Ask Your Question
0

VPNaaS Liberty error while create IPsec site connections

asked 2015-11-14 04:11:03 -0500

adhi gravatar image

Hi all,

I've been following the docs http://docs.openstack.org/liberty/install-guide-ubuntu/ (http://docs.openstack.org/liberty/ins...) with ubuntu 14.04 to setup my openstack environment, and its work.

Then I want to activated the VPNaaS service with neutron, I installed the neutron-vpn-agent which is automatically included the strongswan for ipsec service.

for test I created internal VPN connection between tenant at same controller, so the public IP attached on the virtual router on the same subnet.

here is my neutron_vpnaas.conf 

[service_providers]
service_provider=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

vpn_agent.ini configuration

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
verbose = True
[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
[ipsec]
[strongswan]
[libreswan]

my neutron agent-list

# neutron agent-list
+--------------------------------------+--------------------+--------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host               | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+--------------------+-------+----------------+---------------------------+
| 37d80623-baa2-43d4-9eb9-d1ade178f82e | L3 agent           | libcon             | :-)   | True           | neutron-vpn-agent         |
| 73b7845b-b5fb-40a3-b9b2-16acf80da3b1 | DHCP agent         | libcon             | :-)   | True           | neutron-dhcp-agent        |
| 8298def8-20d0-4d3f-9b47-9df91eea6277 | Linux bridge agent | libcon             | :-)   | True           | neutron-linuxbridge-agent |
| a36c8e47-f6d2-45de-b417-c5258b444fd4 | Linux bridge agent | libcomp1 | :-)   | True           | neutron-linuxbridge-agent |
| b280c2d9-f191-4198-bbe0-7680d5a74675 | Metadata agent     | libcon             | :-)   | True           | neutron-metadata-agent    |
| c16fa2f9-4ae2-42af-97d5-1e3810a1e7d3 | Linux bridge agent | libcomp2 | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+--------------------+-------+----------------+---------------------------+

my neutron service-provider-list

# neutron service-provider-list
+--------------+----------+---------+
| service_type | name     | default |
+--------------+----------+---------+
| VPN          | openswan | True    |
+--------------+----------+---------+

it always says pending-create when created IPsec site connections 

# neutron ipsec-site-connection-list
+--------------------------------------+---------------+--------------+---------------+------------+-----------+----------------+
| id                                   | name          | peer_address | peer_cidrs    | route_mode | auth_mode | status         |
+--------------------------------------+---------------+--------------+---------------+------------+-----------+----------------+
| 1f7bda0b-1d24-4b41-983b-54c7bcbb6ba5 | test-to admin | 192.168.53.83  | "10.5.5.0/24" | static     | psk       | PENDING_CREATE |
| 60e5c035-7adc-4d65-9214-95b40fe1d342 | test-to-adhi  | 192.168.53.82  | "10.6.6.0/24" | static     | psk       | PENDING_CREATE |
+--------------------------------------+---------------+--------------+---------------+------------+-----------+----------------+

and the /var/log/neutron/vpn-agent.log said error :

Stderr: 2015-11-14 17:03:26.878 34019 INFO neutron.common.config [-] Logging enabled!
2015-11-14 17:03:26.879 34019 INFO neutron.common.config [-] /usr/bin/neutron-vpn-netns-wrapper version 7.0.0
2015-11-14 10:03:26.887 34019 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/cf2aaf11-4cc0-4dc0-9fdd-7f2fbc1d0a26/etc has been bind-mounted in /etc
2015-11-14 10:03:26.903 34019 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/cf2aaf11-4cc0-4dc0-9fdd-7f2fbc1d0a26/var/run has been bind-mounted in /var/run

2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router cf2aaf11-4cc0-4dc0-9fdd-7f2fbc1d0a26
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 260, in enable
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec     self.start()
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 156, in start
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec     self._execute([self.binary, 'up', ipsec_site_conn['id']])
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 97, in _execute
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec     extra_ok_codes=extra_ok_codes)
2015-11-14 17:03:26.949 33498 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7 ...
(more)
edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-11-16 03:02:33 -0500

adhi gravatar image

Solve by my self, uninstalling neutron-vpn-agent & strongswan, then installed the openswan first & neutron-vpn-agent again witout strongswan

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-11-14 04:11:03 -0500

Seen: 1,033 times

Last updated: Nov 16 '15

Related questions

VPNaaS for Fuel 8.0

VPNaas on Neutron

icehouse - not able to install vpnaas

Mirantis 9.1 Does VPNaaS still work?

Queens VPNaaS fails

clinet to openstack network vm

IPSec Site Connection between two openstack status is down

Is it possible to use a single Neutron service to manage networks across multiple compute cells?

How to set up neutron vpn service (VPNaaS)?

Does havana VPNaaS support site-to-multi site connections