VPN Site connection reset state

asked 2016-10-24 04:44:26 -0500

Depa77 gravatar image

I'm having issues with the VPNaaS neutron module in OpenStack Liberty, with libreswan version 3.15 running on CentOS 7.

I can successfully establish a VPN connection without errors (except for some "Duplicate iptables rule detected."), but if I edit the VPN Site Connection and set the admin state to DOWN, i get this error in the vpn-agent.log file:

ERROR neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec [req-19215f72-0b83-47f0-b533-d94ad42a927d 165a2d660a1b46be8a04bbfba108713b a65d85767b5148c0a641772d3190ee54 - - -] Unable to check control files on startup for router cb7a8536-60ab-4bff-b96e-696f6327fc9e: [Errno 2] No such file or directory: '/proc/129996/cmdline'

The PID 129996 was contained in the /var/lib/neutron/ipsec/<routerid>/var/run/pluto.pid, and the pluto process was actually running with that PID before the Admin state was changed.

Now the pluto process has changed PID. The process three of pluto is this:

# ps auxfww
root      530516  0.0  0.0 2401032 5660 ?        Ssl  10:48   0:00 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/cb7a8536-60ab-4bff-b96e-696f6327fc9e/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/cb7a8536-60ab-4bff-b96e-696f6327fc9e/etc --use-netkey --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/cb7a8536-60ab-4bff-b96e-696f6327fc9e/etc/ipsec.secrets --virtual_private %v4:10.0.0.0/24,%v4:192.168.0.0/24,%v4:192.168.1.0/24 --perpeerlogbase /var/lib/neutron/ipsec/cb7a8536-60ab-4bff-b96e-696f6327fc9e/logs
root      530576  0.0  0.0  31176   880 ?        S    10:48   0:00  \_ _pluto_adns
root      530577  0.0  0.0      0     0 ?        Z    10:48   0:00  \_ [addconn] <defunct>

If now I set the Site connection Admin state UP, I get this error message (after a brunch of "Duplicate iptables rule detected.")

ERROR neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec [req-31c612d8-7302-4300-8774-7ec19b2acd85 165a2d660a1b46be8a04bbfba108713b a65d85767b5148c0a641772d3190ee54 - - -] Process 530516 exists with command line /usr/libexec/ipsec/pluto--ctlbase/var/lib/neutron/ipsec/cb7a8536-60ab-4bff-b96e-696f6327fc9e/var/run/pluto--ipsecdir/var/lib/neutron/ipsec/cb7a8536-60ab-4bff-b96e-696f6327fc9e/etc--use-netkey--uniqueids--nat_traversal--secretsfile/var/lib/neutron/ipsec/cb7a8536-60ab-4bff-b96e-696f6327fc9e/etc/ipsec.secrets--virtual_private%v4:10.0.0.0/24,%v4:192.168.0.0/24,%v4:192.168.1.0/24--perpeerlogbase/var/lib/neutron/ipsec/cb7a8536-60ab-4bff-b96e-696f6327fc9e/logs.

What can I do to solve this?

Thanks in advance

edit retag flag offensive close merge delete