VPNaas on Neutron

asked 2016-05-04 02:52:04 -0500

Depa77 gravatar image

Hi, I'm having problems configuring VPNaaS on Neutron on OpenStack Liberty since I couldn't find any docs.

First of all, which service_plugin do I have to add on neutron.conf? On different forums I've found:

  • neutron_vpnaas.services.vpn.plugin:VPNDriverPlugin

  • neutron.services.vpn.plugin.VPNDriverPlugin [I'm currently testing with this]

  • vpnaas

Which do I have to use?

In the file neutron_vpnaas.conf, which service_provide do I have to use? I'm currently using VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default, but I'm not sure if it's the correct one.

In the file vpn_agent.ini, I'm using neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver as vpn_device_driver since I've installed the package libreswan-3.15-5.el7_1.x86_64. Is it correct?

My /usr/share/neutron/rootwrap/vpnaas.filters file looks like this:

[Filters]
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root
ipsec: CommandFilter, ipsec, root
strongswan: CommandFilter, strongswan, root
neutron_netns_wrapper: CommandFilter, neutron-vpn-netns-wrapper, root
neutron_netns_wrapper_local: CommandFilter, /usr/local/bin/neutron-vpn-netns-wrapper, root
chown: RegExpFilter, chown, root, chown, --from=.*, root.root, .*/ipsec.secrets
openswan: CommandFilter, ipsec, root
libreswan: CommandFilter, ipsec, root

I'm using the legacy network model and on the network node I've started the neutron-vpn-agent service.

I don't have any error creating the VPNs but none works.

Thanks in advance

edit retag flag offensive close merge delete