← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #34716

[Bug 1436890] Re: [IPv6] [VPNaaS]Error when %defaultroute assigned to leftnexthop and rightnexthop for ipv6

  Thread PreviousDate PreviousThread Next 
** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => liberty-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1436890

Title:
   [IPv6] [VPNaaS]Error when %defaultroute assigned to leftnexthop and
  rightnexthop for ipv6

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  In template/openswan/ipsec.conf.template, both leftnexthop and rightnexthop connection parameters are assigned like below,
  leftnexthop=%defaultroute
  rightnexthop=%defaultroute

  With this settings, ipsec addconn command is failing for ipv6
  addresses like below

  2015-03-26 15:09:32.006 ERROR neutron.agent.linux.utils [req-ef46a8a3-75b9-4452-83df-051d49dc263d admin 4546bfa7704845bf874241f1fb3a376b] 
  Command: ['ip', 'netns', 'exec', u'qrouter-7f361721-74a6-4734-b021-388b4b64762e', 'ipsec', 'addconn', '--ctlbase', u'/opt/stack/data/neutron/ipsec/7f3
  61721-74a6-4734-b021-388b4b64762e/var/run/pluto.ctl', '--defaultroutenexthop', u'1001::f816:3eff:feb4:a2db', '--config', u'/opt/stack/data/neutron/ips
  ec/7f361721-74a6-4734-b021-388b4b64762e/etc/ipsec.conf', u'ef7409c5-395d-44eb-91d5-875059a3b3eb']
  Exit code: 37
  Stdin: 
  Stdout: 023 address family inconsistency in this connection=10 host=10/nexthop=0
  037 attempt to load incomplete connection

  Looks like with IKEv1, parsing defaultroute for ipv6 addresses has
  problems.

  When addresses are given for  leftnexthop, instead of %defaultroute, ipsec addconn is working for ipv6. 
  i.e modified the template like below
  leftnexthop={{vpnservice.external_ip}}
  #rightnexthop (i.e not using rightnexthop)

  So, neutron shouldn't use   %defaultroute for leftnexthop and
  rightnexthop and instead assign ip6 addresses from vpnservice object.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1436890/+subscriptions

References

  Thread PreviousDate PreviousThread Next