Ask Your Question
2

how to setup vpnaas on kilo

asked 2015-08-21 03:36:35 -0500

Matthijs gravatar image

updated 2015-08-21 09:50:47 -0500

smaffulli gravatar image

I followed the manual to install kilo: http://docs.openstack.org/kilo/instal...

This is all working fine, thanks for the good documentation. I am able to start a VM through openstack.

Now I am trying to add the vpnaas to the OpenStack implementation and this is where I am getting stuck.

On the network node I installed the 'neutron-vpn-agent'. I than edited the following files: /etc/neutron/vpn_agent.ini:

[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
router_delete_namespaces = True

[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver

/etc/neutron/neutron.conf: Added vpnaas to the service_plugins

After that I restarted the neutron-vpn-agent and verified that there are no errors in the logfile at (/var/log/neutron/neutron-vpn-agent.log)

Then on the controller node I tried: neutron vpn-service-list

But that failed with: 404 Resource not found.

I obviously am missing something but I cannot find out what. Also the documentation on installing vpnaas is not available, searching with google didn't give me a suitable answer either...

So how do I need to proceed, what am I missing?

edit retag flag offensive close merge delete

Comments

Any reason for having external_network_bridge undeclared?

Do you have any ext_br?

lukehinds gravatar imagelukehinds ( 2015-08-21 15:20:41 -0500 )edit

According to the documentation at (To configure the Layer-3 (L3) agent): http://docs.openstack.org/kilo/instal...

The external_network_bridge option intentionally lacks a value to enable multiple external networks on a single agent.

Matthijs gravatar imageMatthijs ( 2015-08-24 04:35:27 -0500 )edit

And yes I do have an external br, created also according the documentation.

Matthijs gravatar imageMatthijs ( 2015-08-24 04:45:34 -0500 )edit

How did You install 'neutron-vpn-agent' on network node ? I have three node architecture running on Ubuntu 14.0.4 and if I try to install 'neutron-vpn-agent' by package manager I receive notice "neutron-vpn-agent : Conflicts: neutron-l3-agent but 1:2015.1.1-0ubuntu2~cloud2 is installed".

Roman gravatar imageRoman ( 2015-09-24 01:24:19 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-08-27 08:33:15 -0500

Matthijs gravatar image

updated 2015-08-27 08:35:18 -0500

After searching I found out what I was doing wrong.

First of all there was not a neutron_vpnaas.conf file. After I created it with the following contents:

[service_providers]
service_provider=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

I edited this file on the controller node. The network node itself was configured correctly and I could see the vpn agent running and responding.

The interface started working and I can create ikepolicies, ipsecpolicies and vpn services.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2015-08-21 03:36:35 -0500

Seen: 1,675 times

Last updated: Aug 27 '15