstack-neutron-openvswitch-2015.1.0-12.el7ost.noarch
[root@puma15 ~]# rpm -qa |grep libreswan
libreswan-3.12-10.1.el7_1.x86_64


also please take a look on this bug maybe it can help us : 
https://bugs.launchpad.net/openstack-manuals/+bug/1329463
Comment 6 Ihar Hrachyshka 2015-07-22 10:13:51 UTC 
@ekuris, do you use:

vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver

?
Comment 7 Eran Kuris 2015-07-22 13:03:18 UTC 
yep Ihar
Comment 9 errata-xmlrpc 2015-08-05 13:22:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1548