** Changed in: neutron
Status: Fix Committed => Fix Released
** Changed in: neutron
Milestone: None => liberty-1
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1444017
Title:
[VPNaas] Libreswan driver support in VPNaaS
Status in OpenStack Neutron (virtual network service):
Fix Released
Bug description:
I am running devstack on Fedora. VPNaas is not working on
Fedora/centos devstack.
"neutron ipsec-site-connection-create" command is failing
q-vpn log -
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf',
'ip', 'netns', 'exec', 'qrouter-250faac2-167b-4861-9d0c-b5710bf02ee2', 'ipsec',
'pluto', '--ctlbase',
'/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-b5710bf02ee2/var/run/pluto',
'--ipsecdir',
'/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-b5710bf02ee2/etc',
'--use-netkey', '--uniqueids', '--nat_traversal', '--secretsfile',
'/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-b5710bf02ee2/etc/ipsec.secrets',
'--virtual_private', '%v4:10.1.0.0/24,%v4:10.2.0.0/24', '--stderrlog']
FATAL: NSS readonly initialization
("/opt/stack/data/neutron/ipsec/250faac2-167b-4861-9d0c-
b5710bf02ee2/etc") failed (err -8015)
Because of this error, pluto daemon is not running.
So VPNaas is not working on Fedora/centos devstack.
Fedora/centos uses Libreswan for ipsec.
From the wiki - "Libreswan is a fork of the Openswan IPSEC VPN
implementation created by almost all of the openswan developers after
a lawsuit about the ownership of the Openswan name was filed against
Paul Wouters, then release manager of Openswan, in December 2012."
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1444017/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
