I would venture to say no fixes will be back ported to anything older than liberty at this point. You should upgrade anyway. From: "Davide Panarese" <dpanarese at enter.eu> To: openstack at lists.openstack.org Sent: Monday, September 26, 2016 12:19:08 PM Subject: [Openstack] [Neutron] Juno Neutron VPNaaS unstable Hello, we have big problems with VPNaaS in multiregion Production environment on Openstack Juno with unstable connection between vrouters or vrouter to external pfSense for example. On network nodes we have different kernel parameters. Anyone knows which should be exactly kernel parameters to configure in kernel if there are? Is there any issue with some kernel versions? We use openswan 2.6.38 on kernel 3.13.0-65 and 3.13.0-74. The errors we noticed are that the VPN connection is UP but packets doesn’t pass through encrypted tunnel because there are mismatch with xfrm state. Seems that sometimes when SA is re-established openswan can’t ri-negotiate it and show error below: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(<xfrm state id>) not found (maybe expired) Anyone could help? Thank you very much. Regards, Davide _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20161017/276e010c/attachment.html>