Ask Your Question
0

Neutron Vpnaas

asked 2013-11-04 13:58:25 -0500

colo90 gravatar image

Hi all! i'm trying to configure a VPN in Neutron. I'm using Ubuntu 12.04 and Cloud Archive Package. I configured the VPN following this link :

https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall (https://wiki.openstack.org/wiki/Neutr...)

root@:~# neutron vpn-service-list +--------------------------------------+-------+--------------------------------------+--------+ | id | name | router_id | status | +--------------------------------------+-------+--------------------------------------+--------+ | b47bdcbe-5339-41ac-b53b-329872586377 | MyVPN | 676e62ec-c58a-4d58-84e3-6a5c6a2aa732 | DOWN | +--------------------------------------+-------+--------------------------------------+--------+

VPN stay down and in the log, i can find this trace.

2013-11-04 13:07:41.720 8115 TRACE neutron.services.vpn.device_drivers.ipsec 2013-11-04 13:07:41.887 8115 WARNING neutron.openstack.common.loopingcall [-] task run outlasted interval by 1.875024 sec 2013-11-04 13:10:13.830 10188 ERROR neutron.common.legacy [-] Skipping unknown group key: firewall_driver 2013-11-04 13:10:19.347 10188 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 676e62ec-c58a-4d58-84e3-6a5c6a2aa732 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last): 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 241, in enable 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec self.start() 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 382, in start 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec '--virtual_private', virtual_private 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 311, in _execute 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code) 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 458, in execute 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code) 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 62, in execute 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec raise RuntimeError(m) 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError: 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-676e62ec-c58a-4d58-84e3-6a5c6a2aa732', 'ipsec', 'pluto', '--ctlbase', '/var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/var/run/pluto', '--ipsecdir', '/var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/etc', '--use-netkey', '--uniqueids', '--nat_traversal', '--secretsfile', '/var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/etc/ipsec.secrets', '--virtual_private', '%v4:192.168.1.0/24,%v4:10.0.0.0/24'] 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 99 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: '' 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: '/usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-676e62ec-c58a-4d58-84e3-6a5c6a2aa732 ipsec pluto --ctlbase /var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/var/run/pluto --ipsecdir ... (more)

edit retag flag offensive close merge delete
add a comment

4 answers

Sort by ยป oldest newest most voted
0

answered 2013-11-15 17:54:17 -0500

colo90 gravatar image

Hi Guys, sorry for delay. I've check and i don't have the file vpnaas.filters It's so funny. I'm coming from oldest version of Havana. I've create the file and now all works

Thanks!

edit flag offensive delete link more
add a comment
0

answered 2013-11-15 17:51:17 -0500

colo90 gravatar image

Thanks yong sheng gong, that solved my question.

edit flag offensive delete link more
add a comment
0

answered 2013-11-13 06:04:24 -0500

jianyong-jychen gravatar image

2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 99 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: '' 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: '/usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-676e62ec-c58a-4d58-84e3-6a5c6a2aa732 ipsec pluto --ctlbase /var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/etc --use-netkey --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/etc/ipsec.secrets --virtual_private %v4:192.168.1.0/24,%v4:10.0.0.0/24 (no filter matched)\n'

The command to start ipsec pluto failed for unauthorized command. Were the operations all with root?

edit flag offensive delete link more
add a comment
0

answered 2013-11-12 03:08:09 -0500

gongysh gravatar image

it seems file vpnaas.filters is not under /etc/neutron/rootwrap.d/

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2013-11-04 13:58:25 -0500

Seen: 489 times

Last updated: Nov 15 '13

Related questions

Quantum setup broken after reboot

cinder list/ cinder create Error

ring creation

Installing Openstack

Rsyslog for stats collection.

Vlan not forward arp to vm

install keystone for swift

Mystery subnet

multiple project management

Recomended eventlet version