IPSec Site Connection between two openstack status is down

asked 2017-01-16 10:01:19 -0500

davidklc gravatar image

Openstack 1

ip route list

default via 192.168.2.254 dev ens3 onlink

10.50.10.0/24 via 192.168.7.8 dev br-ex

10.50.20.0/24 via 192.168.7.11 dev br-ex

192.168.2.0/24 dev ens3 proto kernel scope link src 192.168.2.15

192.168.7.0/24 dev br-ex proto kernel scope link src 192.168.7.1

192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0 ens3

10.50.10.0 192.168.7.8 255.255.255.0 UG 0 0 0 br-ex

10.50.20.0 192.168.7.11 255.255.255.0 UG 0 0 0 br-ex

192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3

192.168.7.0 0.0.0.0 255.255.255.0 U 0 0 0 br-ex

192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

ip netns exec qrouter-05053477-d17b-4891-95ca-c9158efb4a20 neutron-vpn-netns-wrapper --mount_paths=/etc:/opt/stack/data/neutron/ipsec/05053477-d17b-4891-95ca-c9158efb4a20/etc,/var/run:/opt/stack/data/neutron/ipsec/05053477-d17b-4891-95ca-c9158efb4a20/var/run --cmd=ipsec,statusall

==>

Listening IP addresses:

192.168.7.11

2001:db8::8

10.50.20.1

Connections:

63c378d2-b7a4-4707-9228-a9d629d800f2: 192.168.7.11...192.168.7.1 IKEv1, dpddelay=30s

63c378d2-b7a4-4707-9228-a9d629d800f2: local: [192.168.7.11] uses pre-shared key authentication

63c378d2-b7a4-4707-9228-a9d629d800f2: remote: [192.168.7.1] uses pre-shared key authentication

63c378d2-b7a4-4707-9228-a9d629d800f2: child: 10.50.20.0/24 === 10.60.20.0/24 TUNNEL, dpdaction=hold

Routed Connections:

63c378d2-b7a4-4707-9228-a9d629d800f2{1}: ROUTED, TUNNEL, reqid 1

63c378d2-b7a4-4707-9228-a9d629d800f2{1}: 10.50.20.0/24 === 10.60.20.0/24

Security Associations (0 up, 0 connecting):

none

============================================================================================

Openstack 2

ip route list

default via 192.168.2.254 dev ens3 onlink

10.60.10.0/24 via 192.168.6.7 dev br-ex

10.60.20.0/24 via 192.168.6.8 dev br-ex

192.168.2.0/24 dev ens3 proto kernel scope link src 192.168.2.16

192.168.6.0/24 dev br-ex proto kernel scope link src 192.168.6.1

192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0 ens3

10.60.10.0 192.168.6.7 255.255.255.0 UG 0 0 0 br-ex

10.60.20.0 192.168.6.8 255.255.255.0 UG 0 0 0 br-ex

192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3

192.168.6.0 0.0.0.0 255.255.255.0 ... (more)
edit retag flag offensive close merge delete