yahoo-eng-team team mailing list archive

[Li Xiao <1701413@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

When IPSec (openswan/libreswan/strongswan) creates a Ike policy, 
you can choose one of the phase1-negotiation-mode: main or aggressive. 
However, vpnaas can only select main, a mode, and cannot be modified.

When using IPSec (for example, libreswan) and the IKE version uses V1, 
phase1-negotiation-mode uses main, and the IPSec connection does not support the NAT schema. 
However, phase1-negotiation-mode is modified as aggressive mode, and the IPSec connection can traverse NAT.

** Affects: neutron
     Importance: Undecided
     Assignee: Li Xiao (leeshow)
         Status: In Progress

** Changed in: neutron
     Assignee: (unassigned) => Li Xiao (leeshow)

** Changed in: neutron
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1701413

Title:
  Vpnaas VPN ikepolicy does not support aggressive mode

Status in neutron:
  In Progress

Bug description:
  When IPSec (openswan/libreswan/strongswan) creates a Ike policy, 
  you can choose one of the phase1-negotiation-mode: main or aggressive. 
  However, vpnaas can only select main, a mode, and cannot be modified.

  When using IPSec (for example, libreswan) and the IKE version uses V1, 
  phase1-negotiation-mode uses main, and the IPSec connection does not support the NAT schema. 
  However, phase1-negotiation-mode is modified as aggressive mode, and the IPSec connection can traverse NAT.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1701413/+subscriptions