← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1405413] [NEW] VPN IPSec connection with fqdn not possible

 

Public bug reported:

Hi all

as of https://wiki.openstack.org/wiki/Neutron/VPNaaS#ipsec-site-
connection_Resource it should be possible to create ipsec site
connections with a peer fqdn.

When adding a new IPSec site connection with --peer-address <fqdn> I get
the an error in vpn-agent logs on network node and VPN for that router
wont be enabled.


I'm adding the connection like this:
neutron ipsec-site-connection-create --psk 'XXXX' --peer-id "@tobi.dyndns.org" --peer-cidr 192.168.178.0/24 --peer-address "tobi.dyndns.org" --vpnservice-id     af2979de-4800-43b3-ae8a-e85ede71bf8c --ikepolicy-id     ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1 --ipsecpolicy-id     4daba6a6-ac7f-4e37-b8ce-441c043b8285  --name "Tobi Home" 

Created a new ipsec_site_connection:
+----------------+----------------------------------------------------+
| Field          | Value                                              |
+----------------+----------------------------------------------------+
| admin_state_up | True                                               |
| auth_mode      | psk                                                |
| description    |                                                    |
| dpd            | {"action": "hold", "interval": 30, "timeout": 120} |
| id             | 1c57278b-1633-4637-ae8d-f9dfc57cddcc               |
| ikepolicy_id   | ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1               |
| initiator      | bi-directional                                     |
| ipsecpolicy_id | 4daba6a6-ac7f-4e37-b8ce-441c043b8285               |
| mtu            | 1500                                               |
| name           | Tobi Home                                          |
| peer_address   | tobi.dyndns.org                                   |
| peer_cidrs     | 192.168.178.0/24                                   |
| peer_id        | tobi.dyndns.org                                   |
| psk            | XXX                     |
| route_mode     | static                                             |
| status         | PENDING_CREATE                                     |
| tenant_id      | 46fcbd40f9b34a1b96fcf91ae84c9bba                   |
| vpnservice_id  | af2979de-4800-43b3-ae8a-e85ede71bf8c               |
+----------------+----------------------------------------------------+

Log:

2014-12-24 13:30:22.807 24920 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 242, in enable
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     self.restart()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 342, in restart
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     self.start()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 389, in start
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     nexthop = self._get_nexthop(ipsec_site_conn['peer_address'])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 347, in _get_nexthop
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     ['ip', 'route', 'get', address])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 314, in _execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     check_exit_code=check_exit_code)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 550, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     raise RuntimeError(m)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError:
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 1
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: ''
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec
2014-12-24 13:30:22.965 24920 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-fd8e2460-6542-40ab-bf41-6d2e403dce74', 'ipsec', 'whack', '--ctlbase', '/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto', '--status']
Exit code: 1
Stdout: ''
Stderr: 'whack: Pluto is not running (no "/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto.ctl")\n'
2014-12-24 13:30:23.751 24920 ERROR neutron.agent.linux.utils [req-be9b2275-a022-4f03-aa4c-65fc187046a9 None]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
Exit code: 1
Stdout: ''
Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: vpnaas

** Description changed:

  Hi all
+ 
+ I'm one Juno (2014.2.1)
  
  as of https://wiki.openstack.org/wiki/Neutron/VPNaaS#ipsec-site-
  connection_Resource it should be possible to create ipsec site
  connections with a peer fqdn.
  
  When adding a new IPSec site connection with --peer-address <fqdn> I get
  the following error in vpn-agent logs on network node:
  
  2014-12-24 13:30:22.807 24920 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last):
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 242, in enable
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     self.restart()
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 342, in restart
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     self.start()
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 389, in start
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     nexthop = self._get_nexthop(ipsec_site_conn['peer_address'])
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 347, in _get_nexthop
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     ['ip', 'route', 'get', address])
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 314, in _execute
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     check_exit_code=check_exit_code)
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 550, in execute
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes)
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     raise RuntimeError(m)
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError:
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 1
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: ''
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec
  2014-12-24 13:30:22.965 24920 ERROR neutron.agent.linux.utils [-]
  Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-fd8e2460-6542-40ab-bf41-6d2e403dce74', 'ipsec', 'whack', '--ctlbase', '/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto', '--status']
  Exit code: 1
  Stdout: ''
  Stderr: 'whack: Pluto is not running (no "/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto.ctl")\n'
  2014-12-24 13:30:23.751 24920 ERROR neutron.agent.linux.utils [req-be9b2275-a022-4f03-aa4c-65fc187046a9 None]
  Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
  Exit code: 1
  Stdout: ''
  Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
  2014-12-24

** Description changed:

  Hi all
- 
- I'm one Juno (2014.2.1)
  
  as of https://wiki.openstack.org/wiki/Neutron/VPNaaS#ipsec-site-
  connection_Resource it should be possible to create ipsec site
  connections with a peer fqdn.
  
