yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #26466
[Bug 1405413] [NEW] VPN IPSec connection with fqdn not possible
Public bug reported:
Hi all
as of https://wiki.openstack.org/wiki/Neutron/VPNaaS#ipsec-site-
connection_Resource it should be possible to create ipsec site
connections with a peer fqdn.
When adding a new IPSec site connection with --peer-address <fqdn> I get
the an error in vpn-agent logs on network node and VPN for that router
wont be enabled.
I'm adding the connection like this:
neutron ipsec-site-connection-create --psk 'XXXX' --peer-id "@tobi.dyndns.org" --peer-cidr 192.168.178.0/24 --peer-address "tobi.dyndns.org" --vpnservice-id af2979de-4800-43b3-ae8a-e85ede71bf8c --ikepolicy-id ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1 --ipsecpolicy-id 4daba6a6-ac7f-4e37-b8ce-441c043b8285 --name "Tobi Home"
Created a new ipsec_site_connection:
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 1c57278b-1633-4637-ae8d-f9dfc57cddcc |
| ikepolicy_id | ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1 |
| initiator | bi-directional |
| ipsecpolicy_id | 4daba6a6-ac7f-4e37-b8ce-441c043b8285 |
| mtu | 1500 |
| name | Tobi Home |
| peer_address | tobi.dyndns.org |
| peer_cidrs | 192.168.178.0/24 |
| peer_id | tobi.dyndns.org |
| psk | XXX |
| route_mode | static |
| status | PENDING_CREATE |
| tenant_id | 46fcbd40f9b34a1b96fcf91ae84c9bba |
| vpnservice_id | af2979de-4800-43b3-ae8a-e85ede71bf8c |
+----------------+----------------------------------------------------+
Log:
2014-12-24 13:30:22.807 24920 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 242, in enable
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec self.restart()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 342, in restart
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec self.start()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 389, in start
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec nexthop = self._get_nexthop(ipsec_site_conn['peer_address'])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 347, in _get_nexthop
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec ['ip', 'route', 'get', address])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 314, in _execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 550, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec raise RuntimeError(m)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError:
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 1
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: ''
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec
2014-12-24 13:30:22.965 24920 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-fd8e2460-6542-40ab-bf41-6d2e403dce74', 'ipsec', 'whack', '--ctlbase', '/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto', '--status']
Exit code: 1
Stdout: ''
Stderr: 'whack: Pluto is not running (no "/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto.ctl")\n'
2014-12-24 13:30:23.751 24920 ERROR neutron.agent.linux.utils [req-be9b2275-a022-4f03-aa4c-65fc187046a9 None]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
Exit code: 1
Stdout: ''
Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24
** Affects: neutron
Importance: Undecided
Status: New
** Tags: vpnaas
** Description changed:
Hi all
+
+ I'm one Juno (2014.2.1)
as of https://wiki.openstack.org/wiki/Neutron/VPNaaS#ipsec-site-
connection_Resource it should be possible to create ipsec site
connections with a peer fqdn.
When adding a new IPSec site connection with --peer-address <fqdn> I get
the following error in vpn-agent logs on network node:
2014-12-24 13:30:22.807 24920 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 242, in enable
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec self.restart()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 342, in restart
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec self.start()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 389, in start
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec nexthop = self._get_nexthop(ipsec_site_conn['peer_address'])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 347, in _get_nexthop
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec ['ip', 'route', 'get', address])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 314, in _execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 550, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec raise RuntimeError(m)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError:
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 1
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: ''
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec
2014-12-24 13:30:22.965 24920 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-fd8e2460-6542-40ab-bf41-6d2e403dce74', 'ipsec', 'whack', '--ctlbase', '/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto', '--status']
Exit code: 1
Stdout: ''
Stderr: 'whack: Pluto is not running (no "/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto.ctl")\n'
2014-12-24 13:30:23.751 24920 ERROR neutron.agent.linux.utils [req-be9b2275-a022-4f03-aa4c-65fc187046a9 None]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
Exit code: 1
Stdout: ''
Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24
** Description changed:
Hi all
-
- I'm one Juno (2014.2.1)
as of https://wiki.openstack.org/wiki/Neutron/VPNaaS#ipsec-site-
connection_Resource it should be possible to create ipsec site
connections with a peer fqdn.
When adding a new IPSec site connection with --peer-address <fqdn> I get
- the following error in vpn-agent logs on network node:
+ the an error in vpn-agent logs on network node and VPN for that router
+ wont be enabled.
