VPNAAS :IPSEC Policy on peer site mismatched still the ipsec sitec connection shows active state
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Invalid
|
Low
|
Prithvi Raghav.T.M |
Bug Description
Steps to Reproduce:
1. Create vpn site with one ipsec policy with encryption_
2. Create the ipsec-siteconne
3. Check the status of vpn service
+------
| id | name | router_id | status |
+------
| 530c3dfb-
| 77d0b36f-
+------
4. Check the status of ipsec site connection.
+------
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+------
| a158f5d5-
| a9486296-
+------
5. List the ike policy
+------
| id | name | auth_algorithm | encryption_
+------
| b04d74ad-
| e5be37ec-
+------
6. List the ipsec-policy
+------
| id | name | auth_algorithm | encryption_
+------
| 12c9db3b-
| d38bba51-
+------
Actual Results: Ipsec site connection show as active with mismatched version of encryption algorithm in the ipsecpolicy
Ping across the sites also happening
Expected Results: Ipsec site connection should show as down state since mismatched version of encryption algorithm in the ipsecpolicy is provide
tags: | added: vpnaas |
Changed in neutron: | |
assignee: | nobody → Prithvi Raghav.T.M (prithvi-t-m) |
description: | updated |
Changed in neutron: | |
importance: | Undecided → Low |
Is this bug also same as this https:/ /bugs.launchpad .net/neutron/ +bug/1316724 . i.e, Is this the default behaviour of openswan configuration. Can Nachi Ueno please comment on this.