yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #32481
[Bug 1450094] [NEW] ipsec-site-connection-list showing status PENDING_CREATE though tunnel is up
Public bug reported:
ipsec-site-connection-list showing status PENDING_CREATE for strongswan
driver, though tunnel is up
The tunnel is up, and see that the packets are having esp as protocol.
ipsec status also show Security Associations
ip xfrm policy & ip xfrm state also showing valid info.
Still ipsec-site-connection-list showing status as PENDING_CREATE.
Command: ['sudo', '/usr/local/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-44872765-4b50-4ac9-badf-8d41432975ed', 'neutron-vpn-netns-wrapper', '--mount_paths=/etc:/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/etc,/var/run:/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/var/run', '--cmd=ipsec,status']
Exit code: 0
Stdin:
Stdout: Command: ['mount', '--bind', '/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/etc', '/etc'] Exit code: 0 Stdout: Stderr: Command: ['mount', '--bind', '/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/var/run', '/var/run'] Exit code: 0 Stdout: Stderr: Command: ['ipsec', 'status'] Exit code: 0 Stdout: Routed Connections:
a044ebee-24e7-40a9-966a-42f348f36b30{1}: ROUTED, TUNNEL
a044ebee-24e7-40a9-966a-42f348f36b30{1}: 10.2.0.0/24 === 10.1.0.0/24
Security Associations (1 up, 0 connecting):
a044ebee-24e7-40a9-966a-42f348f36b30[3]: ESTABLISHED 36 minutes ago, 172.24.4.6[172.24.4.6]...172.24.4.5[172.24.4.5]
a044ebee-24e7-40a9-966a-42f348f36b30{1}: INSTALLED, TUNNEL, ESP SPIs: c5ac2539_i cdc26f87_o
a044ebee-24e7-40a9-966a-42f348f36b30{1}: 10.2.0.0/24 === 10.1.0.0/24
ubuntu@stack:~$ sudo ip netns exec qrouter-52e07469-908a-4d09-8c7e-118d447a76b4 ip xfrm policy
src 10.2.0.0/24 dst 10.1.0.0/24
dir fwd priority 1859
tmpl src 172.24.4.6 dst 172.24.4.5
proto esp reqid 1 mode tunnel
src 10.2.0.0/24 dst 10.1.0.0/24
dir in priority 1859
tmpl src 172.24.4.6 dst 172.24.4.5
proto esp reqid 1 mode tunnel
src 10.1.0.0/24 dst 10.2.0.0/24
dir out priority 1859
tmpl src 172.24.4.5 dst 172.24.4.6
proto esp reqid 1 mode tunnel
ubuntu@stack:~$ sudo ip netns exec qrouter-52e07469-908a-4d09-8c7e-118d447a76b4 ip xfrm state
src 172.24.4.5 dst 172.24.4.6
proto esp spi 0xca3c62ad reqid 1 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha1) 0x16b3e73abbdf33710c85c83ffa3387b2152c771e 96
enc cbc(aes) 0xcbecf8d670e502367b71b202daafebde
src 172.24.4.6 dst 172.24.4.5
proto esp spi 0xc158abb3 reqid 1 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha1) 0x13a7135db1eb5b8debc47ece4ff98b2ff7fba2e8 96
enc cbc(aes) 0x76bee8300a87b65325bd6b5add956e39
** Affects: neutron
Importance: Undecided
Assignee: venkata anil (anil-venkata)
Status: New
** Tags: vpnaas
** Changed in: neutron
Assignee: (unassigned) => venkata anil (anil-venkata)
** Tags added: vpnaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1450094
Title:
ipsec-site-connection-list showing status PENDING_CREATE though tunnel
is up
Status in OpenStack Neutron (virtual network service):
New
Bug description:
ipsec-site-connection-list showing status PENDING_CREATE for
strongswan driver, though tunnel is up
The tunnel is up, and see that the packets are having esp as protocol.
ipsec status also show Security Associations
ip xfrm policy & ip xfrm state also showing valid info.
Still ipsec-site-connection-list showing status as PENDING_CREATE.
Command: ['sudo', '/usr/local/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-44872765-4b50-4ac9-badf-8d41432975ed', 'neutron-vpn-netns-wrapper', '--mount_paths=/etc:/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/etc,/var/run:/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/var/run', '--cmd=ipsec,status']
Exit code: 0
Stdin:
Stdout: Command: ['mount', '--bind', '/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/etc', '/etc'] Exit code: 0 Stdout: Stderr: Command: ['mount', '--bind', '/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/var/run', '/var/run'] Exit code: 0 Stdout: Stderr: Command: ['ipsec', 'status'] Exit code: 0 Stdout: Routed Connections:
a044ebee-24e7-40a9-966a-42f348f36b30{1}: ROUTED, TUNNEL
a044ebee-24e7-40a9-966a-42f348f36b30{1}: 10.2.0.0/24 === 10.1.0.0/24
Security Associations (1 up, 0 connecting):
a044ebee-24e7-40a9-966a-42f348f36b30[3]: ESTABLISHED 36 minutes ago, 172.24.4.6[172.24.4.6]...172.24.4.5[172.24.4.5]
a044ebee-24e7-40a9-966a-42f348f36b30{1}: INSTALLED, TUNNEL, ESP SPIs: c5ac2539_i cdc26f87_o
a044ebee-24e7-40a9-966a-42f348f36b30{1}: 10.2.0.0/24 === 10.1.0.0/24
ubuntu@stack:~$ sudo ip netns exec qrouter-52e07469-908a-4d09-8c7e-118d447a76b4 ip xfrm policy
src 10.2.0.0/24 dst 10.1.0.0/24
dir fwd priority 1859
tmpl src 172.24.4.6 dst 172.24.4.5
proto esp reqid 1 mode tunnel
src 10.2.0.0/24 dst 10.1.0.0/24
dir in priority 1859
tmpl src 172.24.4.6 dst 172.24.4.5
proto esp reqid 1 mode tunnel
src 10.1.0.0/24 dst 10.2.0.0/24
dir out priority 1859
tmpl src 172.24.4.5 dst 172.24.4.6
proto esp reqid 1 mode tunnel
ubuntu@stack:~$ sudo ip netns exec qrouter-52e07469-908a-4d09-8c7e-118d447a76b4 ip xfrm state
src 172.24.4.5 dst 172.24.4.6
proto esp spi 0xca3c62ad reqid 1 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha1) 0x16b3e73abbdf33710c85c83ffa3387b2152c771e 96
enc cbc(aes) 0xcbecf8d670e502367b71b202daafebde
src 172.24.4.6 dst 172.24.4.5
proto esp spi 0xc158abb3 reqid 1 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha1) 0x13a7135db1eb5b8debc47ece4ff98b2ff7fba2e8 96
enc cbc(aes) 0x76bee8300a87b65325bd6b5add956e39
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1450094/+subscriptions
Follow ups
References
