[Openstack] VPNaaS limited to one subnet

iain smith iain at 3birds.co.uk
Mon Mar 21 18:09:15 UTC 2016 

Many thanks for the info

cheers
Iain
--

On 18/03/16 18:22, Paul Michali wrote:
> Correct. The capability to support multiple local subnets is in Mitaka
> (just mist Liberty). CLI support is there. The Horizon work to support
> that is in-progress, but won't be in Mitaka AFAIK. You can check with
> the Horizon team for details.
>
> Regards,
>
> PCM
>
>
> On Fri, Mar 18, 2016 at 1:49 PM James Denton
> <james.denton at rackspace.com <mailto:james.denton at rackspace.com>> wrote:
>
>     I believe this will be addressed in Mitaka:
>
>     https://bugs.launchpad.net/neutron/+bug/1459423
>
>
>     JD
>
>
>
>
>
>
>
>
>
>     On 3/18/16, 12:15 PM, "iain smith" <iain at 3birds.co.uk
>     <mailto:iain at 3birds.co.uk>> wrote:
>
>     >Hi all -
>     >
>     >When using neutron's VPNaaS with the Strongswan back-end, has anyone
>     >come up against the seemingly needless limitation whereby the
>     'Add VPN
>     >Service' configuration pane in Horizon only allows you to add one
>     >subnet, even if you have several subnets attached to the router which
>     >will host the VPN endpoint at the openstack end?
>     >
>     >The IPSEC VPN works well, but only allows you to route to the one
>     >openstack subnet behind the router, through the VPN tunnel.
>     >
>     >However... on the openstack network node (where the neutron-vpn-agent
>     >and strongswan are running) I can manually edit the Strongswan
>     >configuration file generated from the horizon input
>     >(/var/lib/neutron/ipsec/<router-id>/etc/strongswan/ipsec.conf). I can
>     >add the other openstack subnet addresses to the 'leftsubnet'
>     statement
>     >(comma-separated), save the file, and send a HUP to the
>     >/usr/libexec/strongswan/starter process to force charon to
>     re-read the
>     >config.
>     >
>     >After adding the subnets to the 'rightsubnet' statement in my
>     strongswan
>     >VPN client config and bringing up the VPN tunnel, all of the
>     openstack
>     >subnets are then routable through the VPN tunnel.
>     >
>     >Shouldn't the horizon GUI config allow you to select multiple
>     subnets,
>     >if more than one is available on the chosen router?
>     >
>     >cheers
>     >Iain
>     >--
>     >
>     >
>     >
>     >
>     >
>     >_______________________________________________
>     >Mailing list:
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>     >Post to     : openstack at lists.openstack.org
>     <mailto:openstack at lists.openstack.org>
>     >Unsubscribe :
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>     _______________________________________________
>     Mailing list:
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>     Post to     : openstack at lists.openstack.org
>     <mailto:openstack at lists.openstack.org>
>     Unsubscribe :
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160321/f2448bf0/attachment.html>

More information about the Openstack mailing list