Currently, this driver supports update of the VPN service, which one can change the admin state to up or down.
In addition, even though IPSec site-to-site connection update is not currently supported (one can do a delete/create), the user could create the connection with admin state down.
When the service admin state is changed to down, the change does not happen in the device driver, and the status is not reported correctly. This is due to an issue with the plugin (bug 1291609 created). If later, another change occurs that causes a sync of the config, the connections on the VPN service will be deleted (the CSR REST API doesn't yet have support for admin down), but the status still will not be updated correctly. The configuration in OpenStack can get out of sync with the configuration on the CSR.
If the IPSec site-to-site connection is created in admin down state, the underlying tunnel is not created (correct), but the status still shows PENDING_CREATE.
Fix proposed to branch: master /review. openstack. org/82306
Review: https:/