<div dir="ltr">Hi All,<div><br></div><div>I am using <a href="https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall">https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall</a> to install VPNaaS with single devstack and two routers.</div><div><br></div><div><br></div><div><div><font face="garamond, serif">stack@whiskey:/opt/stack$ neutron router-list</font></div><div><font face="garamond, serif">+--------------------------------------+------+---------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+</font></div><div><font face="garamond, serif">| id                                   | name | external_gateway_info                                                                                                                 | distributed | ha    |</font></div><div><font face="garamond, serif">+--------------------------------------+------+---------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+</font></div><div><font face="garamond, serif">| 6e730589-113e-4105-af61-3945bc5c9413 | r1   | {"network_id": "dfcb5c47-712c-4c6e-b98e-53ea9688d7d5", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "fcb87cfa-734b-      | False       | False |</font></div><div><font face="garamond, serif">|                                      |      | 47d0-83b2-523ecbd2fa5c", "ip_address": "5.5.5.3"}]}                                                                                   |             |       |</font></div><div><font face="garamond, serif">| eaeae30a-e281-42a7-9c38-1f678ec1ccbf | r2   | {"network_id": "dfcb5c47-712c-4c6e-b98e-53ea9688d7d5", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "fcb87cfa-734b-      | False       | False |</font></div><div><font face="garamond, serif">|                                      |      | 47d0-83b2-523ecbd2fa5c", "ip_address": "5.5.5.4"}]}                                                                                   |             |       |</font></div><div><font face="garamond, serif">+--------------------------------------+------+---------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+</font></div></div><div><font face="garamond, serif"><br></font></div><div><div>stack@whiskey:/opt/stack$ neutron vpn-service-list</div><div>+--------------------------------------+--------+--------------------------------------+--------+</div><div>| id                                   | name   | router_id                            | status |</div><div>+--------------------------------------+--------+--------------------------------------+--------+</div><div>| 59adbee1-7cc7-415e-8273-d4c2491ab878 | myvpn  | 6e730589-113e-4105-af61-3945bc5c9413 | ACTIVE |</div><div>| c453caf5-839a-4687-b44a-148014671fce | myvpn2 | eaeae30a-e281-42a7-9c38-1f678ec1ccbf | ACTIVE |</div><div>+--------------------------------------+--------+--------------------------------------+--------+</div></div><div><br></div><div><br></div><div><br></div><div><div>(neutron) stack@whiskey:/opt/stack$ neutron ipsec-site-connection-list</div><div>+--------------------------------------+----------------+--------------+-----------+--------+</div><div>| id                                   | name           | peer_address | auth_mode | status |</div><div>+--------------------------------------+----------------+--------------+-----------+--------+</div><div>| 0f5db508-5248-48e4-a76e-f4ef17d8f975 | vpnconnection1 | 5.5.5.4      | psk       | ACTIVE |</div><div>| 5db83673-4e3c-41ef-8697-dd6a33e57576 | vpnconnection2 | 5.5.5.3      | psk       | ACTIVE |</div><div>+--------------------------------------+----------------+--------------+-----------+--------+</div><div>stack@whiskey:/opt/stack$ </div></div><div><br></div><div><div>stack@whiskey:/opt/stack$ nova list</div><div>+--------------------------------------+------+--------+------------+-------------+------------+</div><div>| ID                                   | Name | Status | Task State | Power State | Networks   |</div><div>+--------------------------------------+------+--------+------------+-------------+------------+</div><div>| c390da65-9a5c-40d3-aa55-6627f66afabb | vm1  | ACTIVE | -          | Running     | n1=1.1.1.3 |</div><div>| 2186a7dd-b5c9-464e-bc10-bd8a92890509 | vm2  | ACTIVE | -          | Running     | n2=2.2.2.3 |</div><div>+--------------------------------------+------+--------+------------+-------------+------------+</div></div><div><br></div><div><br></div><div>From the above three commands, I could get the topology mentioned in the install guide to work perfectly and could ping the vm's on the two routers from each other.</div><div><br></div><div><br></div><div>Now, I added 2 more subnets to each router on either side and spun 2 vms's (vm3 and vm4) on subnets s3 and s4 attached to routers r1 and r2 respectively.</div><div><br></div><div><br></div><div>Now create a vpn service myvpn3 with r1 and s3 & myvpn4  with r2 and s4.</div><div><br></div><div><div>stack@whiskey:/opt/stack$ neutron vpn-service-list</div><div>+--------------------------------------+--------+--------------------------------------+----------------+</div><div>| id                                   | name   | router_id                            | status         |</div><div>+--------------------------------------+--------+--------------------------------------+----------------+</div><div>| 05bdaa03-374d-4df6-af67-96ad209b8126 | myvpn4 | eaeae30a-e281-42a7-9c38-1f678ec1ccbf | PENDING_CREATE |</div><div>| 4fd6fc1f-9f5e-4980-a28c-520a1c3a8e8a | myvpn3 | 6e730589-113e-4105-af61-3945bc5c9413 | PENDING_CREATE |</div><div>| 59adbee1-7cc7-415e-8273-d4c2491ab878 | myvpn  | 6e730589-113e-4105-af61-3945bc5c9413 | ACTIVE         |</div><div>| c453caf5-839a-4687-b44a-148014671fce | myvpn2 | eaeae30a-e281-42a7-9c38-1f678ec1ccbf | ACTIVE         |</div><div>+--------------------------------------+--------+--------------------------------------+----------------+</div></div><div><br></div><div><br></div><div>Now create a ipsec-site-conneciton.