<div dir="ltr">Hi Germy<div><br></div><div>We cannot ping the public interface of the 2nd devstack setup (devstack West). From our Cirros instance (First devstack -- devstack east), we can ping our own public ip, but cannot ping the other public ip. I think problem lies here, if we are reaching the devstack west, how can we make a VPN connection</div><div><br></div><div>Our topology looks like:</div><div><br></div><div><b>CirrOS --->Qrouter---->Public IP -------publicIP---->Qrouter----->CirrOS</b></div><div>_________________________ _____________________________</div><div> devstack EAST devstack WEST</div><div><br></div><div><br></div><div>Also it is important to note that we are not able to ssh the instance private ip, without <b>sudo ip netns qrouter id </b>so this means we cannot even ssh with floating ip.</div><div><b><br></b></div><div><b><br></b></div><div>it seems there is a problem in firewall or iptables. </div><div><b><br></b></div><div>Please guide</div><div><b><br></b></div><div><br><br>On Sunday, September 28, 2014, Germy Lure <<a href="mailto:germy.lure@gmail.com" target="_blank">germy.lure@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>masoom:</div><div>I think firstly you can just check that if you could ping from left to right without installing VPN connection.</div><div>If it worked, then you should cat the system logs to confirm the configure's OK.</div><div>You can ping and tcpdump to dialog where packets are blocked.</div><div><br></div><div>stackers:</div><div>I think we should give mechanism to show the cause when vpn-connection is down. At least, we could extend an attribute to explain this. Maybe the VPN-incubator project is a chance?</div><div><br></div><div>BR,</div><div>Germy</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Sep 27, 2014 at 7:04 PM, masoom alam <span dir="ltr"><<a>masoom.alam@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Every one, <div><br></div><div>I am trying to establish the VPN connection by giving the <span style="color:rgb(51,51,51);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:13px;line-height:20px;white-space:pre-wrap;background-color:rgb(245,245,245)">neutron ipsec-site-connection-create.</span></div><div><br></div><div><pre style="padding:9.5px;font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:13px;color:rgb(51,51,51);border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:4px;margin-top:0px;margin-bottom:10px;line-height:20px;word-break:break-all;word-wrap:break-word;white-space:pre-wrap;border:1px solid rgba(0,0,0,0.14902);background-color:rgb(245,245,245)">neutron ipsec-site-connection-create --name vpnconnection1 --vpnservice-id myvpn --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address 172.24.4.233 --peer-id 172.24.4.233 --peer-cidr <a href="http://10.2.0.0/24" target="_blank">10.2.0.0/24</a> --psk secret</pre></div><div><br></div><div>For the --peer-address I am giving the public interface of the other devstack node. Please note that my two devstack nodes are on different public addresses, so scenario is a little different than the one described here: <a href="https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall" target="_blank">https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall</a></div><div><br></div><div>The --peer-id is the ip address of the Qrouter connected to the public interface. With this configuration, I am not able to up the VPN site to site connection. Do you think its a firewall issue, I have disabled both firewalls with sudo ufw disable. Any help in this regard. Am I giving the correct parameters?</div><div><br></div><div>Thanks</div><div><br></div><div><br></div><div><br></div><div><br></div></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a>OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>
</blockquote></div>
</div>