← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1876040] Re: vpnaas single router not support multiple different peers

 

solved:
if r1 use one vpn service to create two connection to r2 and r3, 

the two connection will all be ACTIVE.

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1876040

Title:
  vpnaas single router not support multiple different peers

Status in neutron:
  Invalid

Bug description:
  I have three routers(r1,r2,r3). there are two vpn connections,
  connection1 between r1 and r2, connection2 between r1 and r3.

  router external ip address:
  r1: 10.142.254.169
  r2: 10.142.254.175 
  r3: 10.142.254.34


  It seems in the sant namespace of r1, the ipsec config template will
  only generated to support single peer. so connection 1 & 2 will not be
  both ACTIVE.

  ipsec.conf in r1:
  #########################################################################################
  # Configuration for 40975e49-4102-4511-aba4-181ea40bf7c3
  config setup
      nat_traversal=yes
      virtual_private=%v4:10.0.1.0/25,%v4:10.0.3.0/25
  conn %default
      keylife=60m
      keyingtries=%forever
  conn 5a56a354-7438-42ef-8fef-0c0bf743f38c
      # NOTE: a default route is required for %defaultroute to work...
      leftnexthop=%defaultroute
      rightnexthop=%defaultroute
      left=10.142.254.169
      leftid=10.142.254.169
      auto=start
      # NOTE:REQUIRED
      # [subnet]
      leftsubnet=10.0.1.0/25
      # [updown]
      # What "updown" script to run to adjust routing and/or firewalling when
      # the status of the connection changes (default "ipsec _updown").
      # "--route yes" allows to specify such routing options as mtu and metric.
      leftupdown="ipsec _updown --route yes"
      ######################
      # ipsec_site_connections
      ######################
      # [peer_address]
      right=10.142.254.34
      # [peer_id]
      rightid=10.142.254.34
      # [peer_cidrs]
      rightsubnets={ 10.0.3.0/25 }
      # rightsubnet=networkA/netmaskA, networkB/netmaskB (IKEv2 only)
      # [mtu]
      mtu=1500
      # [dpd_action]
      dpdaction=hold
      # [dpd_interval]
      dpddelay=30
      # [dpd_timeout]
      dpdtimeout=120
      # [auth_mode]
      authby=secret
      ######################
      # IKEPolicy params
      ######################
      #ike version
      ikev2=never
      # [encryption_algorithm]-[auth_algorithm]-[pfs]
      ike=aes128-sha1;modp1536
      # [lifetime_value]
      ikelifetime=3600s
      # NOTE: it looks lifetime_units=kilobytes can't be enforced (could be seconds,  hours,  days...)
      ##########################
      # IPsecPolicys params
      ##########################
      # [transform_protocol]
      phase2=esp
      # [encryption_algorithm]-[auth_algorithm]-[pfs]
      phase2alg=aes128-sha1;modp1536
      # [encapsulation_mode]
      type=tunnel
      # [lifetime_value]
      lifetime=3600s
      # lifebytes=100000 if lifetime_units=kilobytes (IKEv2 only)

  #########################################################################################

  
  Has anybody else experienced this problem?

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1876040/+subscriptions


References