</div><div><br></div><div><div>stack@whiskey:/opt/stack$ neutron ipsec-site-connection-create --name vpnconnection3 --vpnservice-id myvpn3 --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address 5.5.5.4 --peer-id 5.5.5.4 --peer-cidr <a href="http://4.4.4.0/24">4.4.4.0/24</a> --psk secret1</div><div>Created a new ipsec_site_connection:</div><div>+-------------------+----------------------------------------------------+</div><div>| Field             | Value                                              |</div><div>+-------------------+----------------------------------------------------+</div><div>| admin_state_up    | True                                               |</div><div>| auth_mode         | psk                                                |</div><div>| description       |                                                    |</div><div>| dpd               | {"action": "hold", "interval": 30, "timeout": 120} |</div><div>| id                | ceffea34-7e94-456a-8772-dea600767523               |</div><div>| ikepolicy_id      | 0feed5fa-a57e-4c6d-87ee-50a589eeb83c               |</div><div>| initiator         | bi-directional                                     |</div><div>| ipsecpolicy_id    | ad2f3990-550a-4728-8f96-79d44d0ac673               |</div><div>| local_ep_group_id |                                                    |</div><div>| mtu               | 1500                                               |</div><div>| name              | vpnconnection3                                     |</div><div>| peer_address      | 5.5.5.4                                            |</div><div>| peer_cidrs        | <a href="http://4.4.4.0/24">4.4.4.0/24</a>                                         |</div><div>| peer_ep_group_id  |                                                    |</div><div>| peer_id           | 5.5.5.4                                            |</div><div>| psk               | secret1                                            |</div><div>| route_mode        | static                                             |</div><div>| status            | PENDING_CREATE                                     |</div><div>| tenant_id         | 003f8501be134da18af721685def9ec5                   |</div><div>| vpnservice_id     | 4fd6fc1f-9f5e-4980-a28c-520a1c3a8e8a               |</div><div>+-------------------+----------------------------------------------------+</div></div><div><br></div><div><div>stack@whiskey:/opt/stack$ neutron ipsec-site-connection-create --name vpnconnection4 --vpnservice-id myvpn4 --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address 5.5.5.3 --peer-id 5.5.5.3 --peer-cidr <a href="http://3.3.3.0/24">3.3.3.0/24</a> --psk secret1</div><div>Created a new ipsec_site_connection:</div><div>+-------------------+----------------------------------------------------+</div><div>| Field             | Value                                              |</div><div>+-------------------+----------------------------------------------------+</div><div>| admin_state_up    | True                                               |</div><div>| auth_mode         | psk                                                |</div><div>| description       |                                                    |</div><div>| dpd               | {"action": "hold", "interval": 30, "timeout": 120} |</div><div>| id                | d583f657-981d-4fe0-aeba-205cf9cbd27a               |</div><div>| ikepolicy_id      | 0feed5fa-a57e-4c6d-87ee-50a589eeb83c               |</div><div>| initiator         | bi-directional                                     |</div><div>| ipsecpolicy_id    | ad2f3990-550a-4728-8f96-79d44d0ac673               |</div><div>| local_ep_group_id |                                                    |</div><div>| mtu               | 1500                                               |</div><div>| name              | vpnconnection4                                     |</div><div>| peer_address      | 5.5.5.3                                            |</div><div>| peer_cidrs        | <a href="http://3.3.3.0/24">3.3.3.0/24</a>                                         |</div><div>| peer_ep_group_id  |                                                    |</div><div>| peer_id           | 5.5.5.3                                            |</div><div>| psk               | secret1                                            |</div><div>| route_mode        | static                                             |</div><div>| status            | PENDING_CREATE                                     |</div><div>| tenant_id         | 003f8501be134da18af721685def9ec5                   |</div><div>| vpnservice_id     | 05bdaa03-374d-4df6-af67-96ad209b8126               |</div><div>+-------------------+----------------------------------------------------+</div></div><div><br></div><div><br></div><div>after this too, the status is still pending create for vpnconnection3 and vpnconnection4. Is that expected behavior?</div><div><br></div><div><br></div><div><br></div><div> </div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div>