Ask Your Question
0

Neutron Vpnaas

asked 2013-11-04 13:58:25 -0500

colo90 gravatar image

Hi all! i'm trying to configure a VPN in Neutron. I'm using Ubuntu 12.04 and Cloud Archive Package. I configured the VPN following this link :

https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall (https://wiki.openstack.org/wiki/Neutr...)

root@:~# neutron vpn-service-list +--------------------------------------+-------+--------------------------------------+--------+ | id | name | router_id | status | +--------------------------------------+-------+--------------------------------------+--------+ | b47bdcbe-5339-41ac-b53b-329872586377 | MyVPN | 676e62ec-c58a-4d58-84e3-6a5c6a2aa732 | DOWN | +--------------------------------------+-------+--------------------------------------+--------+

VPN stay down and in the log, i can find this trace.

2013-11-04 13:07:41.720 8115 TRACE neutron.services.vpn.device_drivers.ipsec 2013-11-04 13:07:41.887 8115 WARNING neutron.openstack.common.loopingcall [-] task run outlasted interval by 1.875024 sec 2013-11-04 13:10:13.830 10188 ERROR neutron.common.legacy [-] Skipping unknown group key: firewall_driver 2013-11-04 13:10:19.347 10188 ERROR neutron.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 676e62ec-c58a-4d58-84e3-6a5c6a2aa732 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Traceback (most recent call last): 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 241, in enable 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec self.start() 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 382, in start 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec '--virtual_private', virtual_private 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/services/vpn/device_drivers/ipsec.py", line 311, in _execute 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code) 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 458, in execute 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec check_exit_code=check_exit_code) 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 62, in execute 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec raise RuntimeError(m) 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec RuntimeError: 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-676e62ec-c58a-4d58-84e3-6a5c6a2aa732', 'ipsec', 'pluto', '--ctlbase', '/var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/var/run/pluto', '--ipsecdir', '/var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/etc', '--use-netkey', '--uniqueids', '--nat_traversal', '--secretsfile', '/var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/etc/ipsec.secrets', '--virtual_private', '%v4:192.168.1.0/24,%v4:10.0.0.0/24'] 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 99 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: '' 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: '/usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-676e62ec-c58a-4d58-84e3-6a5c6a2aa732 ipsec pluto --ctlbase /var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/var/run/pluto --ipsecdir ... (more)

edit retag flag offensive close merge delete

4 answers

Sort by ยป oldest newest most voted
0

answered 2013-11-12 03:08:09 -0500

gongysh gravatar image

it seems file vpnaas.filters is not under /etc/neutron/rootwrap.d/

edit flag offensive delete link more
0

answered 2013-11-13 06:04:24 -0500

2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Exit code: 99 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Stdout: '' 2013-11-04 13:10:19.347 10188 TRACE neutron.services.vpn.device_drivers.ipsec Stderr: '/usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-676e62ec-c58a-4d58-84e3-6a5c6a2aa732 ipsec pluto --ctlbase /var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/etc --use-netkey --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/676e62ec-c58a-4d58-84e3-6a5c6a2aa732/etc/ipsec.secrets --virtual_private %v4:192.168.1.0/24,%v4:10.0.0.0/24 (no filter matched)\n'

The command to start ipsec pluto failed for unauthorized command. Were the operations all with root?

edit flag offensive delete link more
0

answered 2013-11-15 17:51:17 -0500

colo90 gravatar image

Thanks yong sheng gong, that solved my question.

edit flag offensive delete link more
0

answered 2013-11-15 17:54:17 -0500

colo90 gravatar image

Hi Guys, sorry for delay. I've check and i don't have the file vpnaas.filters It's so funny. I'm coming from oldest version of Havana. I've create the file and now all works

Thanks!

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-11-04 13:58:25 -0500

Seen: 530 times

Last updated: Nov 15 '13