Public bug reported:
* Summary
When an IPsec site connection is using the IP address of the router gateway
port as the local IP, user can change the IP address of the router gateway
port, then the IPsec site connection will malfunction.
* Environment
devstack with vpnaas
* Step-by-step reproduction steps:
1. create two networks and two subnets respectively (left and right for VPN
connection)
2. create two routers, connect subnets of step 1 to each of them
3. create a public network and subnet, connect two routers of step 2 to this
public network
4. setup IPsec VPN site connection between the two routers, wait for their
status being ACTIVE
5. change the router gateway port's fixed IP address of one of the routers:
- openstack router set <ROUTER_NAME> --external-gateway <PUBLIC_NETWORK>
--fixed-ip subnet=<SUBNET>,ip-address=<NEW_IP_ADDRESS>
* Expected output:
- Users cannot change the IP address of the router gateway port as it is
being used by an active VPN IPsec site connection
* Actual output:
- IP address of router gateway port is successfully changed
- statuses of both IPsec VPN site connections will change to DOWN
** Affects: neutron
Importance: Undecided
Assignee: Hunt Xu (huntxu)
Status: New
** Tags: vpnaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1743791
Title:
Router gateway ip can be changed while being used by a VPN IPsec site
connection
Status in neutron:
New
Bug description:
* Summary
When an IPsec site connection is using the IP address of the router gateway
port as the local IP, user can change the IP address of the router gateway
port, then the IPsec site connection will malfunction.
* Environment
devstack with vpnaas
* Step-by-step reproduction steps:
1. create two networks and two subnets respectively (left and right for VPN
connection)
2. create two routers, connect subnets of step 1 to each of them
3. create a public network and subnet, connect two routers of step 2 to
this public network
4. setup IPsec VPN site connection between the two routers, wait for their
status being ACTIVE
5. change the router gateway port's fixed IP address of one of the routers:
- openstack router set <ROUTER_NAME> --external-gateway <PUBLIC_NETWORK>
--fixed-ip subnet=<SUBNET>,ip-address=<NEW_IP_ADDRESS>
* Expected output:
- Users cannot change the IP address of the router gateway port as it is
being used by an active VPN IPsec site connection
* Actual output:
- IP address of router gateway port is successfully changed
- statuses of both IPsec VPN site connections will change to DOWN
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1743791/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
