yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #31083
[Bug 1440650] [NEW] VPNaas-IPsec site connection is still active evenif IPsec service on Host OS is stopped and VM across the site are still able to ping each other
Public bug reported:
In the devstack setup with VPNaas enabled:
1. Establish a IPsec site connection between 2 devstack clouds.
2. Verify that the connection is active from both ends.
3. Now run "service ipsec stop" on either of the cloud.
4. Now check the status of IPsec site connection, it will still show active on both ends, and the VMs launched on both clouds are still accessible using the private IP. -issue 1
5. If we kill Pluto process also, then the IPsec site connection goes down.
6. If before creating the IPsec site connection IPsec service was stopped, after that if we create IPsec site connection it doesnot become active even after starting the IPsec service.-issue 2
** Affects: neutron
Importance: Undecided
Status: New
** Description changed:
In the devstack setup with VPNaas enabled:
1. Establish a IPsec connection between 2 devstack clouds.
2. Verify that the connection is active from both ends.
3. Now run "service ipsec status" on either of the cloud.
+
+ $ service ipsec status
+ IPsec running - pluto pid: 8489
+ pluto pid 8489
+ No tunnels up
+
+ 4. ipsec status shows that there is no tunnel up -issue 1
+ 5. If we kill Pluto process also, then the IPsec site connection goes down.
+ 6. If before creating the IPsec site connection IPsec service was stopped, after that if we create IPsec site connection it doesnot become active even after starting the IPsec service.-issue 2
** Description changed:
In the devstack setup with VPNaas enabled:
- 1. Establish a IPsec connection between 2 devstack clouds.
+ 1. Establish a IPsec site connection between 2 devstack clouds.
2. Verify that the connection is active from both ends.
3. Now run "service ipsec status" on either of the cloud.
$ service ipsec status
IPsec running - pluto pid: 8489
pluto pid 8489
No tunnels up
4. ipsec status shows that there is no tunnel up -issue 1
5. If we kill Pluto process also, then the IPsec site connection goes down.
6. If before creating the IPsec site connection IPsec service was stopped, after that if we create IPsec site connection it doesnot become active even after starting the IPsec service.-issue 2
** Description changed:
In the devstack setup with VPNaas enabled:
1. Establish a IPsec site connection between 2 devstack clouds.
2. Verify that the connection is active from both ends.
- 3. Now run "service ipsec status" on either of the cloud.
-
- $ service ipsec status
- IPsec running - pluto pid: 8489
- pluto pid 8489
- No tunnels up
-
- 4. ipsec status shows that there is no tunnel up -issue 1
+ 3. Now run "service ipsec stop" on either of the cloud.
+ 4. Now check the status of IPsec site connection, it will still show active on both ends.
5. If we kill Pluto process also, then the IPsec site connection goes down.
6. If before creating the IPsec site connection IPsec service was stopped, after that if we create IPsec site connection it doesnot become active even after starting the IPsec service.-issue 2
** Description changed:
In the devstack setup with VPNaas enabled:
1. Establish a IPsec site connection between 2 devstack clouds.
2. Verify that the connection is active from both ends.
3. Now run "service ipsec stop" on either of the cloud.
- 4. Now check the status of IPsec site connection, it will still show active on both ends.
+ 4. Now check the status of IPsec site connection, it will still show active on both ends, and the VMs launched on both clouds are still accessible using the private IP. -issue 1
5. If we kill Pluto process also, then the IPsec site connection goes down.
6. If before creating the IPsec site connection IPsec service was stopped, after that if we create IPsec site connection it doesnot become active even after starting the IPsec service.-issue 2
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1440650
Title:
VPNaas-IPsec site connection is still active evenif IPsec service on
Host OS is stopped and VM across the site are still able to ping each
other
Status in OpenStack Neutron (virtual network service):
New
Bug description:
In the devstack setup with VPNaas enabled:
1. Establish a IPsec site connection between 2 devstack clouds.
2. Verify that the connection is active from both ends.
3. Now run "service ipsec stop" on either of the cloud.
4. Now check the status of IPsec site connection, it will still show active on both ends, and the VMs launched on both clouds are still accessible using the private IP. -issue 1
5. If we kill Pluto process also, then the IPsec site connection goes down.
6. If before creating the IPsec site connection IPsec service was stopped, after that if we create IPsec site connection it doesnot become active even after starting the IPsec service.-issue 2
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1440650/+subscriptions
Follow ups
References
