yahoo-eng-team team mailing list archive

[Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>]

** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => liberty-rc1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1488764

Title:
  Create IPSec site connection with IPSec policy that specifies AH-ESP
  protocol error

Status in neutron:
  Fix Released

Bug description:
  Create IPSec site connection with IPSec policy that specifies AH-ESP
  protocol leads to the following error:

  
  2015-08-26 13:29:10.976 ERROR neutron.agent.linux.utils [req-7b4a7ccc-286e-4267-9d50-d84afa5b5663 demo 99b8d178a6784d749920414ac08bce66] 
  Command: ['ip', 'netns', 'exec', u'qrouter-552bb850-4b33-4bf9-8d6a-c7f47f6e2d27', 'ipsec', 'addconn', '--ctlbase', u'/opt/stack/data/neutron/ipsec/552bb850-4b33-4bf9-8d6a-c7f47f6e2d27/var/run/pluto.ctl', '--defaultroutenexthop', u'172.24.4.3', '--config', u'/opt/stack/data/neutron/ipsec/552bb850-4b33-4bf9-8d6a-c7f47f6e2d27/etc/ipsec.conf', u'a9587a5c-ff6e-4257-89c1-475300fc8622']
  Exit code: 34
  Stdin: 
  Stdout: 034 Must do at AH or ESP, not neither. 

  Stderr: WARNING: /opt/stack/data/neutron/ipsec/552bb850-4b33-4bf9
  -8d6a-c7f47f6e2d27/etc/ipsec.co

  2015-08-26 13:29:10.976 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [req-7b4a7ccc-286e-4267-9d50-d84afa5b5663 demo 99b8d178a6784d749920414ac08bce66] Failed to enable vpn process on router 552bb850-4b33-4bf9-8d6a-c7f47f6e2d27
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last):
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 251, in enable
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     self.start()
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 433, in start
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     ipsec_site_conn['id']
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 332, in _execute
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     extra_ok_codes=extra_ok_codes)
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/opt/stack/neutron/neutron/agent/linux/ip_lib.py", line 719, in execute
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     extra_ok_codes=extra_ok_codes, **kwargs)
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/opt/stack/neutron/neutron/agent/linux/utils.py", line 153, in execute
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     raise RuntimeError(m)
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec RuntimeError: 
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Command: ['ip', 'netns', 'exec', u'qrouter-552bb850-4b33-4bf9-8d6a-c7f47f6e2d27', 'ipsec', 'addconn', '--ctlbase', u'/opt/stack/data/neutron/ipsec/552bb850-4b33-4bf9-8d6a-c7f47f6e2d27/var/run/pluto.ctl', '--defaultroutenexthop', u'172.24.4.3', '--config', u'/opt/stack/data/neutron/ipsec/552bb850-4b33-4bf9-8d6a-c7f47f6e2d27/etc/ipsec.conf', u'a9587a5c-ff6e-4257-89c1-475300fc8622']
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Exit code: 34
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stdin: 
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stdout: 034 Must do at AH or ESP, not neither. 
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec 
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stderr: WARNING: /opt/stack/data/neutron/ipsec/552bb850-4b33-4bf9-8d6a-c7f47f6e2d27/etc/ipsec.co
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec 
  2015-08-26 13:29:10.976 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec

  
  It seems Openswan doesn't support AH-ESP combined.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1488764/+subscriptions