When you try to configure more than one VPN site connection object with a single VPN Service, the second site connection is not handled by the VPN Agent. The plugin configures the data in the db, but the second site-connection status is always in "PENDING_CREATE" state.
Also the agent does not update the "ipsec.conf" and "ipsec.secrets" file for the new site-connection details. There is not Exception or Error messages raised by the Plugin or Agent during this operation, so it is clueless.
[root@Neutron-Server sc]# neutron ipsec-site-connection-list
+--------------------------------------+----------------+--------------+----------------+------------+-----------+----------------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+--------------+----------------+------------+-----------+----------------+
| 81b502a7-a1ae-47e1-80c8-eadf0a98a154 | vpnconnection2 | 192.102.0.62 | "10.10.3.0/24" | static | psk | PENDING_CREATE |
| ed982186-5f8d-4704-b5c7-2456f98a84f2 | vpnconnection2 | 192.102.0.60 | "10.10.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+--------------+----------------+------------+-----------+----------------+
----------
81b502a7-a1ae-47e1-80c8-eadf0a98a154 | vpnconnection2 | 192.102.0.62 | "10.10.3.0/24" | static | psk | PENDING_CREATE |
this one is in pending state
I met the same problem, but I think the current implementation does not allow such operations.