Bug 1213148 - VPNaaS - can't start site connection
Summary: VPNaaS - can't start site connection
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 6.0 (Juno)
Hardware: Unspecified
OS: Unspecified
low
high
Target Milestone: ga
: 7.0 (Kilo)
Assignee: Terry Wilson
QA Contact: Eran Kuris
URL:
Whiteboard:
Depends On: 1237134
Blocks: 1077162
TreeView+ depends on / blocked
 
Reported: 2015-04-19 13:06 UTC by Roey Dekel
Modified: 2016-04-27 03:15 UTC (History)
9 users (show)

Fixed In Version: openstack-neutron-vpnaas-2015.1.0-4.el7ost
Doc Type: Bug Fix
Doc Text:
Red Hat Enterprise Linux OpenStack Platform 7 uses libreswan instead of openswan, however the OpenStack Networking (neutron) openswan VPNaaS driver does not function with libreswan. With this update, you can enable the libreswan-specific driver in vpnagent.ini: [vpnagent] vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDrive As a result, VPNaaS works as expected.
Clone Of:
Environment:
Last Closed: 2015-08-05 13:22:50 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
VPN log starting from creating VPN Service (27.66 KB, text/plain)
2015-04-19 13:07 UTC, Roey Dekel
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2015:1548 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2015-08-05 17:07:06 UTC

Description Roey Dekel 2015-04-19 13:06:21 UTC
Description of problem:
Tried to start site connection between 2 sites (on different networks). [1]
VPN services are DOWN, IPSec Site Connections are stuck at Pending Create.

Version-Release number of selected component (if applicable):
puddle 2015-04-01.1
openstack-neutron-2014.2.2-5.el7ost.noarch
libreswan-3.12-5.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install VPNaaS
2. Try to start Site 2 Site connection

Additional info:
[1] https://tcms.engineering.redhat.com/case/324483/?from_plan=11743

Comment 3 Roey Dekel 2015-04-19 13:07:19 UTC
Created attachment 1016086 [details]
VPN log starting from creating VPN Service

Comment 5 Eran Kuris 2015-07-22 08:29:25 UTC
I have same problem on this version of neutron 

[root@puma15 ~]# rpm -qa |grep neutron 
python-neutron-vpnaas-2015.1.0-5.el7ost.noarch
openstack-neutron-common-2015.1.0-12.el7ost.noarch
openstack-neutron-ml2-2015.1.0-12.el7ost.noarch
python-neutronclient-2.4.0-1.el7ost.noarch
python-neutron-fwaas-2015.1.0-3.el7ost.noarch
openstack-neutron-vpnaas-2015.1.0-5.el7ost.noarch
openstack-neutron-fwaas-2015.1.0-3.el7ost.noarch
python-neutron-2015.1.0-12.el7ost.noarch
openstack-neutron-2015.1.0-12.el7ost.noarch
openstack-neutron-openvswitch-2015.1.0-12.el7ost.noarch
[root@puma15 ~]# rpm -qa |grep libreswan
libreswan-3.12-10.1.el7_1.x86_64


also please take a look on this bug maybe it can help us : 
https://bugs.launchpad.net/openstack-manuals/+bug/1329463

Comment 6 Ihar Hrachyshka 2015-07-22 10:13:51 UTC
@ekuris, do you use:

vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver

?

Comment 7 Eran Kuris 2015-07-22 13:03:18 UTC
yep Ihar

Comment 9 errata-xmlrpc 2015-08-05 13:22:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1548


Note You need to log in before you can comment on or make changes to this bug.