[Openstack] VPNaaS limited to one subnet

Paul Michali pc at michali.net
Fri Mar 18 18:22:39 UTC 2016


Correct. The capability to support multiple local subnets is in Mitaka
(just mist Liberty). CLI support is there. The Horizon work to support that
is in-progress, but won't be in Mitaka AFAIK. You can check with the
Horizon team for details.

Regards,

PCM


On Fri, Mar 18, 2016 at 1:49 PM James Denton <james.denton at rackspace.com>
wrote:

> I believe this will be addressed in Mitaka:
>
> https://bugs.launchpad.net/neutron/+bug/1459423
>
>
> JD
>
>
>
>
>
>
>
>
>
> On 3/18/16, 12:15 PM, "iain smith" <iain at 3birds.co.uk> wrote:
>
> >Hi all -
> >
> >When using neutron's VPNaaS with the Strongswan back-end, has anyone
> >come up against the seemingly needless limitation whereby the 'Add VPN
> >Service' configuration pane in Horizon only allows you to add one
> >subnet, even if you have several subnets attached to the router which
> >will host the VPN endpoint at the openstack end?
> >
> >The IPSEC VPN works well, but only allows you to route to the one
> >openstack subnet behind the router, through the VPN tunnel.
> >
> >However... on the openstack network node (where the neutron-vpn-agent
> >and strongswan are running) I can manually edit the Strongswan
> >configuration file generated from the horizon input
> >(/var/lib/neutron/ipsec/<router-id>/etc/strongswan/ipsec.conf). I can
> >add the other openstack subnet addresses to the 'leftsubnet' statement
> >(comma-separated), save the file, and send a HUP to the
> >/usr/libexec/strongswan/starter process to force charon to re-read the
> >config.
> >
> >After adding the subnets to the 'rightsubnet' statement in my strongswan
> >VPN client config and bringing up the VPN tunnel, all of the openstack
> >subnets are then routable through the VPN tunnel.
> >
> >Shouldn't the horizon GUI config allow you to select multiple subnets,
> >if more than one is available on the chosen router?
> >
> >cheers
> >Iain
> >--
> >
> >
> >
> >
> >
> >_______________________________________________
> >Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >Post to     : openstack at lists.openstack.org
> >Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160318/3ba48a07/attachment.html>


More information about the Openstack mailing list