[Yahoo-eng-team] [Bug 1570852] Re: vpn service can't be active again if the openswan process crash

Wed, 16 Nov 2016 16:08:22 -0800 

http://lists.openstack.org/pipermail/openstack-
dev/2016-November/107384.html

** Changed in: neutron
     Assignee: MingShuang Xian (xianms) => (unassigned)

** Changed in: neutron
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1570852

Title:
  vpn service can't be active again if the openswan process crash

Status in neutron:
  Won't Fix

Bug description:
  We are using VPNaaS with OpenSwan on Ubuntu and  found that the
  OpenSwan will crash when it receives some kinds of IKE2 attack
  packets. But I'm not very sure the format of the packet. After the
  OpenSwan crash, VPN-agent can't bring up it again and the VPN service
  status will be alway DOWN.

  We could use following steps to reproduce it.
  1. Bring up a VPN connection and show the VPN service status
  vpn-service-list
  
+--------------------------------------+------+--------------------------------------+--------+
  | id                                   | name | router_id                     
       | status |
  
+--------------------------------------+------+--------------------------------------+--------+
  | c354e5d7-aa81-44c0-9aa7-0f157a2c7b7d | s1   | 
dde4af28-31ff-4dff-bff9-8355998c5d0c | ACTIVE |
  | daa15ef8-3e99-4e37-a839-18dcf7910f9d | s2   | 
0e8fb378-3e25-493c-9610-e48025b640ba | ACTIVE |
  
+--------------------------------------+------+--------------------------------------+--------+

  2.  Kill the OpenSwan process

  3. Show the VPN service status again
  vpn-service-list
  
+--------------------------------------+------+--------------------------------------+--------+
  | id                                   | name | router_id                     
       | status |
  
+--------------------------------------+------+--------------------------------------+--------+
  | c354e5d7-aa81-44c0-9aa7-0f157a2c7b7d | s1   | 
dde4af28-31ff-4dff-bff9-8355998c5d0c | DOWN   |
  | daa15ef8-3e99-4e37-a839-18dcf7910f9d | s2   | 
0e8fb378-3e25-493c-9610-e48025b640ba | ACTIVE |
  
+--------------------------------------+------+--------------------------------------+--------+

  The VPN service will keep DOWN until the VPN-agent is restarted.

  So we expect the VPN-agent can bring the OpenSwan process again if it
  crashed.

  We found this issue with vpnaas-agent master

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1570852/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to