VPN is a centralized service and not distributed one. The VPN service is only
running in the SNAT Namespace and not on the router or fip namespace.
So the fip traffic flowing through the fip namespace or router namespace may
not go through the IPsec driver that is running in SNAT Namespace.
This is working as per design. If we need to make the VPN for DVR
routers to work with FIP, then we need to first work on running
distributed VPN service.
Until then I would not recommend doing it.
** Changed in: neutron
Status: Confirmed => Opinion
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1476469
Title:
with DVR, a VM can't use floatingIP and VPN at the same time
Status in neutron:
Opinion
Bug description:
Now VPN Service is available for Distributed Routers by patch
#https://review.openstack.org/#/c/143203/,
but there is another problem, with DVR, a VM can't use floatingIP and VPN at
the same time.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1476469/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
