yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #96484
[Bug 1726422] Re: ike version V2 incompatible with ike_phase1_mode
This bug has not been attended in several years. I'm closing it. Please,
feel free to reopen if needed.
** Changed in: neutron
Status: New => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1726422
Title:
ike version V2 incompatible with ike_phase1_mode
Status in neutron:
Won't Fix
Bug description:
Ike version V1 divides two phases to create ike&ipsec tunnel,the ike_phase1_mode(main mode or aggresive mode) is used in first phase to negotiate ike tunnel.
Ike version v2 create ipsec sa in only one phase. If ike policy uses ike V2,it will be unnecessary to use ike_phase1_mode.
The ike policy is shown in the following,phase1_negotiation_mode should be None
root@ubuntu:~# neutron vpn-ikepolicy-show c32c991d-ecb9-460e-b829-8ce61bc8aed6
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| auth_algorithm | sha1 |
| description | |
| encryption_algorithm | aes-128 |
| id | c32c991d-ecb9-460e-b829-8ce61bc8aed6 |
| ike_version | v2 |
| lifetime | {"units": "seconds", "value": 3600} |
| name | ikepolicy_a-1-1 |
| pfs | group5 |
| phase1_negotiation_mode | main |
| project_id | 899181367cc14f498f089c82c0087637 |
| tenant_id | 899181367cc14f498f089c82c0087637 |
+-------------------------+--------------------------------------+
Now the ike_phase1_mode only support main mode,it cannot be modified to set null,it need be extended to support.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1726422/+subscriptions
References
