<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Many thanks for the info<br>
<br>
cheers<br>
Iain<br>
--<br>
<br>
<div class="moz-cite-prefix">On 18/03/16 18:22, Paul Michali wrote:<br>
</div>
<blockquote
cite="mid:CA+ikoRM8L=_n99shtTMFnNYFR+Lp8AMbmS7tKEf8bjB_09U15Q@mail.gmail.com"
type="cite">
<div dir="ltr">Correct. The capability to support multiple local
subnets is in Mitaka (just mist Liberty). CLI support is there.
The Horizon work to support that is in-progress, but won't be in
Mitaka AFAIK. You can check with the Horizon team for details.
<div><br>
</div>
<div>Regards,</div>
<div><br>
</div>
<div>PCM</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, Mar 18, 2016 at 1:49 PM James Denton <<a
moz-do-not-send="true"
href="mailto:james.denton@rackspace.com"><a class="moz-txt-link-abbreviated" href="mailto:james.denton@rackspace.com">james.denton@rackspace.com</a></a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">I believe
this will be addressed in Mitaka:<br>
<br>
<a moz-do-not-send="true"
href="https://bugs.launchpad.net/neutron/+bug/1459423"
rel="noreferrer" target="_blank">https://bugs.launchpad.net/neutron/+bug/1459423</a><br>
<br>
<br>
JD<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On 3/18/16, 12:15 PM, "iain smith" <<a
moz-do-not-send="true" href="mailto:iain@3birds.co.uk"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:iain@3birds.co.uk">iain@3birds.co.uk</a></a>> wrote:<br>
<br>
>Hi all -<br>
><br>
>When using neutron's VPNaaS with the Strongswan back-end,
has anyone<br>
>come up against the seemingly needless limitation whereby
the 'Add VPN<br>
>Service' configuration pane in Horizon only allows you to
add one<br>
>subnet, even if you have several subnets attached to the
router which<br>
>will host the VPN endpoint at the openstack end?<br>
><br>
>The IPSEC VPN works well, but only allows you to route to
the one<br>
>openstack subnet behind the router, through the VPN
tunnel.<br>
><br>
>However... on the openstack network node (where the
neutron-vpn-agent<br>
>and strongswan are running) I can manually edit the
Strongswan<br>
>configuration file generated from the horizon input<br>
>(/var/lib/neutron/ipsec/<router-id>/etc/strongswan/ipsec.conf).
I can<br>
>add the other openstack subnet addresses to the
'leftsubnet' statement<br>
>(comma-separated), save the file, and send a HUP to the<br>
>/usr/libexec/strongswan/starter process to force charon to
re-read the<br>
>config.<br>
><br>
>After adding the subnets to the 'rightsubnet' statement in
my strongswan<br>
>VPN client config and bringing up the VPN tunnel, all of
the openstack<br>
>subnets are then routable through the VPN tunnel.<br>
><br>
>Shouldn't the horizon GUI config allow you to select
multiple subnets,<br>
>if more than one is available on the chosen router?<br>
><br>
>cheers<br>
>Iain<br>
>--<br>
><br>
><br>
><br>
><br>
><br>
>_______________________________________________<br>
>Mailing list: <a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
>Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
>Unsubscribe : <a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
_______________________________________________<br>
Mailing list: <a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>