Open Stack

Hello,
we have big problems with VPNaaS in multiregion Production environment on Openstack Juno with unstable connection between vrouters or vrouter to external pfSense for example. 
On network nodes we have different kernel parameters. Anyone knows which should be exactly kernel parameters to configure in kernel if there are? Is there any issue with some kernel versions? 

We use openswan 2.6.38 on kernel 3.13.0-65 and 3.13.0-74.

The errors we noticed are that the VPN connection is UP but packets doesn’t pass through encrypted tunnel because there are mismatch with xfrm state. Seems that sometimes when SA is re-established openswan can’t ri-negotiate it and show error below:

ignoring Delete SA payload: PROTO_IPSEC_ESP SA(<xfrm state id>) not found (maybe expired)


Anyone could help?

Thank you very much.

Regards,
Davide
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160926/bf833ba1/attachment.html>