+
+
+ I'm adding the connection like this:
+ neutron ipsec-site-connection-create --psk 'XXXX' --peer-id "@tobi.dyndns.org" --peer-cidr 192.168.178.0/24 --peer-address "tobi.dyndns.org" --vpnservice-id af2979de-4800-43b3-ae8a-e85ede71bf8c --ikepolicy-id ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1 --ipsecpolicy-id 4daba6a6-ac7f-4e37-b8ce-441c043b8285 --name "Tobi Home"
+
+ Created a new ipsec_site_connection:
+ +----------------+----------------------------------------------------+
+ | Field | Value |
+ +----------------+----------------------------------------------------+
+ | admin_state_up | True |
+ | auth_mode | psk |
+ | description | |
+ | dpd | {"action": "hold", "interval": 30, "timeout": 120} |
+ | id | 1c57278b-1633-4637-ae8d-f9dfc57cddcc |
+ | ikepolicy_id | ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1 |
+ | initiator | bi-directional |
+ | ipsecpolicy_id | 4daba6a6-ac7f-4e37-b8ce-441c043b8285 |
+ | mtu | 1500 |
+ | name | Tobi Home |
+ | peer_address | tobi.dyndns.org |
+ | peer_cidrs | 192.168.178.0/24 |
+ | peer_id | tobi.dyndns.org |
+ | psk | XXX |
+ | route_mode | static |
+ | status | PENDING_CREATE |
+ | tenant_id | 46fcbd40f9b34a1b96fcf91ae84c9bba |
+ | vpnservice_id | af2979de-4800-43b3-ae8a-e85ede71bf8c |
+ +----------------+----------------------------------------------------+
+
+ Log:
2014-12-24 13:30:22.807 24920 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 242, in enable
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec self.restart()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 342, in restart
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec self.start()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 389, in start
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec nexthop = self._get_nexthop(ipsec_site_conn['peer_address'])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 347, in _get_nexthop
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec ['ip', 'route', 'get', address])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 314, in _execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 550, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec raise RuntimeError(m)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError:
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 1
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: ''
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec
2014-12-24 13:30:22.965 24920 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-fd8e2460-6542-40ab-bf41-6d2e403dce74', 'ipsec', 'whack', '--ctlbase', '/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto', '--status']
Exit code: 1
Stdout: ''
Stderr: 'whack: Pluto is not running (no "/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto.ctl")\n'
2014-12-24 13:30:23.751 24920 ERROR neutron.agent.linux.utils [req-be9b2275-a022-4f03-aa4c-65fc187046a9 None]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
Exit code: 1
Stdout: ''
Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1405413
Title:
VPN IPSec connection with fqdn not possible
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Hi all
as of https://wiki.openstack.org/wiki/Neutron/VPNaaS#ipsec-site-
connection_Resource it should be possible to create ipsec site
connections with a peer fqdn.
When adding a new IPSec site connection with --peer-address <fqdn> I
get the an error in vpn-agent logs on network node and VPN for that
router wont be enabled.
I'm adding the connection like this:
neutron ipsec-site-connection-create --psk 'XXXX' --peer-id "@tobi.dyndns.org" --peer-cidr 192.168.178.0/24 --peer-address "tobi.dyndns.org" --vpnservice-id af2979de-4800-43b3-ae8a-e85ede71bf8c --ikepolicy-id ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1 --ipsecpolicy-id 4daba6a6-ac7f-4e37-b8ce-441c043b8285 --name "Tobi Home"
Created a new ipsec_site_connection:
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 1c57278b-1633-4637-ae8d-f9dfc57cddcc |
| ikepolicy_id | ed4726b7-cc1a-4c3d-af4d-d4fd736f20b1 |
| initiator | bi-directional |
| ipsecpolicy_id | 4daba6a6-ac7f-4e37-b8ce-441c043b8285 |
| mtu | 1500 |
| name | Tobi Home |
| peer_address | tobi.dyndns.org |
| peer_cidrs | 192.168.178.0/24 |
| peer_id | tobi.dyndns.org |
| psk | XXX |
| route_mode | static |
| status | PENDING_CREATE |
| tenant_id | 46fcbd40f9b34a1b96fcf91ae84c9bba |
| vpnservice_id | af2979de-4800-43b3-ae8a-e85ede71bf8c |
+----------------+----------------------------------------------------+
Log:
2014-12-24 13:30:22.807 24920 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 242, in enable
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec self.restart()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 342, in restart
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec self.start()
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 389, in start
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec nexthop = self._get_nexthop(ipsec_site_conn['peer_address'])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 347, in _get_nexthop
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec ['ip', 'route', 'get', address])
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 314, in _execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 550, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec raise RuntimeError(m)
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError:
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 1
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: ''
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24 13:30:22.807 24920 TRACE neutron.services.vpn.device_drivers.ipsec
2014-12-24 13:30:22.965 24920 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-fd8e2460-6542-40ab-bf41-6d2e403dce74', 'ipsec', 'whack', '--ctlbase', '/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto', '--status']
Exit code: 1
Stdout: ''
Stderr: 'whack: Pluto is not running (no "/var/lib/neutron/ipsec/fd8e2460-6542-40ab-bf41-6d2e403dce74/var/run/pluto.ctl")\n'
2014-12-24 13:30:23.751 24920 ERROR neutron.agent.linux.utils [req-be9b2275-a022-4f03-aa4c-65fc187046a9 None]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac', 'ip', 'route', 'get', 'tobi.dyndns.org']
Exit code: 1
Stdout: ''
Stderr: 'Error: an inet prefix is expected rather than "tobi.dyndns.org".\n'
2014-12-24
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1405413/+subscriptions
Follow ups
References