neutron

VPN agent does not handle multiple connections per vpn service

Bug #1263194 reported by Swaminathan Vasudevan on 2013-12-20

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Bo Lin	neutron 2014.1 "icehouse"

Bug Description

When you try to configure more than one VPN site connection object with a single VPN Service, the second site connection is not handled by the VPN Agent. The plugin configures the data in the db, but the second site-connection status is always in "PENDING_CREATE" state.

Also the agent does not update the "ipsec.conf" and "ipsec.secrets" file for the new site-connection details. There is not Exception or Error messages raised by the Plugin or Agent during this operation, so it is clueless.

Tags:

Revision history for this message

Swaminathan Vasudevan (swaminathan-vasudevan) wrote on 2013-12-20:

Includes "ipsec.conf", "ipsec.secrets" and "vpn_agent.log" Edit (40.6 KiB, application/zip)

Revision history for this message

shihanzhang (shihanzhang) wrote on 2013-12-25:

I met the same problem, but I think the current implementation does not allow such operations.

Bo Lin (linb) on 2014-01-21

Changed in neutron:
assignee:	nobody → berlin (linb)

Bo Lin (linb) on 2014-02-18

Changed in neutron:
status:	New → Incomplete

Revision history for this message

Bo Lin (linb) wrote on 2014-02-18:

The current codes implementation does allow such operation and it seems a codes bug.
After restarting the q-vpn, the ipsec.secrets and ipsec.conf would reflect running well. I am digging into the source codes to found the reasons.

Changed in neutron:
status:	Incomplete → Confirmed

Revision history for this message

Bo Lin (linb) wrote on 2014-02-19:

I think I found the reason. Once one OpenSwan process is created, incoming updated vpnservice data would not be
updated into the process which leads to config files and openswan process always keep old configurations

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-02-19: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/74627

Changed in neutron:
status:	Confirmed → In Progress

yong sheng gong (gongysh) on 2014-02-21

Changed in neutron:
importance:	Undecided → Medium
milestone:	none → icehouse-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-02: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/74627
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=6206d7e377cc5511042d2aa61a876d381493c8e5
Submitter: Jenkins
Branch: master

commit 6206d7e377cc5511042d2aa61a876d381493c8e5
Author: berlin <email address hidden>
Date: Wed Feb 19 15:34:47 2014 +0800

Fix VPN agent does not handle multiple connections per vpn service

        Once the OpenSwan process is created, incoming updated vpnservice
    data would not be updated into the process class which leads to config
    files and openswan process always keep old configurations

Change-Id: Ia91ab08b1d03fbbe46bafd4967b57181fc4c6e71
Closes-Bug: 1263194