[openstack-dev] [neutron] Question about VPNaas

Paul Michali pc at michali.net
Wed Jan 28 14:26:12 UTC 2015

I can try to comment on your questions... inline @PCM

PCM (Paul Michali)

IRC............ pc_m (irc.freenode.com)
Twitter....... @pmichali

On Tue, Jan 27, 2015 at 9:45 PM, shihanzhang <ayshihanzhang at 126.com> wrote:

> Hi Stacker:
>     I am a novice, I want  use Neutron VPNaas, through my preliminary
> understanding on this it, I have two questions about it:
>         (1) why a 'vpnservices' can just has one subnet?
        (2) why the subnet of 'vpnservices' can't be changed?

@PCM Currently, the VPN service is designed to setup a site to site
connection between two private subnets. The service is associated 1:1 with
(and applies the connection to) a Neutron router that has a interface on
the private network, and an interface on the public network. Changing the
subnet for the service would effectively change the router. One would have
to delete and recreate the service to use a different router.

I don't know if the user can attach multiple "private" subnets to a router,
and the VPN implementation assumes that there is only one private subnet.

     As I know, the OpenSwan does not has these limitations.
>     I've learned that there is a BP to do this:
> https://blueprints.launchpad.net/neutron/+spec/vpn-multiple-subnet
>      but this BP has been no progress.

     I want to know whether this will do in next cycle or later, who can
> help me to explain?

@PCM I don't know what happened with that BP, but it is effectively
abandoned (even though status says 'new'). There has not been any activity
on it for over a year, and since we are at a new release, a BP spec would
have been required for Kilo. Also, the bug that drove the issue, has been
placed into Invalid state by Mark McClain in March of last year.


You could ask Mark for clarification, but I think it may be because the
Neutron router doesn't support multiple subnets.


> -shihanzhang
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150128/c6dab146/attachment.html>

More information about the OpenStack-dev mailing list