yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #32095
[Bug 1316733] Re: VPNAAS :Updating the PSK on one site puts that ipsec site connection down but other site is still active
Per Paul's comments in #6, marking invalid.
** Changed in: neutron
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316733
Title:
VPNAAS :Updating the PSK on one site puts that ipsec site connection
down but other site is still active
Status in OpenStack Neutron (virtual network service):
Invalid
Bug description:
Steps to Reproduce:
1.Create two site with vpn service,vpn ike policy,ipsec policy and ipsec site connection.
2. Make sure the vm across the sit are able to ping each other with successfull tunnel creation .
3.Check the status of the operation on both the sites:
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 9111b9ce-8db8-45e1-9364-f8471d42c7cd | vpnconnection1 | $peer_address2 | "10.10.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
For other site:
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 8af2322c-aaac-4de1-b026-d5a2afdc3845 | vpnconnection1 | $peer_address1 | "11.11.1.0/24" | static | psk | ACTIVE |
4. Update the psk on one site :
neutron ipsec-site-connection-update 9111b9ce-8db8-45e1-9364-f8471d42c7cd --psk secret1
Updated ipsec_site_connection: 9111b9ce-8db8-45e1-9364-f8471d42c7cd
4. Check the status of both the site:
neutron ipsec-site-connection show 9111b9ce-8db8-45e1-9364-f8471d42c7cd
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 9111b9ce-8db8-45e1-9364-f8471d42c7cd |
| ikepolicy_id | f66c642a-895e-4eed-8af3-513d4dd3c370 |
| initiator | bi-directional |
| ipsecpolicy_id | e37f88e0-39ca-4b7c-a55f-566f6f015dc7 |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $peer_address1 |
| peer_cidrs | 10.10.1.0/24 |
| peer_id $peer_address1 |
| psk | secret1 |
| route_mode | static |
| status | DOWN |
| tenant_id | d209c7ac08304ff48c59a53c2c47516c |
| vpnservice_id | 08f2fd69-78c0-4584-863f-e5d2d83cfe88 |
+----------------+----------------------------------------------------+
On other site:
neutron ipsec-site-connection show 8af2322c-aaac-4de1-b026-d5a2afdc3845
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 8af2322c-aaac-4de1-b026-d5a2afdc3845 |
| ikepolicy_id | 98b51a2c-3dc0-4fef-9e67-2591e20218de |
| initiator | bi-directional |
| ipsecpolicy_id | 67ba0e7d-2f8e-450a-8163-4063e503443d |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $peer_address2 |
| peer_cidrs | 11.11.1.0/24 |
| peer_id | $peer_address2 |
| psk | secret |
| route_mode | static |
| status | ACTIVE |
| tenant_id | 9d199ee4597649a6886578c565e933bc |
| vpnservice_id | 58caaf89-ecc2-4cf4-a86c-374b2d22dc35 |
+----------------+----------------------------------------------------+
Serverlog shows:
2014-05-02 11:57:10.565 20800 DEBUG neutron.api.v2.base [req-bf709a98-49d7-4414-81e7-a13ad1c40de6 None] Request body: {u'ipsec_site_connection': {u'psk': u'secret1'}} prepare_request_body /usr/lib/python2.7/dist-packages/neutron/api/v2/base.py:554
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316733/+subscriptions
References
