← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1444017] Re: [VPNaas] Libreswan driver support in VPNaaS

 

** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => liberty-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1444017

Title:
  [VPNaas] Libreswan driver support in VPNaaS

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  I am running devstack on Fedora. VPNaas is not working on
  Fedora/centos devstack.

  "neutron ipsec-site-connection-create" command is failing

  q-vpn log -
  Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-250faac2-167b-4861-9d0c-b5710bf02ee2', 'ipsec', 'pluto', '--ctlbase', '/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-b5710bf02ee2/var/run/pluto', '--ipsecdir', '/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-b5710bf02ee2/etc', '--use-netkey', '--uniqueids', '--nat_traversal', '--secretsfile', '/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-b5710bf02ee2/etc/ipsec.secrets', '--virtual_private', '%v4:10.1.0.0/24,%v4:10.2.0.0/24', '--stderrlog']

  FATAL: NSS readonly initialization
  ("/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-
  b5710bf02ee2/etc") failed (err -8015)

  Because of this error,  pluto daemon is not running.
  So VPNaas is not working on Fedora/centos devstack.

  Fedora/centos uses Libreswan for ipsec.

  From the wiki - "Libreswan is a fork of the Openswan IPSEC VPN
  implementation created by almost all of the openswan developers after
  a lawsuit about the ownership of the Openswan name was filed against
  Paul Wouters, then release manager of Openswan, in December 2012."

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1444017/+subscriptions


References