Hi, There is a Request for Feature Enhancement [1] to support authentication certifications for VPNaaS IPSec site to site connections, by using Barbican, in a manner similar to what was done for LBaaS listeners.
Currently, VPNaaS only supports pre-shared keys for authentication, but the reference StrongSwan implementation of VPN supports several types of authentication. [2] Looking at IPsec site-to-site connections, there are examples [3] for PSK and X.509 certificates. Should we just do X.509 certificates for now? Are there other methods that we should support? Can Barbican support such methods? The plan is to support other VPN types in the future (e.g. DM VPN), so we want to make sure this will be extendable. Suggestions/Comments/Concerns? Thanks! Paul Michali (pc_m) [1] https://bugs.launchpad.net/neutron/+bug/1459427 [2] https://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets [3] https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2Examples (see site-2-site)
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev