I think external gateway routes are accepted now. The code just checks against the CIDRs of all ports belonging to the router. [1]
1. https://github.com/openstack/neutron/blob/a2fff6ee728db57f0e862548aac9296899ef0fc7/neutron/db/extraroute_db.py#L106 On Wed, Jul 23, 2014 at 8:12 PM, Carl Baldwin <[email protected]> wrote: > I wondered the same as Kevin. Could you confirm that the vpn gateway is > directly connected to the external subnet or not? The diagram isn't quite > clear > > Assuming it is directly connected then it is probable that routes through > the external gateway are not considered, hence the error you received. It > seems reasonable to me to consider a proposal that would allow this. It > should be an admin only capability by default since it would be over the > external (shared) network and not a tenant network. This seems like a new > feature rather than a bug to me. > > As an alternative, could you try configuring your router with the static > route so that it would send an icmp redirect to the neutron router? > > Carl > On Jul 22, 2014 11:23 AM, "Kevin Benton" <[email protected]> wrote: > >> The issue (if I understand your diagram correctly) is that the VPN GW >> address is on the other side of your home router from the neutron router. >> The nexthop address has to be an address on one of the subnets directly >> attached to the router. In this topology, the static route should be on >> your home router. >> >> -- >> Kevin Benton >> >> >> On Tue, Jul 22, 2014 at 6:55 AM, Ricardo Carrillo Cruz < >> [email protected]> wrote: >> >>> Hello guys >>> >>> I have the following network setup at home: >>> >>> [openstack instances] -> [neutron router] -> [ [home router] [vpn gw] >>> ] >>> TENANT NETWORK EXTERNAL NETWORK >>> >>> I need my instances to connect to machines that are connected thru the >>> vpn gw server. >>> By default, all traffic that comes from openstack instances go thru the >>> neutron router, and then hop onto the home router. >>> >>> I've seen there's an extra routes extension for neutron routers that >>> would allow me to do that, but apparently I can't add extra routes to >>> destinations in the external network, only subnets known by neutron. >>> This can be seen from the neutron CLI command: >>> >>> <snip> >>> neutron router-update <router name> --routes type=dict list=true >>> destination=<network connected by VPN in CIDR>,nexthop=<vpn gw IP> >>> Invalid format for routes: [{u'nexthop': u'<vpn gw IP>', u'destination': >>> u'<network connected by VPN in CIDR>'}], the nexthop is not connected with >>> router >>> </snip> >>> >>> Is this use case not being possible to do at all? >>> >>> P.S. >>> I found Heat BP >>> https://blueprints.launchpad.net/heat/+spec/router-properties-object >>> that in the description reads this can be done on Neutron, but can't figure >>> out how. >>> >>> Regards >>> >>> _______________________________________________ >>> OpenStack-dev mailing list >>> [email protected] >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> >> -- >> Kevin Benton >> >> _______________________________________________ >> OpenStack-dev mailing list >> [email protected] >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Kevin Benton
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
