← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #32769

[Bug 1453656] [NEW] [VPNaaS] vpnaas ipsec connection can not change from pending_create to active

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Create a vpn service, and using strongswan as its driver or libreswan.
Though the IPsec connection has already established, the status of the
ipsec connection is still in pending_create.

[root@test102 ~]# neutron ipsec-site-connection-list
+--------------------------------------+----------------+--------------+------------------+------------+-----------+----------------+
| id                                   | name           | peer_address | peer_cidrs       | route_mode | auth_mode | status         |
+--------------------------------------+----------------+--------------+------------------+------------+-----------+----------------+
| eb235a3c-85a7-45e0-b37d-8f5506b16394 | vpnconnection2 | 10.11.1.180  | "192.168.1.0/24" | static     | psk       | PENDING_CREATE |
+--------------------------------------+----------------+--------------+------------------+------------+-----------+----------------+

[root@test102 ~]# sudo neutron-rootwrap /etc/neutron/rootwrap.conf ip netns exec qrouter-1ddf1f30-7b52-471a-943e-dc105d14fd97 neutron-vpn-netns-wrapper --mount_paths=/etc:/var/lib/neutron/ipsec/1ddf1f30-7b52-471a-943e-dc105d14fd97/etc/,/var/run:/var/lib/neutron/ipsec/1ddf1f30-7b52-471a-943e-dc105d14fd97/var/run/ --cmd=strongswan,status
Command: ['mount', '--bind', '/var/lib/neutron/ipsec/1ddf1f30-7b52-471a-943e-dc105d14fd97/etc/', '/etc'] Exit code: 0 Stdout:  Stderr: Command: ['mount', '--bind', '/var/lib/neutron/ipsec/1ddf1f30-7b52-471a-943e-dc105d14fd97/var/run/', '/var/run'] Exit code: 0 Stdout:  Stderr: Command: ['strongswan', 'status'] Exit code: 0 Stdout: Routed Connections:
eb235a3c-85a7-45e0-b37d-8f5506b16394{1}:  ROUTED, TUNNEL
eb235a3c-85a7-45e0-b37d-8f5506b16394{1}:   172.16.100.0/24 === 192.168.1.0/24 
Security Associations (1 up, 0 connecting):
eb235a3c-85a7-45e0-b37d-8f5506b16394[8866]: ESTABLISHED 8 minutes ago, 10.11.1.200[10.11.1.200]...10.11.1.180[10.11.1.180]
eb235a3c-85a7-45e0-b37d-8f5506b16394{1}:  INSTALLED, TUNNEL, ESP SPIs: cddde1be_i c93b833b_o
eb235a3c-85a7-45e0-b37d-8f5506b16394{1}:   172.16.100.0/24 === 192.168.1.0/24 
 Stderr: [


No error log in vpn-agent.log

** Affects: neutron
     Importance: Undecided
     Assignee: Wei Hu (huwei-xtu)
         Status: New


** Tags: vpnaas

** Changed in: neutron
     Assignee: (unassigned) => Wei Hu (huwei-xtu)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1453656

Title:
  [VPNaaS] vpnaas ipsec connection can not change from pending_create to
  active

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Create a vpn service, and using strongswan as its driver or libreswan.
  Though the IPsec connection has already established, the status of the
  ipsec connection is still in pending_create.

  [root@test102 ~]# neutron ipsec-site-connection-list
  +--------------------------------------+----------------+--------------+------------------+------------+-----------+----------------+
  | id                                   | name           | peer_address | peer_cidrs       | route_mode | auth_mode | status         |
  +--------------------------------------+----------------+--------------+------------------+------------+-----------+----------------+
  | eb235a3c-85a7-45e0-b37d-8f5506b16394 | vpnconnection2 | 10.11.1.180  | "192.168.1.0/24" | static     | psk       | PENDING_CREATE |
  +--------------------------------------+----------------+--------------+------------------+------------+-----------+----------------+

  [root@test102 ~]# sudo neutron-rootwrap /etc/neutron/rootwrap.conf ip netns exec qrouter-1ddf1f30-7b52-471a-943e-dc105d14fd97 neutron-vpn-netns-wrapper --mount_paths=/etc:/var/lib/neutron/ipsec/1ddf1f30-7b52-471a-943e-dc105d14fd97/etc/,/var/run:/var/lib/neutron/ipsec/1ddf1f30-7b52-471a-943e-dc105d14fd97/var/run/ --cmd=strongswan,status
  Command: ['mount', '--bind', '/var/lib/neutron/ipsec/1ddf1f30-7b52-471a-943e-dc105d14fd97/etc/', '/etc'] Exit code: 0 Stdout:  Stderr: Command: ['mount', '--bind', '/var/lib/neutron/ipsec/1ddf1f30-7b52-471a-943e-dc105d14fd97/var/run/', '/var/run'] Exit code: 0 Stdout:  Stderr: Command: ['strongswan', 'status'] Exit code: 0 Stdout: Routed Connections:
  eb235a3c-85a7-45e0-b37d-8f5506b16394{1}:  ROUTED, TUNNEL
  eb235a3c-85a7-45e0-b37d-8f5506b16394{1}:   172.16.100.0/24 === 192.168.1.0/24 
  Security Associations (1 up, 0 connecting):
  eb235a3c-85a7-45e0-b37d-8f5506b16394[8866]: ESTABLISHED 8 minutes ago, 10.11.1.200[10.11.1.200]...10.11.1.180[10.11.1.180]
  eb235a3c-85a7-45e0-b37d-8f5506b16394{1}:  INSTALLED, TUNNEL, ESP SPIs: cddde1be_i c93b833b_o
  eb235a3c-85a7-45e0-b37d-8f5506b16394{1}:   172.16.100.0/24 === 192.168.1.0/24 
   Stderr: [

  
  No error log in vpn-agent.log

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1453656/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next