← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #34653

[Bug 1450479] Re: left=<ipv6_addr> not allowed when gw has both v4 & v6 address

  Thread PreviousDate PreviousThread Next 
** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => liberty-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1450479

Title:
  left=<ipv6_addr> not allowed when gw has both v4 & v6 address

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  No ipv6 address assigned to ipsec.conf 'left' and "leftid" paramter if gateway has both ipv4 and ipv6 addresses.
  Gateway has both ipv4 and ipv6 address as public network has both ipv4 and ipv6 subnets.
  I am trying vpn-service and ipsec-site-connection create with ipv6, 

  neutron vpn-service-create --name myvpn --description "My vpn service" router1 ipv6-private-subnet
  neutron ipsec-site-connection-create --name vpnconnection2 --vpnservice-id myvpnB --ikepolicy-id ikepolicy --ipsecpolicy-id ipsecpolicy --peer-address 2001:db8::3 --peer-id 2001:db8::3 --peer-cidr fd8c:26c9:6aef::/64 --psk secret

  Still only ipv4 address is assigned to "left" and "leftid" params in ipsec.conf.
  As I am trying ipsec-site-connection with ipv6(gave ipv6 subnet during vpn-service-create), ipv6 address should be assigned to these params.

  cat /opt/stack/data/neutron/ipsec/909081d8-db4c-4644-8cea-c52db27bd7e6/etc/ipsec.conf
  conn 7ca1246e-8fd8-416a-9b39-f1b936760c59
      keyexchange=ikev1
      left=172.24.4.3
      leftsubnet=fd8c:26c9:6aef::/64
      leftid=172.24.4.3
      leftfirewall=yes
      right=2001:db8::4
      rightsubnet=1001::/64
      rightid=2001:db8::4
      auto=route

  I think we are always selecting the first address for "external_ip"
  for vpn_service

  def make_vpnservice_dict(self, vpnservice):
          vpnservice_dict['external_ip'] = vpnservice.router.gw_port[
              'fixed_ips'][0]['ip_address']

  Need to fix this based on ip version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1450479/+subscriptions

References

  Thread PreviousDate PreviousThread Next