Re: [openstack-dev] [neutron] Can Neutron VPNaaS work with strongswan? (Openswan removed from Debian)
Hi Thomas, I worked out a patch https://review.openstack.org/#/c/100791/ based on the latest strongSwan configurations, it can work. but the neutron-spec is still on review, see https://review.openstack.org/#/c/101457/ Can someone help review and approve that spec, thanks. On Mon, Oct 13, 2014 at 12:50 PM, trinath.soman...@freescale.com < trinath.soman...@freescale.com> wrote: > Hi- > > Yes, VPNaaS works with Strong Swan too. I have tried and was successful. > > Take the cherry-pick of 67 patchset from > https://review.openstack.org/#/c/33148 > > Work on the conflicts and run neutron. It works perfect. > > Hope this helps. > > -- > Trinath Somanchi - B39208 > trinath.soman...@freescale.com | extn: 4048 > > -Original Message- > From: Thomas Goirand [mailto:z...@debian.org] > Sent: Sunday, October 12, 2014 9:54 AM > To: OpenStack Development Mailing List (not for usage questions) > Subject: [openstack-dev] [neutron] Can Neutron VPNaaS work with > strongswan? (Openswan removed from Debian) > > Hi, > > As you may know, OpenSwan has been largely unmaintained in Debian, and > then was removed from Testing, and then Sid last summer. OpenSwan had some > unaddressed security issues, and removing it from Debian was IMO the > correct thing to do. Ubuntu followed, and Utopic doesn't have OpenSwan > anymore either. > > Though there's StrongSwan, which is apparently an alternative. But can > Neutron work with it? If not, how much work would it be to make Neutron use > StrongSwan instead of OpenSwan, and could the maintainers of the VPNaaS > people do this be worked on for Kilo? BTW, why not using something as > popular as OpenVPN, which has more chances to be well maintained? > > Cheers, > > Thomas Goirand (zigo) > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Best Regards Zhang Hua(张华) Software Engineer | Canonical IRC: zhhuabj ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Can Neutron VPNaaS work with strongswan? (Openswan removed from Debian)
Hi- Yes, VPNaaS works with Strong Swan too. I have tried and was successful. Take the cherry-pick of 67 patchset from https://review.openstack.org/#/c/33148 Work on the conflicts and run neutron. It works perfect. Hope this helps. -- Trinath Somanchi - B39208 trinath.soman...@freescale.com | extn: 4048 -Original Message- From: Thomas Goirand [mailto:z...@debian.org] Sent: Sunday, October 12, 2014 9:54 AM To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [neutron] Can Neutron VPNaaS work with strongswan? (Openswan removed from Debian) Hi, As you may know, OpenSwan has been largely unmaintained in Debian, and then was removed from Testing, and then Sid last summer. OpenSwan had some unaddressed security issues, and removing it from Debian was IMO the correct thing to do. Ubuntu followed, and Utopic doesn't have OpenSwan anymore either. Though there's StrongSwan, which is apparently an alternative. But can Neutron work with it? If not, how much work would it be to make Neutron use StrongSwan instead of OpenSwan, and could the maintainers of the VPNaaS people do this be worked on for Kilo? BTW, why not using something as popular as OpenVPN, which has more chances to be well maintained? Cheers, Thomas Goirand (zigo) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Can Neutron VPNaaS work with strongswan? (Openswan removed from Debian)
There is a blueprint for supporting StrongSwan in Kilo release: https://review.openstack.org/#/c/101457/ Xu Han — Xu Han Peng (xuhanp) On Sun, Oct 12, 2014 at 12:26 PM, Thomas Goirand wrote: > Hi, > As you may know, OpenSwan has been largely unmaintained in Debian, and > then was removed from Testing, and then Sid last summer. OpenSwan had > some unaddressed security issues, and removing it from Debian was IMO > the correct thing to do. Ubuntu followed, and Utopic doesn't have > OpenSwan anymore either. > Though there's StrongSwan, which is apparently an alternative. But can > Neutron work with it? If not, how much work would it be to make Neutron > use StrongSwan instead of OpenSwan, and could the maintainers of the > VPNaaS people do this be worked on for Kilo? BTW, why not using > something as popular as OpenVPN, which has more chances to be well > maintained? > Cheers, > Thomas Goirand (zigo) > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron] Can Neutron VPNaaS work with strongswan? (Openswan removed from Debian)
Hi, As you may know, OpenSwan has been largely unmaintained in Debian, and then was removed from Testing, and then Sid last summer. OpenSwan had some unaddressed security issues, and removing it from Debian was IMO the correct thing to do. Ubuntu followed, and Utopic doesn't have OpenSwan anymore either. Though there's StrongSwan, which is apparently an alternative. But can Neutron work with it? If not, how much work would it be to make Neutron use StrongSwan instead of OpenSwan, and could the maintainers of the VPNaaS people do this be worked on for Kilo? BTW, why not using something as popular as OpenVPN, which has more chances to be well maintained? Cheers, Thomas Goirand (zigo) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
