Hi, all I want to install vpnaas in mitaka, but failed to create ipsec-connection.
OS version: Centos 7 Libreswan version: 3.10.0-327.18.2.el7.x86_64 In /etc/neutron/vpn_agent.ini, vpn_device_driver is neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver. Before running neutron-vpn-agent, I had checked ipsec status, it seems normal: # ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Libreswan 3.15 (netkey) on 3.10.0-327.18.2.el7.x86_64 Checking for IPsec support in kernel [OK] SAref kernel support [N/A] NETKEY: Testing XFRM related proc values [OK] [OK] [OK] Hardware RNG detected, testing if used properly [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [FAILED] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking /bin/sh is not /bin/dash [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] After create ikepolicy, ipsecpolicy and vpn service, create a ipsec-site-connection failed, status code in vpn-agent.log returns 1 : # ip netns exec qrouter-5758220e-5c35-429a-975f-39375db70efe ipsec whack --ctlbase /var/lib/neutron/ipsec/5758220e-5c35-429a-975f-39375db70efe/var/run/pluto --status whack: Pluto is not running (no "/var/lib/neutron/ipsec/5758220e-5c35-429a-975f-39375db70efe/var/run/pluto.ctl") By the way, ipsec checknss had already run, but I had not seen any db files in the /etc/pki/nssdb directory: root 14087 0.0 0.0 113252 912 ? S 23:21 0:00 /bin/sh /sbin/ipsec checknss /var/lib/neutron/ipsec/5758220e-5c35-429a-975f-39375db70efe/etc
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
