RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/
Bug 1297833 - VPNaaS should use libreswan driver instead of openswan by default
Summary: VPNaaS should use libreswan driver instead of openswan by default
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: RDO
Classification: Community
Component: openstack-packstack
Version: Juno
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: trunk
Assignee: Javier Peña
QA Contact: Shai Revivo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-12 15:01 UTC by Eran Kuris
Modified: 2017-06-18 06:06 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-06-18 06:06:03 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 273471 0 None MERGED Support the LibreSwan driver in Red Hat platforms 2021-01-13 07:00:44 UTC
OpenStack gerrit 277951 0 None MERGED Use the Libreswan driver for VPNaaS 2021-01-13 07:00:44 UTC

Description Eran Kuris 2016-01-12 15:01:55 UTC 
Description of problem:
When installing OSP-8 with packstack and enabling "VPNaaS" in answer file 
it install VPNaaS with openswan driver when it should be liberswan.
Driver configuration should be : 

In vpnagent.ini:
[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver


In /etc/neutron/neutron.conf

 service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin


In  /etc/neutron/neutron_vpnaas.conf

service_provider=VPN:libreswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

How reproducible:
always

Steps to Reproduce:
1.deploy with packstack osp-8 and enable vpnass 
2.verify in vpnagent.ini which driver is used 
3.

Actual results:


Expected results:


Additional info:
Comment 4 Javier Peña 2016-01-28 09:56:33 UTC 
Currently, the upstream puppet-neutron code only supports openswan as a provider (https://github.com/openstack/puppet-neutron/blob/master/manifests/agents/vpnaas.pp#L63-L74), and treats libreswan as a drop-in replacement (https://github.com/openstack/puppet-neutron/blob/master/manifests/params.pp#L63-L67).

Is this correct, or are there any differences that recommend using the libreswan-specific driver?
Comment 5 Eran Kuris 2016-01-28 11:24:02 UTC 
As far as I know its correct
Comment 6 Javier Peña 2016-02-09 16:45:19 UTC 
Apparently we should use the Libreswan driver, because there are some specific initialization steps required for it (https://bugs.launchpad.net/neutron/+bug/1444017).

Adding support for Libreswan in Packstack via https://review.openstack.org/273471 (puppet-neutron support) and https://review.openstack.org/277951 (Packstack support).
Comment 7 Mike McCune 2016-03-28 22:48:26 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 9 Christopher Brown 2017-06-17 19:26:29 UTC 
Looks like this was merged so can be closed now?
Note You need to log in before you can comment on or make changes to this bug.