neutron

[IPv6] [VPNaaS] Remove obsolete --defaultroutenexthop for ipsec addconn command

Bug #1436864 reported by venkata anil on 2015-03-26

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Expired	Undecided	Unassigned

Bug Description

To load the connection into pluto daemon, neutron is calling ipsec addconn command.

When ipv6 address is passed for --defaultroutenexthop option, for this command, like below,

'ipsec', 'addconn', '--defaultroutenexthop', u'1001::f816:3eff:feb4:a2db'

we are getting following error
ignoring invalid defaultnexthop: non-ipv6 address may not contain `:'

As --defaultroutenexthop is obsolete(http://ftp.libreswan.org/CHANGES ), we should avoid passing this for ipv6 subnet.

Tags:

venkata anil (anil-venkata) on 2015-03-26

Changed in neutron:
assignee:	nobody → venkata anil (anil-venkata)

Paul Michali (pcm) on 2015-04-16

tags:

added: vpnaas

Revision history for this message

Paul Michali (pcm) wrote on 2015-04-16:

#1

I see that it is indicated that the --defaultroutenexthop is obsolete for Libreswan. I guess this was tested on Fedora. Since OpenStack officially supports OpenSwan and not LibreSwan, two things should be done.

First, we should determine whether or not this problem exists for OpenSwan and, if so, fix it under this bug.

Second, a bug should be created for adding LibreSwan support (under Fedora) for OpenStack. The driver can be derived (subclassed) from the OpenSwan driver and can then provide the above fix as well.

In general, IPv6 support by the various VPN device drivers, should be tested/verified.

Revision history for this message

venkata anil (anil-venkata) wrote on 2015-04-17:

#2

Thanks Paul Michali.
This error is seen while running devstack on ubuntu with openswan(and not Libreswan).

we are getting following error
ignoring invalid defaultnexthop: non-ipv6 address may not contain `:'

This is change is mandatory for ipv6 on openswan.

Changed in neutron:
status:	New → In Progress

Revision history for this message

Paul Michali (pcm) wrote on 2015-04-17:

#3

Thanks for checking. There is bug 1444017 for adding Libreswan support to Fedora.

We should make sure that this fix is applies to all three drivers (OpenSwan, LibreSwan, StrongSwan).

venkata anil (anil-venkata) on 2015-08-11

Changed in neutron:
assignee:	venkata anil (anil-venkata) → nobody

Revision history for this message

Paul Michali (pcm) wrote on 2015-11-13:

#4

Looks like we need to address this, to be able to support IPv6 for *Swan. Should see if the change is needed on each flavor of Swan.

Changed in neutron:
status:	In Progress → New

Revision history for this message

Paul Michali (pcm) wrote on 2015-11-13:

#5

Marked as new, since no one is assigned currently, and it should be verified on each Swan variant.

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2016-08-17:

#6

This bug is > 240 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.

If the bug is still valid, then update the bug status.

Changed in neutron:
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-10-17:

#7

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.