I believe this will be addressed in Mitaka: https://bugs.launchpad.net/neutron/+bug/1459423
JD On 3/18/16, 12:15 PM, "iain smith" <[email protected]> wrote: >Hi all - > >When using neutron's VPNaaS with the Strongswan back-end, has anyone >come up against the seemingly needless limitation whereby the 'Add VPN >Service' configuration pane in Horizon only allows you to add one >subnet, even if you have several subnets attached to the router which >will host the VPN endpoint at the openstack end? > >The IPSEC VPN works well, but only allows you to route to the one >openstack subnet behind the router, through the VPN tunnel. > >However... on the openstack network node (where the neutron-vpn-agent >and strongswan are running) I can manually edit the Strongswan >configuration file generated from the horizon input >(/var/lib/neutron/ipsec/<router-id>/etc/strongswan/ipsec.conf). I can >add the other openstack subnet addresses to the 'leftsubnet' statement >(comma-separated), save the file, and send a HUP to the >/usr/libexec/strongswan/starter process to force charon to re-read the >config. > >After adding the subnets to the 'rightsubnet' statement in my strongswan >VPN client config and bringing up the VPN tunnel, all of the openstack >subnets are then routable through the VPN tunnel. > >Shouldn't the horizon GUI config allow you to select multiple subnets, >if more than one is available on the chosen router? > >cheers >Iain >-- > > > > > >_______________________________________________ >Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >Post to : [email protected] >Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
