VPN is a centralized service and not distributed one. The VPN service is only running in the SNAT Namespace and not on the router or fip namespace. So the fip traffic flowing through the fip namespace or router namespace may not go through the IPsec driver that is running in SNAT Namespace.
This is working as per design. If we need to make the VPN for DVR routers to work with FIP, then we need to first work on running distributed VPN service. Until then I would not recommend doing it. ** Changed in: neutron Status: Confirmed => Opinion -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1476469 Title: with DVR, a VM can't use floatingIP and VPN at the same time Status in neutron: Opinion Bug description: Now VPN Service is available for Distributed Routers by patch #https://review.openstack.org/#/c/143203/, but there is another problem, with DVR, a VM can't use floatingIP and VPN at the same time. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1476469/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp