<div dir="ltr">Correct. The capability to support multiple local subnets is in Mitaka (just mist Liberty). CLI support is there. The Horizon work to support that is in-progress, but won't be in Mitaka AFAIK. You can check with the Horizon team for details.<div><br></div><div>Regards,</div><div><br></div><div>PCM</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Mar 18, 2016 at 1:49 PM James Denton <<a href="mailto:james.denton@rackspace.com">james.denton@rackspace.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I believe this will be addressed in Mitaka:<br>
<br>
<a href="https://bugs.launchpad.net/neutron/+bug/1459423" rel="noreferrer" target="_blank">https://bugs.launchpad.net/neutron/+bug/1459423</a><br>
<br>
<br>
JD<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On 3/18/16, 12:15 PM, "iain smith" <<a href="mailto:iain@3birds.co.uk" target="_blank">iain@3birds.co.uk</a>> wrote:<br>
<br>
>Hi all -<br>
><br>
>When using neutron's VPNaaS with the Strongswan back-end, has anyone<br>
>come up against the seemingly needless limitation whereby the 'Add VPN<br>
>Service' configuration pane in Horizon only allows you to add one<br>
>subnet, even if you have several subnets attached to the router which<br>
>will host the VPN endpoint at the openstack end?<br>
><br>
>The IPSEC VPN works well, but only allows you to route to the one<br>
>openstack subnet behind the router, through the VPN tunnel.<br>
><br>
>However... on the openstack network node (where the neutron-vpn-agent<br>
>and strongswan are running) I can manually edit the Strongswan<br>
>configuration file generated from the horizon input<br>
>(/var/lib/neutron/ipsec/<router-id>/etc/strongswan/ipsec.conf). I can<br>
>add the other openstack subnet addresses to the 'leftsubnet' statement<br>
>(comma-separated), save the file, and send a HUP to the<br>
>/usr/libexec/strongswan/starter process to force charon to re-read the<br>
>config.<br>
><br>
>After adding the subnets to the 'rightsubnet' statement in my strongswan<br>
>VPN client config and bringing up the VPN tunnel, all of the openstack<br>
>subnets are then routable through the VPN tunnel.<br>
><br>
>Shouldn't the horizon GUI config allow you to select multiple subnets,<br>
>if more than one is available on the chosen router?<br>
><br>
>cheers<br>
>Iain<br>
>--<br>
><br>
><br>
><br>
><br>
><br>
>_______________________________________________<br>
>Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
>Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
>Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</blockquote></div>