Many thanks for the info cheers Iain --
On 18/03/16 18:22, Paul Michali wrote: > Correct. The capability to support multiple local subnets is in Mitaka > (just mist Liberty). CLI support is there. The Horizon work to support > that is in-progress, but won't be in Mitaka AFAIK. You can check with > the Horizon team for details. > > Regards, > > PCM > > > On Fri, Mar 18, 2016 at 1:49 PM James Denton > <[email protected] <mailto:[email protected]>> wrote: > > I believe this will be addressed in Mitaka: > > https://bugs.launchpad.net/neutron/+bug/1459423 > > > JD > > > > > > > > > > On 3/18/16, 12:15 PM, "iain smith" <[email protected] > <mailto:[email protected]>> wrote: > > >Hi all - > > > >When using neutron's VPNaaS with the Strongswan back-end, has anyone > >come up against the seemingly needless limitation whereby the > 'Add VPN > >Service' configuration pane in Horizon only allows you to add one > >subnet, even if you have several subnets attached to the router which > >will host the VPN endpoint at the openstack end? > > > >The IPSEC VPN works well, but only allows you to route to the one > >openstack subnet behind the router, through the VPN tunnel. > > > >However... on the openstack network node (where the neutron-vpn-agent > >and strongswan are running) I can manually edit the Strongswan > >configuration file generated from the horizon input > >(/var/lib/neutron/ipsec/<router-id>/etc/strongswan/ipsec.conf). I can > >add the other openstack subnet addresses to the 'leftsubnet' > statement > >(comma-separated), save the file, and send a HUP to the > >/usr/libexec/strongswan/starter process to force charon to > re-read the > >config. > > > >After adding the subnets to the 'rightsubnet' statement in my > strongswan > >VPN client config and bringing up the VPN tunnel, all of the > openstack > >subnets are then routable through the VPN tunnel. > > > >Shouldn't the horizon GUI config allow you to select multiple > subnets, > >if more than one is available on the chosen router? > > > >cheers > >Iain > >-- > > > > > > > > > > > >_______________________________________________ > >Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >Post to : [email protected] > <mailto:[email protected]> > >Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > <mailto:[email protected]> > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
