yahoo-eng-team team mailing list archive

[OpenStack Infra <1938571@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/c/openstack/neutron-vpnaas/+/895824
Committed: https://opendev.org/openstack/neutron-vpnaas/commit/55558e8f3b5a1d0108771d712b699e87839146a3
Submitter: "Zuul (22348)"
Branch:    master

commit 55558e8f3b5a1d0108771d712b699e87839146a3
Author: Bodo Petermann <b.petermann@xxxxxxxxxxxx>
Date:   Tue Sep 19 15:58:56 2023 +0200

    Support for libreswan 4
    
    With libreswan 4 some command line option changed, the rundir is now
    /run/pluto instead of /var/run/pluto, and nat_traversal must not be set
    in ipsec.conf.
    Adapt the libreswan device driver accordingly.
    Users will require libreswan v4.0 or higher, compatibility with v3.x is
    not maintained.
    
    Closes-Bug: #1938571
    Change-Id: Ib55e3c3f9cfbe3dfe1241ace8c821256d7fc174a


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1938571

Title:
  vpnaas problem:ipsec pluto not running centos 8 victoria wallaby

Status in neutron:
  Fix Released

Bug description:
  Hello. 
  I apologize if I don't do things right to explain the bug.
  I am using Centos 8 and I install openstak with, kolla ansible. Whether it is Ussuri, Victoria or Wallaby, when establishing the connection between the 2 networks(with vpnaas), the error message is as follows:
  ipsec whack --status" (no "/run/pluto/pluto.ctl")

  The problem would be present with the Libreswan version 4.X which does not include the option "--use-netkey " used by the ipsec pluto command 
  This option was present in Libreswan 3.X.
  So the command "ipsec pluto....." failed , so no "/run/pluto/pluto.ctl".

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1938571/+subscriptions