I've mostly run VPNaaS via devstack, and haven't worked with Juno in a long time...
See @PCM in-line... On Wed, Oct 7, 2015 at 1:37 PM James Denton <[email protected]> wrote: > Hi Yngvi, > > In my most recent experience with VPNaaS on Kilo, I did the following (all > on the controller node): > > 1. Install VPN agent > > apt-get install neutron-vpnaas-agent > > 2. Edit /etc/neutron/vpn_agent.ini and add the following to configure the > device driver: > > [vpnagent] > vpn_device_driver > = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver > @PCM Two points to consider here, Yngvi. First, do you want to run OpenSwan or StrongSwan based implementation? Second, I'm not sure how solid StrongSwan was in Juno (it came out in Juno and then after there were some fixes, like IPv6 support, etc). > > 3. Edit /etc/neutron/neutron.conf and add vpnaas to the list of service > plugins: > > service_plugins = router,vpnaas > > 4. Edit /etc/neutron/neutron_vpnaas.conf and configure the service > provider: > > [service_providers] > service_provider = > VPN:vpnaas:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default > @PCM James, back in Juno there was no neutron_vpnaas.conf file, IIRC. This would go in neutron.conf > 5. Restart Neutron service: > > service neutron-server restart > > 6. Update AppArmor profile: > > sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.charon /etc/apparmor.d/disable/ > sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.stroke /etc/apparmor.d/disable/ > service apparmor restart > @PCM Above is only needed for StrongSwan, and not OpenSwan > > 7. Work around https://bugs.launchpad.net/neutron/+bug/1456335 > > cat >> /usr/bin/neutron-vpn-netns-wrapper << EOF > #!/usr/bin/python2 > > import sys > > from neutron_vpnaas.services.vpn.common.netns_wrapper import main > > if __name__ == "__main__": > sys.exit(main()) > EOF > > 8. Set permissions: > > chmod 755 /usr/bin/neutron-vpn-netns-wrapper > @PCM Steps 7 & 8 only for Strongswan, right? > > 9. Restart VPN agent > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
