Ask Your Question
0

VPNaaS pluto

asked 2015-06-01 03:18:24 -0600

agti gravatar image

updated 2015-06-01 04:06:23 -0600

Hi, I'm receiving this error in vpn-agent.log

Stderr: 'whack: Pluto is not running (no "/var/lib/neutron/ipsec/2f9f03b1-cb18-41ce-8153-2c9719aaf7d6/var/run/pluto.ctl")\n'

I installed juno RDO on centos7 with VPNaaS (using this guide).

Any help will be appreciated. Thanks in advance.

edit retag flag offensive close merge delete

3 answers

Sort by » oldest newest most voted
1

answered 2015-06-19 02:47:29 -0600

ihar-hrachyshka gravatar image

updated 2015-06-22 09:19:02 -0600

rbowen gravatar image

I think you hit a bug that is fixed by https://review.openstack.org/#/c/185519/ in Kilo. Note that it was not yet released in any stable releases. Note that the fix introduces a new driver for Libreswan that you should use: "neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver" So reconfiguration of your service is needed.

edit flag offensive delete link more
0

answered 2016-02-03 16:18:15 -0600

Hi all,

I applied mentioned fixed and I use LibreSwan. Everything is installed on one CentOS7 node and it is still not working:

Stderr: chown: changing ownership of ‘/var/lib/neutron/ipsec/3890290f-3101-4965-a5e0-c4762b93ccf1/etc/ipsec.secrets’: Operation not permitted

2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 3890290f-3101-4965-a5e0-c4762b93ccf1 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last): 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 256, in enable 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec self.ensure_configs() 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py", line 79, in ensure_configs 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec secrets_file]) 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 341, in _execute 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec extra_ok_codes=extra_ok_codes) 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 852, in execute 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec log_fail_as_error=log_fail_as_error, **kwargs) 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 159, in execute 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec raise RuntimeError(m) 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec RuntimeError: 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-3890290f-3101-4965-a5e0-c4762b93ccf1', 'chown', '--from=990', 'root:root', '/var/lib/neutron/ipsec/3890290f-3101-4965-a5e0-c4762b93ccf1/etc/ipsec.secrets'] 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Exit code: 1 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Stdin: 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Stdout: 2016-02-03 22:37:15.373 34057 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Stderr: chown: changing ownership of ‘/var/lib/neutron/ipsec/3890290f-3101-4965-a5e0-c4762b93ccf1/etc/ipsec.secrets’: Operation not permitted

Cna you help me ?

edit flag offensive delete link more

Comments

SELinux is currently blocking creation of vpnaas. For more info see https://bugzilla.redhat.com/show_bug.cgi?id=1352710 (https://bugzilla.redhat.com/show_bug....)

As a temporary workaround you can use:

$ semanage permissive -a neutron_t

peter

peter gravatar imagepeter ( 2016-07-04 15:41:21 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-06-01 03:18:24 -0600

Seen: 942 times

Last updated: Jun 22 '15