Hi All, I am using https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall to install VPNaaS with single devstack and two routers.
stack@whiskey:/opt/stack$ neutron router-list +--------------------------------------+------+---------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | id | name | external_gateway_info | distributed | ha | +--------------------------------------+------+---------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | 6e730589-113e-4105-af61-3945bc5c9413 | r1 | {"network_id": "dfcb5c47-712c-4c6e-b98e-53ea9688d7d5", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "fcb87cfa-734b- | False | False | | | | 47d0-83b2-523ecbd2fa5c", "ip_address": "5.5.5.3"}]} | | | | eaeae30a-e281-42a7-9c38-1f678ec1ccbf | r2 | {"network_id": "dfcb5c47-712c-4c6e-b98e-53ea9688d7d5", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "fcb87cfa-734b- | False | False | | | | 47d0-83b2-523ecbd2fa5c", "ip_address": "5.5.5.4"}]} | | | +--------------------------------------+------+---------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ stack@whiskey:/opt/stack$ neutron vpn-service-list +--------------------------------------+--------+--------------------------------------+--------+ | id | name | router_id | status | +--------------------------------------+--------+--------------------------------------+--------+ | 59adbee1-7cc7-415e-8273-d4c2491ab878 | myvpn | 6e730589-113e-4105-af61-3945bc5c9413 | ACTIVE | | c453caf5-839a-4687-b44a-148014671fce | myvpn2 | eaeae30a-e281-42a7-9c38-1f678ec1ccbf | ACTIVE | +--------------------------------------+--------+--------------------------------------+--------+ (neutron) stack@whiskey:/opt/stack$ neutron ipsec-site-connection-list +--------------------------------------+----------------+--------------+-----------+--------+ | id | name | peer_address | auth_mode | status | +--------------------------------------+----------------+--------------+-----------+--------+ | 0f5db508-5248-48e4-a76e-f4ef17d8f975 | vpnconnection1 | 5.5.5.4 | psk | ACTIVE | | 5db83673-4e3c-41ef-8697-dd6a33e57576 | vpnconnection2 | 5.5.5.3 | psk | ACTIVE | +--------------------------------------+----------------+--------------+-----------+--------+ stack@whiskey:/opt/stack$ stack@whiskey:/opt/stack$ nova list +--------------------------------------+------+--------+------------+-------------+------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+------------+ | c390da65-9a5c-40d3-aa55-6627f66afabb | vm1 | ACTIVE | - | Running | n1=1.1.1.3 | | 2186a7dd-b5c9-464e-bc10-bd8a92890509 | vm2 | ACTIVE | - | Running | n2=2.2.2.3 | +--------------------------------------+------+--------+------------+-------------+------------+ >From the above three commands, I could get the topology mentioned in the install guide to work perfectly and could ping the vm's on the two routers from each other. Now, I added 2 more subnets to each router on either side and spun 2 vms's (vm3 and vm4) on subnets s3 and s4 attached to routers r1 and r2 respectively. Now create a vpn service myvpn3 with r1 and s3 & myvpn4 with r2 and s4. stack@whiskey:/opt/stack$ neutron vpn-service-list +--------------------------------------+--------+--------------------------------------+----------------+ | id | name | router_id | status | +--------------------------------------+--------+--------------------------------------+----------------+ | 05bdaa03-374d-4df6-af67-96ad209b8126 | myvpn4 | eaeae30a-e281-42a7-9c38-1f678ec1ccbf | PENDING_CREATE | | 4fd6fc1f-9f5e-4980-a28c-520a1c3a8e8a | myvpn3 | 6e730589-113e-4105-af61-3945bc5c9413 | PENDING_CREATE | | 59adbee1-7cc7-415e-8273-d4c2491ab878 | myvpn | 6e730589-113e-4105-af61-3945bc5c9413 | ACTIVE | | c453caf5-839a-4687-b44a-148014671fce | myvpn2 | eaeae30a-e281-42a7-9c38-1f678ec1ccbf | ACTIVE | +--------------------------------------+--------+--------------------------------------+----------------+ Now create a ipsec-site-conneciton. stack@whiskey:/opt/stack$ neutron ipsec-site-connection-create --name vpnconnection3 --vpnservice-id myvpn3 --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address 5.5.5.4 --peer-id 5.5.5.4 --peer-cidr 4.4.4.0/24 --psk secret1 Created a new ipsec_site_connection: +-------------------+----------------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------------+ | admin_state_up | True | | auth_mode | psk | | description | | | dpd | {"action": "hold", "interval": 30, "timeout": 120} | | id | ceffea34-7e94-456a-8772-dea600767523 | | ikepolicy_id | 0feed5fa-a57e-4c6d-87ee-50a589eeb83c | | initiator | bi-directional | | ipsecpolicy_id | ad2f3990-550a-4728-8f96-79d44d0ac673 | | local_ep_group_id | | | mtu | 1500 | | name | vpnconnection3 | | peer_address | 5.5.5.4 | | peer_cidrs | 4.4.4.0/24 | | peer_ep_group_id | | | peer_id | 5.5.5.4 | | psk | secret1 | | route_mode | static | | status | PENDING_CREATE | | tenant_id | 003f8501be134da18af721685def9ec5 | | vpnservice_id | 4fd6fc1f-9f5e-4980-a28c-520a1c3a8e8a | +-------------------+----------------------------------------------------+ stack@whiskey:/opt/stack$ neutron ipsec-site-connection-create --name vpnconnection4 --vpnservice-id myvpn4 --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address 5.5.5.3 --peer-id 5.5.5.3 --peer-cidr 3.3.3.0/24 --psk secret1 Created a new ipsec_site_connection: +-------------------+----------------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------------+ | admin_state_up | True | | auth_mode | psk | | description | | | dpd | {"action": "hold", "interval": 30, "timeout": 120} | | id | d583f657-981d-4fe0-aeba-205cf9cbd27a | | ikepolicy_id | 0feed5fa-a57e-4c6d-87ee-50a589eeb83c | | initiator | bi-directional | | ipsecpolicy_id | ad2f3990-550a-4728-8f96-79d44d0ac673 | | local_ep_group_id | | | mtu | 1500 | | name | vpnconnection4 | | peer_address | 5.5.5.3 | | peer_cidrs | 3.3.3.0/24 | | peer_ep_group_id | | | peer_id | 5.5.5.3 | | psk | secret1 | | route_mode | static | | status | PENDING_CREATE | | tenant_id | 003f8501be134da18af721685def9ec5 | | vpnservice_id | 05bdaa03-374d-4df6-af67-96ad209b8126 | +-------------------+----------------------------------------------------+ after this too, the status is still pending create for vpnconnection3 and vpnconnection4. Is that expected behavior?
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev