[Openstack-operators] [neutron] Any users of Neutron's VPN advanced service?

Nick Jones nick.jones at datacentred.co.uk
Fri Aug 7 09:48:38 UTC 2015


We've had several users on our public OpenStack installation make use the
VPNaaS facility to fulfil their VPN requirements with varying degrees of
success.  Use cases have ranged, one particular company made extensive use
in order to connect different projects together for example.  We've
recommended to a few people that they're often better served by using an
instance and configuring that as an endpoint, but obviously there's a cost
associated with that (we don't charge for VPNaaS).  We've crafted a few
documents as well in order to help our users to get started that cover a
few scenarios we've encountered:

https://docs.datacentred.io/display/compute/VPNs+with+OpenStack+VPNaaS+and+Juniper+SRX
https://docs.datacentred.io/display/compute/VPNs+with+OpenStack+VPNaaS+and+StrongSwan
https://docs.datacentred.io/display/compute/OpenStack+to+OpenStack+VPNaaS

>From an operational standpoint, one thing I will say is that it can be
awkward to troubleshoot when something goes wrong.  We're currently on Juno
with several network nodes and VPN creation on at least one of them fails
consistently for reasons that we've not yet been able to discern.  Package
versions, configuration, etc. are all exactly the same.  Log levels are set
to debug but as yet we've not been able to track down the exact root cause.

-- 

-Nick

On 6 August 2015 at 15:19, Kevin Bringard (kevinbri) <kevinbri at cisco.com>
wrote:

> I've got to agree. We don't really use the included VPNaaS for many of the
> reasons listed below. Most of our users put appliance VM to establish
> tunnels and behave as their subnet's router, same as Sam.
>
> On 8/6/15, 7:52 AM, "Sam Stoelinga" <sammiestoel at gmail.com> wrote:
>
> >I'm running VPN servers in VMs. Neutron VPNaaS only supports site-to-site
> >IPSec based VPNs and it seemed quite troublesome to setup (opinion-based).
> >
> >
> >Sam Stoelinga
> >
> >
> >On Thu, Aug 6, 2015 at 2:51 PM, Edgar Magana
> ><edgar.magana at workday.com> wrote:
> >
> >I know I can¹t wear both hats but in this case as Operator as one of the
> >constant moderators for the neutron-related sessions, I can say that I
> >have never received a report about the VPNaaS code from the Operators.
> >This could be means two things, the code
> > is terrific and nobody has issues with it or basically nobody uses it.
> >
> >
> >Thanks,
> >
> >
> >Edgar
> >
> >
> >
> >
> >
> >
> >
> >From: Kyle Mestery
> >Date: Wednesday, August 5, 2015 at 12:56 PM
> >To: "openstack-operators at lists.openstack.org"
> >Cc: Paul Michali, Doug Wiegley
> >Subject: [Openstack-operators] [neutron] Any users of Neutron's VPN
> >advanced service?
> >
> >
> >
> >Operators:
> >
> >
> >We (myself, Paul and Doug) are looking to better understand who might be
> >using Neutron's VPNaaS code. We're looking for what version you're using,
> >how long you're using it, and if you plan to continue deploying it with
> >future upgrades. Any information operators
> > can provide here would be fantastic!
> >
> >
> >Thank you!
> >
> >Kyle
>

-- 
DataCentred Limited registered in England and Wales no. 05611763
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150807/d118a52d/attachment.html>


More information about the OpenStack-operators mailing list