<div dir="ltr">We've had several users on our public OpenStack installation make use the VPNaaS facility to fulfil their VPN requirements with varying degrees of success. Use cases have ranged, one particular company made extensive use in order to connect different projects together for example. We've recommended to a few people that they're often better served by using an instance and configuring that as an endpoint, but obviously there's a cost associated with that (we don't charge for VPNaaS). We've crafted a few documents as well in order to help our users to get started that cover a few scenarios we've encountered:<div><br><div><a href="https://docs.datacentred.io/display/compute/VPNs+with+OpenStack+VPNaaS+and+Juniper+SRX">https://docs.datacentred.io/display/compute/VPNs+with+OpenStack+VPNaaS+and+Juniper+SRX</a><br></div><div><a href="https://docs.datacentred.io/display/compute/VPNs+with+OpenStack+VPNaaS+and+StrongSwan">https://docs.datacentred.io/display/compute/VPNs+with+OpenStack+VPNaaS+and+StrongSwan</a><br></div><div><a href="https://docs.datacentred.io/display/compute/OpenStack+to+OpenStack+VPNaaS">https://docs.datacentred.io/display/compute/OpenStack+to+OpenStack+VPNaaS</a><br></div><div><br></div><div>From an operational standpoint, one thing I will say is that it can be awkward to troubleshoot when something goes wrong. We're currently on Juno with several network nodes and VPN creation on at least one of them fails consistently for reasons that we've not yet been able to discern. Package versions, configuration, etc. are all exactly the same. Log levels are set to debug but as yet we've not been able to track down the exact root cause.</div><div><br></div></div><div class="gmail_extra"><div><div class="gmail_signature"><div dir="ltr"><div>-- </div><div><br>-Nick<br></div></div></div></div>
<br><div class="gmail_quote">On 6 August 2015 at 15:19, Kevin Bringard (kevinbri) <span dir="ltr"><<a href="mailto:kevinbri@cisco.com" target="_blank">kevinbri@cisco.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I've got to agree. We don't really use the included VPNaaS for many of the<br>
reasons listed below. Most of our users put appliance VM to establish<br>
tunnels and behave as their subnet's router, same as Sam.<br>
<div class="HOEnZb"><div class="h5"><br>
On 8/6/15, 7:52 AM, "Sam Stoelinga" <<a href="mailto:sammiestoel@gmail.com">sammiestoel@gmail.com</a>> wrote:<br>
<br>
>I'm running VPN servers in VMs. Neutron VPNaaS only supports site-to-site<br>
>IPSec based VPNs and it seemed quite troublesome to setup (opinion-based).<br>
><br>
><br>
>Sam Stoelinga<br>
><br>
><br>
>On Thu, Aug 6, 2015 at 2:51 PM, Edgar Magana<br>
><<a href="mailto:edgar.magana@workday.com">edgar.magana@workday.com</a>> wrote:<br>
><br>
>I know I can¹t wear both hats but in this case as Operator as one of the<br>
>constant moderators for the neutron-related sessions, I can say that I<br>
>have never received a report about the VPNaaS code from the Operators.<br>
>This could be means two things, the code<br>
> is terrific and nobody has issues with it or basically nobody uses it.<br>
><br>
><br>
>Thanks,<br>
><br>
><br>
>Edgar<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
>From: Kyle Mestery<br>
>Date: Wednesday, August 5, 2015 at 12:56 PM<br>
>To: "<a href="mailto:openstack-operators@lists.openstack.org">openstack-operators@lists.openstack.org</a>"<br>
>Cc: Paul Michali, Doug Wiegley<br>
>Subject: [Openstack-operators] [neutron] Any users of Neutron's VPN<br>
>advanced service?<br>
><br>
><br>
><br>
>Operators:<br>
><br>
><br>
>We (myself, Paul and Doug) are looking to better understand who might be<br>
>using Neutron's VPNaaS code. We're looking for what version you're using,<br>
>how long you're using it, and if you plan to continue deploying it with<br>
>future upgrades. Any information operators<br>
> can provide here would be fantastic!<br>
><br>
><br>
>Thank you!<br>
><br>
>Kyle<br></div></div></blockquote></div></div></div>
<br>
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;background-color:rgb(255,255,255)">DataCentred Limited registered in England and Wales no. 05611763</span>