[IPv6] [VPNaaS] Remove obsolete --defaultroutenexthop for ipsec addconn command

Bug #1436864 reported by venkata anil
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Expired
Undecided
Unassigned

Bug Description

To load the connection into pluto daemon, neutron is calling ipsec addconn command.

When ipv6 address is passed for --defaultroutenexthop option, for this command, like below,

'ipsec', 'addconn', '--defaultroutenexthop', u'1001::f816:3eff:feb4:a2db'

we are getting following error
ignoring invalid defaultnexthop: non-ipv6 address may not contain `:'

As --defaultroutenexthop is obsolete(http://ftp.libreswan.org/CHANGES ), we should avoid passing this for ipv6 subnet.

Tags: vpnaas
Changed in neutron:
assignee: nobody → venkata anil (anil-venkata)
Paul Michali (pcm)
tags: added: vpnaas
Revision history for this message
Paul Michali (pcm) wrote :

I see that it is indicated that the --defaultroutenexthop is obsolete for Libreswan. I guess this was tested on Fedora. Since OpenStack officially supports OpenSwan and not LibreSwan, two things should be done.

First, we should determine whether or not this problem exists for OpenSwan and, if so, fix it under this bug.

Second, a bug should be created for adding LibreSwan support (under Fedora) for OpenStack. The driver can be derived (subclassed) from the OpenSwan driver and can then provide the above fix as well.

In general, IPv6 support by the various VPN device drivers, should be tested/verified.

Revision history for this message
venkata anil (anil-venkata) wrote :

Thanks Paul Michali.
This error is seen while running devstack on ubuntu with openswan(and not Libreswan).

we are getting following error
ignoring invalid defaultnexthop: non-ipv6 address may not contain `:'

This is change is mandatory for ipv6 on openswan.

Changed in neutron:
status: New → In Progress
Revision history for this message
Paul Michali (pcm) wrote :

Thanks for checking. There is bug 1444017 for adding Libreswan support to Fedora.

We should make sure that this fix is applies to all three drivers (OpenSwan, LibreSwan, StrongSwan).

Changed in neutron:
assignee: venkata anil (anil-venkata) → nobody
Revision history for this message
Paul Michali (pcm) wrote :

Looks like we need to address this, to be able to support IPv6 for *Swan. Should see if the change is needed on each flavor of Swan.

Changed in neutron:
status: In Progress → New
Revision history for this message
Paul Michali (pcm) wrote :

Marked as new, since no one is assigned currently, and it should be verified on each Swan variant.

Revision history for this message
Armando Migliaccio (armando-migliaccio) wrote :

This bug is > 240 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.

If the bug is still valid, then update the bug status.

Changed in neutron:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.