Hi all,

I've been following the docs http://docs.openstack.org/liberty/install-guide-ubuntu/ (http://docs.openstack.org/liberty/ins...) with ubuntu 14.04 to setup my openstack environment, and its work.

Then I want to activated the VPNaaS service with neutron, I installed the neutron-vpn-agent which is automatically included the strongswan for ipsec service.

for test I created internal VPN connection between tenant at same controller, so the public IP attached on the virtual router on the same subnet.

here is my neutron_vpnaas.conf

[service_providers]
service_provider=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

vpn_agent.ini configuration

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
verbose = True
[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
[ipsec]
[strongswan]
[libreswan]

my neutron agent-list

# neutron agent-list
+--------------------------------------+--------------------+--------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host               | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+--------------------+-------+----------------+---------------------------+
| 37d80623-baa2-43d4-9eb9-d1ade178f82e | L3 agent           | libcon             | :-)   | True           | neutron-vpn-agent         |
| 73b7845b-b5fb-40a3-b9b2-16acf80da3b1 | DHCP agent         | libcon             | :-)   | True           | neutron-dhcp-agent        |
| 8298def8-20d0-4d3f-9b47-9df91eea6277 | Linux bridge agent | libcon             | :-)   | True           | neutron-linuxbridge-agent |
| a36c8e47-f6d2-45de-b417-c5258b444fd4 | Linux bridge agent | libcomp1 | :-)   | True           | neutron-linuxbridge-agent |
| b280c2d9-f191-4198-bbe0-7680d5a74675 | Metadata agent     | libcon             | :-)   | True           | neutron-metadata-agent    |
| c16fa2f9-4ae2-42af-97d5-1e3810a1e7d3 | Linux bridge agent | libcomp2 | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+--------------------+-------+----------------+---------------------------+

my neutron service-provider-list

# neutron service-provider-list
+--------------+----------+---------+
| service_type | name     | default |
+--------------+----------+---------+
| VPN          | openswan | True    |
+--------------+----------+---------+

it always says pending-create when created IPsec site connections

# neutron ipsec-site-connection-list
+--------------------------------------+---------------+--------------+---------------+------------+-----------+----------------+
| id                                   | name          | peer_address | peer_cidrs    | route_mode | auth_mode | status         |
+--------------------------------------+---------------+--------------+---------------+------------+-----------+----------------+
| 1f7bda0b-1d24-4b41-983b-54c7bcbb6ba5 | test-to admin | 192.168.53.83  | "10.5.5.0/24" | static     | psk       | PENDING_CREATE |
| 60e5c035-7adc-4d65-9214-95b40fe1d342 | test-to-adhi  | 192.168.53.82  | "10.6.6.0/24" | static     | psk       | PENDING_CREATE |
+--------------------------------------+---------------+--------------+---------------+------------+-----------+----------------+

and the /var/log/neutron/vpn-agent.log said error :

Stderr: 2015-11-14 17:03:26.878 34019 INFO neutron.common.config [-] Logging enabled!
2015-11-14 17:03:26.879 34019 INFO neutron.common.config [-] /usr/bin/neutron-vpn-netns-wrapper version 7.0.0
2015-11-14 10:03:26.887 34019 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/cf2aaf11-4cc0-4dc0-9fdd-7f2fbc1d0a26/etc has been bind-mounted in /etc
2015-11-14 10:03:26.903 34019 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/cf2aaf11-4cc0-4dc0-9fdd-7f2fbc1d0a26/var/run has been bind-mounted in /var/run

2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router cf2aaf11-4cc0-4dc0-9fdd-7f2fbc1d0a26
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 260, in enable
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec     self.start()
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 156, in start
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec     self._execute([self.binary, 'up', ipsec_site_conn['id']])
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 97, in _execute
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec     extra_ok_codes=extra_ok_codes)
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7 ...