[IPv6] [VPNaaS]ipsec-site-connection-create failing for ipv6

neutron ipsec driver tries to apply this nat rule
def _update_nat
      add_nat_rule( router_id,
                    'POSTROUTING',
                    '-s %s -d %s -m policy '
                    '--dir out --pol ipsec '
                    '-j ACCEPT ' % (local_cidr, peer_cidr),
                    top=True)

def add_nat_rule()
     iptables_manager.ipv4['nat'].add_rule(chain, rule, top=top)

This ipv4['nat'].add_rule is failing as ipv4 won't support 64 as netmask length.

Looks like the NAT rule updates will need to be enhanced to support IPv6 in addition to IPv4.

Fix proposed to branch: master
Review: https://review.openstack.org/175796

This change is needed for ipv6 with strongswan driver also. Only with this change
https://review.openstack.org/#/c/175796/2/neutron_vpnaas/services/vpn/device_drivers/ipsec.py
ipv6 is working with strongswan driver. No changes required in template files for strongswan(template/strongswan/ipsec.conf.template)

Reviewed: https://review.openstack.org/175796
Committed: https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=c315cff05364664a5872c6a5dc6b9dc2d24fab39
Submitter: Jenkins
Branch: master

commit c315cff05364664a5872c6a5dc6b9dc2d24fab39
Author: venkata anil <email address hidden>
Date: Tue Apr 21 10:19:20 2015 +0000

    IPv6 support for OpenSwan, Libreswan and Strongswan

    VPNaaS is not working with IPv6 addresses.
    This patch will address the below issues and make VPNaas
    work with IPv6 addresses

    1)ipsec doesn't need nat rule for ipv6. So not adding this for ipv6.
    This issue is applicable for openSwan, libreswan and strongswan.

    The below two issues are seen only on openswan and libreswan.
    No changes are required to strongswan template files to support ipv6.
    2)Add 'connaddrfamily=ipv6' to ipsec.conf for whack to parse all
    addresses in the config as ipv6 addresses.

    3)openswan fails to process ipv6 address from %defaultroute, so
    explicitly pass the gateway address as leftnexthop address.

    Change-Id: I74832be4476bd36cdcd4234b30d0daee24ef61ce
    Closes-bug: #1435136
    Closes-bug: #1436263
    Closes-bug: #1436890

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/188666

Change abandoned by Kyle Mestery (<email address hidden>) on branch: stable/kilo
Review: https://review.openstack.org/188666
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.