<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Many thanks for the info<br>
    <br>
    cheers<br>
    Iain<br>
    --<br>
    <br>
    <div class="moz-cite-prefix">On 18/03/16 18:22, Paul Michali wrote:<br>
    </div>
    <blockquote
cite="mid:CA+ikoRM8L=_n99shtTMFnNYFR+Lp8AMbmS7tKEf8bjB_09U15Q@mail.gmail.com"
      type="cite">
      <div dir="ltr">Correct. The capability to support multiple local
        subnets is in Mitaka (just mist Liberty). CLI support is there.
        The Horizon work to support that is in-progress, but won't be in
        Mitaka AFAIK. You can check with the Horizon team for details.
        <div><br>
        </div>
        <div>Regards,</div>
        <div><br>
        </div>
        <div>PCM</div>
        <div><br>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr">On Fri, Mar 18, 2016 at 1:49 PM James Denton <<a
            moz-do-not-send="true"
            href="mailto:james.denton@rackspace.com"><a class="moz-txt-link-abbreviated" href="mailto:james.denton@rackspace.com">james.denton@rackspace.com</a></a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0 0 0
          .8ex;border-left:1px #ccc solid;padding-left:1ex">I believe
          this will be addressed in Mitaka:<br>
          <br>
          <a moz-do-not-send="true"
            href="https://bugs.launchpad.net/neutron/+bug/1459423"
            rel="noreferrer" target="_blank">https://bugs.launchpad.net/neutron/+bug/1459423</a><br>
          <br>
          <br>
          JD<br>
          <br>
          <br>
          <br>
          <br>
          <br>
          <br>
          <br>
          <br>
          <br>
          On 3/18/16, 12:15 PM, "iain smith" <<a
            moz-do-not-send="true" href="mailto:iain@3birds.co.uk"
            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:iain@3birds.co.uk">iain@3birds.co.uk</a></a>> wrote:<br>
          <br>
          >Hi all -<br>
          ><br>
          >When using neutron's VPNaaS with the Strongswan back-end,
          has anyone<br>
          >come up against the seemingly needless limitation whereby
          the 'Add VPN<br>
          >Service' configuration pane in Horizon only allows you to
          add one<br>
          >subnet, even if you have several subnets attached to the
          router which<br>
          >will host the VPN endpoint at the openstack end?<br>
          ><br>
          >The IPSEC VPN works well, but only allows you to route to
          the one<br>
          >openstack subnet behind the router, through the VPN
          tunnel.<br>
          ><br>
          >However... on the openstack network node (where the
          neutron-vpn-agent<br>
          >and strongswan are running) I can manually edit the
          Strongswan<br>
          >configuration file generated from the horizon input<br>
          >(/var/lib/neutron/ipsec/<router-id>/etc/strongswan/ipsec.conf).
          I can<br>
          >add the other openstack subnet addresses to the
          'leftsubnet' statement<br>
          >(comma-separated), save the file, and send a HUP to the<br>
          >/usr/libexec/strongswan/starter process to force charon to
          re-read the<br>
          >config.<br>
          ><br>
          >After adding the subnets to the 'rightsubnet' statement in
          my strongswan<br>
          >VPN client config and bringing up the VPN tunnel, all of
          the openstack<br>
          >subnets are then routable through the VPN tunnel.<br>
          ><br>
          >Shouldn't the horizon GUI config allow you to select
          multiple subnets,<br>
          >if more than one is available on the chosen router?<br>
          ><br>
          >cheers<br>
          >Iain<br>
          >--<br>
          ><br>
          ><br>
          ><br>
          ><br>
          ><br>
          >_______________________________________________<br>
          >Mailing list: <a moz-do-not-send="true"
            href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
            rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
          >Post to     : <a moz-do-not-send="true"
            href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
          >Unsubscribe : <a moz-do-not-send="true"
            href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
            rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
          _______________________________________________<br>
          Mailing list: <a moz-do-not-send="true"
            href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
            rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
          Post to     : <a moz-do-not-send="true"
            href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
          Unsubscribe : <a moz-do-not-send="true"
            href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
            rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
        </blockquote>
      </div>
    </blockquote>
    <br>
  </body>
</html>