VPNaaS Liberty error while create IPsec site connections
Hi all,
I've been following the docs http://docs.openstack.org/liberty/install-guide-ubuntu/ (http://docs.openstack.org/liberty/ins...) with ubuntu 14.04 to setup my openstack environment, and its work.
Then I want to activated the VPNaaS service with neutron, I installed the neutron-vpn-agent which is automatically included the strongswan for ipsec service.
for test I created internal VPN connection between tenant at same controller, so the public IP attached on the virtual router on the same subnet.
here is my neutron_vpnaas.conf
[service_providers]
service_provider=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
vpn_agent.ini configuration
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
verbose = True
[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
[ipsec]
[strongswan]
[libreswan]
my neutron agent-list
# neutron agent-list
+--------------------------------------+--------------------+--------------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+--------------------+-------+----------------+---------------------------+
| 37d80623-baa2-43d4-9eb9-d1ade178f82e | L3 agent | libcon | :-) | True | neutron-vpn-agent |
| 73b7845b-b5fb-40a3-b9b2-16acf80da3b1 | DHCP agent | libcon | :-) | True | neutron-dhcp-agent |
| 8298def8-20d0-4d3f-9b47-9df91eea6277 | Linux bridge agent | libcon | :-) | True | neutron-linuxbridge-agent |
| a36c8e47-f6d2-45de-b417-c5258b444fd4 | Linux bridge agent | libcomp1 | :-) | True | neutron-linuxbridge-agent |
| b280c2d9-f191-4198-bbe0-7680d5a74675 | Metadata agent | libcon | :-) | True | neutron-metadata-agent |
| c16fa2f9-4ae2-42af-97d5-1e3810a1e7d3 | Linux bridge agent | libcomp2 | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+--------------------+-------+----------------+---------------------------+
my neutron service-provider-list
# neutron service-provider-list
+--------------+----------+---------+
| service_type | name | default |
+--------------+----------+---------+
| VPN | openswan | True |
+--------------+----------+---------+
it always says pending-create when created IPsec site connections
# neutron ipsec-site-connection-list
+--------------------------------------+---------------+--------------+---------------+------------+-----------+----------------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+---------------+--------------+---------------+------------+-----------+----------------+
| 1f7bda0b-1d24-4b41-983b-54c7bcbb6ba5 | test-to admin | 192.168.53.83 | "10.5.5.0/24" | static | psk | PENDING_CREATE |
| 60e5c035-7adc-4d65-9214-95b40fe1d342 | test-to-adhi | 192.168.53.82 | "10.6.6.0/24" | static | psk | PENDING_CREATE |
+--------------------------------------+---------------+--------------+---------------+------------+-----------+----------------+
and the /var/log/neutron/vpn-agent.log said error :
Stderr: 2015-11-14 17:03:26.878 34019 INFO neutron.common.config [-] Logging enabled!
2015-11-14 17:03:26.879 34019 INFO neutron.common.config [-] /usr/bin/neutron-vpn-netns-wrapper version 7.0.0
2015-11-14 10:03:26.887 34019 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/cf2aaf11-4cc0-4dc0-9fdd-7f2fbc1d0a26/etc has been bind-mounted in /etc
2015-11-14 10:03:26.903 34019 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/cf2aaf11-4cc0-4dc0-9fdd-7f2fbc1d0a26/var/run has been bind-mounted in /var/run
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router cf2aaf11-4cc0-4dc0-9fdd-7f2fbc1d0a26
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 260, in enable
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec self.start()
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 156, in start
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec self._execute([self.binary, 'up', ipsec_site_conn['id']])
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 97, in _execute
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec extra_ok_codes=extra_ok_codes)
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec File "/usr/lib/python2.7 ...