yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #14189
[Bug 1316733] [NEW] VPNAAS :Updating the PSK on one site making that ipsec site conenction down but other site still in active state
Public bug reported:
Steps to Reproduce:
1.Create two site with vpn service,vpn ike policy,ipsec policy and ipsec site connection.
2. Make sure the vm across the sit are able to ping each other with successfull tunnel creation .
3.Check the status of the operation on both the sites:
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 9111b9ce-8db8-45e1-9364-f8471d42c7cd | vpnconnection1 | $peer_address2 | "10.10.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
For other site:
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 8af2322c-aaac-4de1-b026-d5a2afdc3845 | vpnconnection1 | $peer_address1 | "11.11.1.0/24" | static | psk | ACTIVE |
4. Update the psk on one site :
neutron ipsec-site-connection-update 9111b9ce-8db8-45e1-9364-f8471d42c7cd --psk secret1
Updated ipsec_site_connection: 9111b9ce-8db8-45e1-9364-f8471d42c7cd
4. Check the status of both the site:
neutron ipsec-site-connection show 9111b9ce-8db8-45e1-9364-f8471d42c7cd
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 9111b9ce-8db8-45e1-9364-f8471d42c7cd |
| ikepolicy_id | f66c642a-895e-4eed-8af3-513d4dd3c370 |
| initiator | bi-directional |
| ipsecpolicy_id | e37f88e0-39ca-4b7c-a55f-566f6f015dc7 |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $peer_address1 |
| peer_cidrs | 10.10.1.0/24 |
| peer_id $peer_address1 |
| psk | secret1 |
| route_mode | static |
| status | DOWN |
| tenant_id | d209c7ac08304ff48c59a53c2c47516c |
| vpnservice_id | 08f2fd69-78c0-4584-863f-e5d2d83cfe88 |
+----------------+----------------------------------------------------+
On other site:
neutron ipsec-site-connection show 8af2322c-aaac-4de1-b026-d5a2afdc3845
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 8af2322c-aaac-4de1-b026-d5a2afdc3845 |
| ikepolicy_id | 98b51a2c-3dc0-4fef-9e67-2591e20218de |
| initiator | bi-directional |
| ipsecpolicy_id | 67ba0e7d-2f8e-450a-8163-4063e503443d |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $peer_address2 |
| peer_cidrs | 11.11.1.0/24 |
| peer_id | $peer_address2 |
| psk | secret |
| route_mode | static |
| status | ACTIVE |
| tenant_id | 9d199ee4597649a6886578c565e933bc |
| vpnservice_id | 58caaf89-ecc2-4cf4-a86c-374b2d22dc35 |
+----------------+----------------------------------------------------+
Serverlog shows:
2014-05-02 11:57:10.565 20800 DEBUG neutron.api.v2.base [req-bf709a98-49d7-4414-81e7-a13ad1c40de6 None] Request body: {u'ipsec_site_connection': {u'psk': u'secret1'}} prepare_request_body /usr/lib/python2.7/dist-packages/neutron/api/v2/base.py:554
** Affects: neutron
Importance: Undecided
Status: New
** Attachment added: "vpn_agentlog.zip"
https://bugs.launchpad.net/bugs/1316733/+attachment/4106676/+files/vpn_agentlog.zip
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316733
Title:
VPNAAS :Updating the PSK on one site making that ipsec site
conenction down but other site still in active state
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Steps to Reproduce:
1.Create two site with vpn service,vpn ike policy,ipsec policy and ipsec site connection.
2. Make sure the vm across the sit are able to ping each other with successfull tunnel creation .
3.Check the status of the operation on both the sites:
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 9111b9ce-8db8-45e1-9364-f8471d42c7cd | vpnconnection1 | $peer_address2 | "10.10.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
For other site:
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 8af2322c-aaac-4de1-b026-d5a2afdc3845 | vpnconnection1 | $peer_address1 | "11.11.1.0/24" | static | psk | ACTIVE |
4. Update the psk on one site :
neutron ipsec-site-connection-update 9111b9ce-8db8-45e1-9364-f8471d42c7cd --psk secret1
Updated ipsec_site_connection: 9111b9ce-8db8-45e1-9364-f8471d42c7cd
4. Check the status of both the site:
neutron ipsec-site-connection show 9111b9ce-8db8-45e1-9364-f8471d42c7cd
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 9111b9ce-8db8-45e1-9364-f8471d42c7cd |
| ikepolicy_id | f66c642a-895e-4eed-8af3-513d4dd3c370 |
| initiator | bi-directional |
| ipsecpolicy_id | e37f88e0-39ca-4b7c-a55f-566f6f015dc7 |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $peer_address1 |
| peer_cidrs | 10.10.1.0/24 |
| peer_id $peer_address1 |
| psk | secret1 |
| route_mode | static |
| status | DOWN |
| tenant_id | d209c7ac08304ff48c59a53c2c47516c |
| vpnservice_id | 08f2fd69-78c0-4584-863f-e5d2d83cfe88 |
+----------------+----------------------------------------------------+
On other site:
neutron ipsec-site-connection show 8af2322c-aaac-4de1-b026-d5a2afdc3845
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 8af2322c-aaac-4de1-b026-d5a2afdc3845 |
| ikepolicy_id | 98b51a2c-3dc0-4fef-9e67-2591e20218de |
| initiator | bi-directional |
| ipsecpolicy_id | 67ba0e7d-2f8e-450a-8163-4063e503443d |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $peer_address2 |
| peer_cidrs | 11.11.1.0/24 |
| peer_id | $peer_address2 |
| psk | secret |
| route_mode | static |
| status | ACTIVE |
| tenant_id | 9d199ee4597649a6886578c565e933bc |
| vpnservice_id | 58caaf89-ecc2-4cf4-a86c-374b2d22dc35 |
+----------------+----------------------------------------------------+
Serverlog shows:
2014-05-02 11:57:10.565 20800 DEBUG neutron.api.v2.base [req-bf709a98-49d7-4414-81e7-a13ad1c40de6 None] Request body: {u'ipsec_site_connection': {u'psk': u'secret1'}} prepare_request_body /usr/lib/python2.7/dist-packages/neutron/api/v2/base.py:554
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316733/+subscriptions
Follow ups
References
