[openstack-dev] [Neutron][VPNaaS] Question regarding creating an IPSec Connection Site with multiple subnets attached to a router on each site in stable/kilo
Chirag Shahani
chirag.shahani at gmail.com
Wed Feb 24 19:01:36 UTC 2016
Hi All,
I am using https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall to
install VPNaaS with single devstack and two routers.
stack at whiskey:/opt/stack$ neutron router-list
+--------------------------------------+------+---------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id | name | external_gateway_info
| distributed | ha |
+--------------------------------------+------+---------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 6e730589-113e-4105-af61-3945bc5c9413 | r1 | {"network_id":
"dfcb5c47-712c-4c6e-b98e-53ea9688d7d5", "enable_snat": true,
"external_fixed_ips": [{"subnet_id": "fcb87cfa-734b- | False |
False |
| | | 47d0-83b2-523ecbd2fa5c",
"ip_address": "5.5.5.3"}]}
| | |
| eaeae30a-e281-42a7-9c38-1f678ec1ccbf | r2 | {"network_id":
"dfcb5c47-712c-4c6e-b98e-53ea9688d7d5", "enable_snat": true,
"external_fixed_ips": [{"subnet_id": "fcb87cfa-734b- | False |
False |
| | | 47d0-83b2-523ecbd2fa5c",
"ip_address": "5.5.5.4"}]}
| | |
+--------------------------------------+------+---------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
stack at whiskey:/opt/stack$ neutron vpn-service-list
+--------------------------------------+--------+--------------------------------------+--------+
| id | name | router_id
| status |
+--------------------------------------+--------+--------------------------------------+--------+
| 59adbee1-7cc7-415e-8273-d4c2491ab878 | myvpn |
6e730589-113e-4105-af61-3945bc5c9413 | ACTIVE |
| c453caf5-839a-4687-b44a-148014671fce | myvpn2 |
eaeae30a-e281-42a7-9c38-1f678ec1ccbf | ACTIVE |
+--------------------------------------+--------+--------------------------------------+--------+
(neutron) stack at whiskey:/opt/stack$ neutron ipsec-site-connection-list
+--------------------------------------+----------------+--------------+-----------+--------+
| id | name | peer_address |
auth_mode | status |
+--------------------------------------+----------------+--------------+-----------+--------+
| 0f5db508-5248-48e4-a76e-f4ef17d8f975 | vpnconnection1 | 5.5.5.4 |
psk | ACTIVE |
| 5db83673-4e3c-41ef-8697-dd6a33e57576 | vpnconnection2 | 5.5.5.3 |
psk | ACTIVE |
+--------------------------------------+----------------+--------------+-----------+--------+
stack at whiskey:/opt/stack$
stack at whiskey:/opt/stack$ nova list
+--------------------------------------+------+--------+------------+-------------+------------+
| ID | Name | Status | Task State | Power
State | Networks |
+--------------------------------------+------+--------+------------+-------------+------------+
| c390da65-9a5c-40d3-aa55-6627f66afabb | vm1 | ACTIVE | - |
Running | n1=1.1.1.3 |
| 2186a7dd-b5c9-464e-bc10-bd8a92890509 | vm2 | ACTIVE | - |
Running | n2=2.2.2.3 |
+--------------------------------------+------+--------+------------+-------------+------------+
>From the above three commands, I could get the topology mentioned in the
install guide to work perfectly and could ping the vm's on the two routers
from each other.
Now, I added 2 more subnets to each router on either side and spun 2 vms's
(vm3 and vm4) on subnets s3 and s4 attached to routers r1 and r2
respectively.
Now create a vpn service myvpn3 with r1 and s3 & myvpn4 with r2 and s4.
stack at whiskey:/opt/stack$ neutron vpn-service-list
+--------------------------------------+--------+--------------------------------------+----------------+
| id | name | router_id
| status |
+--------------------------------------+--------+--------------------------------------+----------------+
| 05bdaa03-374d-4df6-af67-96ad209b8126 | myvpn4 |
eaeae30a-e281-42a7-9c38-1f678ec1ccbf | PENDING_CREATE |
| 4fd6fc1f-9f5e-4980-a28c-520a1c3a8e8a | myvpn3 |
6e730589-113e-4105-af61-3945bc5c9413 | PENDING_CREATE |
| 59adbee1-7cc7-415e-8273-d4c2491ab878 | myvpn |
6e730589-113e-4105-af61-3945bc5c9413 | ACTIVE |
| c453caf5-839a-4687-b44a-148014671fce | myvpn2 |
eaeae30a-e281-42a7-9c38-1f678ec1ccbf | ACTIVE |
+--------------------------------------+--------+--------------------------------------+----------------+
Now create a ipsec-site-conneciton.
stack at whiskey:/opt/stack$ neutron ipsec-site-connection-create --name
vpnconnection3 --vpnservice-id myvpn3 --ikepolicy-id ikepolicy1
--ipsecpolicy-id ipsecpolicy1 --peer-address 5.5.5.4 --peer-id 5.5.5.4
--peer-cidr 4.4.4.0/24 --psk secret1
Created a new ipsec_site_connection:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | ceffea34-7e94-456a-8772-dea600767523 |
| ikepolicy_id | 0feed5fa-a57e-4c6d-87ee-50a589eeb83c |
| initiator | bi-directional |
| ipsecpolicy_id | ad2f3990-550a-4728-8f96-79d44d0ac673 |
| local_ep_group_id | |
| mtu | 1500 |
| name | vpnconnection3 |
| peer_address | 5.5.5.4 |
| peer_cidrs | 4.4.4.0/24 |
| peer_ep_group_id | |
| peer_id | 5.5.5.4 |
| psk | secret1 |
| route_mode | static |
| status | PENDING_CREATE |
| tenant_id | 003f8501be134da18af721685def9ec5 |
| vpnservice_id | 4fd6fc1f-9f5e-4980-a28c-520a1c3a8e8a |
+-------------------+----------------------------------------------------+
stack at whiskey:/opt/stack$ neutron ipsec-site-connection-create --name
vpnconnection4 --vpnservice-id myvpn4 --ikepolicy-id ikepolicy1
--ipsecpolicy-id ipsecpolicy1 --peer-address 5.5.5.3 --peer-id 5.5.5.3
--peer-cidr 3.3.3.0/24 --psk secret1
Created a new ipsec_site_connection:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | d583f657-981d-4fe0-aeba-205cf9cbd27a |
| ikepolicy_id | 0feed5fa-a57e-4c6d-87ee-50a589eeb83c |
| initiator | bi-directional |
| ipsecpolicy_id | ad2f3990-550a-4728-8f96-79d44d0ac673 |
| local_ep_group_id | |
| mtu | 1500 |
| name | vpnconnection4 |
| peer_address | 5.5.5.3 |
| peer_cidrs | 3.3.3.0/24 |
| peer_ep_group_id | |
| peer_id | 5.5.5.3 |
| psk | secret1 |
| route_mode | static |
| status | PENDING_CREATE |
| tenant_id | 003f8501be134da18af721685def9ec5 |
| vpnservice_id | 05bdaa03-374d-4df6-af67-96ad209b8126 |
+-------------------+----------------------------------------------------+
after this too, the status is still pending create for vpnconnection3 and
vpnconnection4. Is that expected behavior?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160224/4d373924/attachment.html>
More information about the OpenStack-dev
mailing list