  When adding a new IPSec site connection with --peer-address <fqdn> I get
- the following error in vpn-agent logs on network node:
+ the an error in vpn-agent logs on network node and VPN for that router
+ wont be enabled.
+ 
+ 
+ I'm adding the connection like this:
+ neutron ipsec-site-connection-create --psk 'XXXX' --peer-id "@tobi.dyndns.org" --peer-cidr 192.168.178.0/24 --peer-address "tobi.dyndns.org" --vpnservice-id     af2979de-4800-43b3-ae8a-e85ede71bf8c --ikepolicy-id     ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1 --ipsecpolicy-id     4daba6a6-ac7f-4e37-b8ce-441c043b8285  --name "Tobi Home" 
+ 
+ Created a new ipsec_site_connection:
+ +----------------+----------------------------------------------------+
+ | Field          | Value                                              |
+ +----------------+----------------------------------------------------+
+ | admin_state_up | True                                               |
+ | auth_mode      | psk                                                |
+ | description    |                                                    |
+ | dpd            | {"action": "hold", "interval": 30, "timeout": 120} |
+ | id             | 1c57278b-1633-4637-ae8d-f9dfc57cddcc               |
+ | ikepolicy_id   | ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1               |
+ | initiator      | bi-directional                                     |
+ | ipsecpolicy_id | 4daba6a6-ac7f-4e37-b8ce-441c043b8285               |
+ | mtu            | 1500                                               |
+ | name           | Tobi Home                                          |
+ | peer_address   | tobi.dyndns.org                                   |
+ | peer_cidrs     | 192.168.178.0/24                                   |
+ | peer_id        | tobi.dyndns.org                                   |
+ | psk            | XXX                     |
+ | route_mode     | static                                             |
+ | status         | PENDING_CREATE                                     |
+ | tenant_id      | 46fcbd40f9b34a1b96fcf91ae84c9bba                   |
+ | vpnservice_id  | af2979de-4800-43b3-ae8a-e85ede71bf8c               |
+ +----------------+----------------------------------------------------+
+ 
+ Log:
  
  2014-12-24 13:30:22.807 24920 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last):
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 242, in enable
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     self.restart()
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 342, in restart
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     self.start()
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 389, in start
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     nexthop = self._get_nexthop(ipsec_site_conn['peer_address'])
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 347, in _get_nexthop
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     ['ip', 'route', 'get', address])
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 314, in _execute
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     check_exit_code=check_exit_code)
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 550, in execute
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes)
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     raise RuntimeError(m)
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError:
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 1
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: ''
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec
  2014-12-24 13:30:22.965 24920 ERROR neutron.agent.linux.utils [-]
  Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-fd8e2460-6542-40ab-bf41-6d2e403dce74', 'ipsec', 'whack', '--ctlbase', '/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto', '--status']
  Exit code: 1
  Stdout: ''
  Stderr: 'whack: Pluto is not running (no "/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto.ctl")\n'
  2014-12-24 13:30:23.751 24920 ERROR neutron.agent.linux.utils [req-be9b2275-a022-4f03-aa4c-65fc187046a9 None]
  Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
  Exit code: 1
  Stdout: ''
  Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
  2014-12-24

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1405413

Title:
  VPN IPSec connection with fqdn not possible

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Hi all

  as of https://wiki.openstack.org/wiki/Neutron/VPNaaS#ipsec-site-
  connection_Resource it should be possible to create ipsec site
  connections with a peer fqdn.

  When adding a new IPSec site connection with --peer-address <fqdn> I
  get the an error in vpn-agent logs on network node and VPN for that
  router wont be enabled.

  
  I'm adding the connection like this:
  neutron ipsec-site-connection-create --psk 'XXXX' --peer-id "@tobi.dyndns.org" --peer-cidr 192.168.178.0/24 --peer-address "tobi.dyndns.org" --vpnservice-id     af2979de-4800-43b3-ae8a-e85ede71bf8c --ikepolicy-id     ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1 --ipsecpolicy-id     4daba6a6-ac7f-4e37-b8ce-441c043b8285  --name "Tobi Home" 

  Created a new ipsec_site_connection:
  +----------------+----------------------------------------------------+
  | Field          | Value                                              |
  +----------------+----------------------------------------------------+
  | admin_state_up | True                                               |
  | auth_mode      | psk                                                |
  | description    |                                                    |
  | dpd            | {"action": "hold", "interval": 30, "timeout": 120} |
  | id             | 1c57278b-1633-4637-ae8d-f9dfc57cddcc               |
  | ikepolicy_id   | ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1               |
  | initiator      | bi-directional                                     |
  | ipsecpolicy_id | 4daba6a6-ac7f-4e37-b8ce-441c043b8285               |
  | mtu            | 1500                                               |
  | name           | Tobi Home                                          |
  | peer_address   | tobi.dyndns.org                                   |
  | peer_cidrs     | 192.168.178.0/24                                   |
  | peer_id        | tobi.dyndns.org                                   |
  | psk            | XXX                     |
  | route_mode     | static                                             |
  | status         | PENDING_CREATE                                     |
  | tenant_id      | 46fcbd40f9b34a1b96fcf91ae84c9bba                   |
  | vpnservice_id  | af2979de-4800-43b3-ae8a-e85ede71bf8c               |
  +----------------+----------------------------------------------------+

  Log:

  2014-12-24 13:30:22.807 24920 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last):
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 242, in enable
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     self.restart()
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 342, in restart
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     self.start()
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 389, in start
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     nexthop = self._get_nexthop(ipsec_site_conn['peer_address'])
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 347, in _get_nexthop
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     ['ip', 'route', 'get', address])
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 314, in _execute
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     check_exit_code=check_exit_code)
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 550, in execute
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes)
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec     raise RuntimeError(m)
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError:
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 1
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: ''
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
  2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec
  2014-12-24 13:30:22.965 24920 ERROR neutron.agent.linux.utils [-]
  Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-fd8e2460-6542-40ab-bf41-6d2e403dce74', 'ipsec', 'whack', '--ctlbase', '/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto', '--status']
  Exit code: 1
  Stdout: ''
  Stderr: 'whack: Pluto is not running (no "/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto.ctl")\n'
  2014-12-24 13:30:23.751 24920 ERROR neutron.agent.linux.utils [req-be9b2275-a022-4f03-aa4c-65fc187046a9 None]
  Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
  Exit code: 1
  Stdout: ''
  Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
  2014-12-24

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1405413/+subscriptions


Follow ups

References