Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I got this working on my setup. I made following changes:

installed : openswan_2.6.37-1_amd64.deb

added following in "/etc/neutron/neutron.conf":

service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

created : /etc/neutron/rootwrap.d/vpnaas.filters

neutron-rootwrap command filters for nodes on which neutron is

expected to control network

#

This file should be owned by (and only-writeable by) the root user

format seems to be

cmd-name: filter-name, raw-command, user, args

[Filters]

ip: IpFilter, ip, root ip_exec: IpNetnsExecFilter, ip, root openswan: CommandFilter, ipsec, root

File /etc/neutron/vpn_agent.ini:

[DEFAULT]

VPN-Agent configuration file

Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also

interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver

[vpnagent]

vpn device drivers which vpn agent will use

If we want to use multiple drivers, we need to define this option multiple times.

vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver

vpn_device_driver=another_driver

[ipsec]

Status check interval

ipsec_status_check_interval=60

I got this working on my setup. I made following changes:

installed : openswan_2.6.37-1_amd64.deb

added following in "/etc/neutron/neutron.conf":

service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

created : /etc/neutron/rootwrap.d/vpnaas.filters

neutron-rootwrap command filters for nodes on which neutron is

expected to control network

#

This file should be owned by (and only-writeable by) the root user

format seems to be

cmd-name: filter-name, raw-command, user, args

[Filters]

ip: IpFilter, ip, root ip_exec: IpNetnsExecFilter, ip, root openswan: CommandFilter, ipsec, root

File /etc/neutron/vpn_agent.ini:

[DEFAULT]

VPN-Agent configuration file

Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also

interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver

[vpnagent]

vpn device drivers which vpn agent will use

If we want to use multiple drivers, we need to define this option multiple times.

vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver

vpn_device_driver=another_driver

[ipsec]

Status check interval

ipsec_status_check_interval=60

I got this working on my setup. I made following changes:

changes:

installed : openswan_2.6.37-1_amd64.deb

openswan_2.6.37-1_amd64.deb

added following in "/etc/neutron/neutron.conf":

"/etc/neutron/neutron.conf":

service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

created : /etc/neutron/rootwrap.d/vpnaas.filters

/etc/neutron/rootwrap.d/vpnaas.filters

# neutron-rootwrap command filters for nodes on which neutron is

is # expected to control network

#

network # # This file should be owned by (and only-writeable by) the root user

user

# format seems to be

be # cmd-name: filter-name, raw-command, user, args

args [Filters]

[Filters]

ip: IpFilter, ip, root ip_exec: IpNetnsExecFilter, ip, root openswan: CommandFilter, ipsec, root

root

File /etc/neutron/vpn_agent.ini:

/etc/neutron/vpn_agent.ini:

[DEFAULT]

[DEFAULT] # VPN-Agent configuration file

file # Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also

also interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver

interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver

[vpnagent]

vpn [vpnagent] #vpn device drivers which vpn agent will use

If use #If we want to use multiple drivers, we need to define this option multiple times.

times. vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver #vpn_device_driver=another_driver [ipsec] #Status check interval #ipsec_status_check_interval=60

vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver

vpn_device_driver=another_driver

[ipsec]

Status check interval

ipsec_status_check_interval=60