yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2127166] [NEW] vpnaas no config update in ipsec.conf

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Maximilian Stinsky <2127166@xxxxxxxxxxxxxxxxxx>
Date: Thu, 09 Oct 2025 08:24:33 -0000
Reply-to: Bug 2127166 <2127166@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Greetings,

while deploying vpnaas in our env and testing it, we found that updating a site connection does not change the related ipsec.conf.
Digging through the code we found that [1] seemed to introduced a regression.

A list of routers to sync is generated here [2], before [1] was merged this list was generated by getting `id` from the router dict and not `router_id` [3]
Because of this the sync_router_ids is always an empty list and not config changes are applied to the ipsec.conf of changed services.


[1] https://review.opendev.org/c/openstack/neutron-vpnaas/+/875745
[2] https://github.com/openstack/neutron-vpnaas/blob/stable/2025.1/neutron_vpnaas/services/vpn/device_drivers/ipsec.py#L1133-L1148
[3] https://github.com/openstack/neutron-vpnaas/blob/stable/2024.1/neutron_vpnaas/services/vpn/device_drivers/ipsec.py#L1126C1-L1126C63

** Affects: neutron
     Importance: Undecided
         Status: In Progress


** Tags: vpnaas

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2127166

Title:
  vpnaas no config update in ipsec.conf

Status in neutron:
  In Progress

Bug description:
  Greetings,

  while deploying vpnaas in our env and testing it, we found that updating a site connection does not change the related ipsec.conf.
  Digging through the code we found that [1] seemed to introduced a regression.

  A list of routers to sync is generated here [2], before [1] was merged this list was generated by getting `id` from the router dict and not `router_id` [3]
  Because of this the sync_router_ids is always an empty list and not config changes are applied to the ipsec.conf of changed services.

  
  [1] https://review.opendev.org/c/openstack/neutron-vpnaas/+/875745
  [2] https://github.com/openstack/neutron-vpnaas/blob/stable/2025.1/neutron_vpnaas/services/vpn/device_drivers/ipsec.py#L1133-L1148
  [3] https://github.com/openstack/neutron-vpnaas/blob/stable/2024.1/neutron_vpnaas/services/vpn/device_drivers/ipsec.py#L1126C1-L1126C63

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2127166/+subscriptions