yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #34685
[Bug 1444017] Re: [VPNaas] Libreswan driver support in VPNaaS
** Changed in: neutron
Status: Fix Committed => Fix Released
** Changed in: neutron
Milestone: None => liberty-1
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1444017
Title:
[VPNaas] Libreswan driver support in VPNaaS
Status in OpenStack Neutron (virtual network service):
Fix Released
Bug description:
I am running devstack on Fedora. VPNaas is not working on
Fedora/centos devstack.
"neutron ipsec-site-connection-create" command is failing
q-vpn log -
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-250faac2-167b-4861-9d0c-b5710bf02ee2', 'ipsec', 'pluto', '--ctlbase', '/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-b5710bf02ee2/var/run/pluto', '--ipsecdir', '/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-b5710bf02ee2/etc', '--use-netkey', '--uniqueids', '--nat_traversal', '--secretsfile', '/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-b5710bf02ee2/etc/ipsec.secrets', '--virtual_private', '%v4:10.1.0.0/24,%v4:10.2.0.0/24', '--stderrlog']
FATAL: NSS readonly initialization
("/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-
b5710bf02ee2/etc") failed (err -8015)
Because of this error, pluto daemon is not running.
So VPNaas is not working on Fedora/centos devstack.
Fedora/centos uses Libreswan for ipsec.
From the wiki - "Libreswan is a fork of the Openswan IPSEC VPN
implementation created by almost all of the openswan developers after
a lawsuit about the ownership of the Openswan name was filed against
Paul Wouters, then release manager of Openswan, in December 2012."
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1444017/+subscriptions
References
