StrongSwan and dynamic peer: Resolv of host failed
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| neutron |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
When adding an IPSEC Site to Site connection with peer fqdn, resolving the peer fqdn fails for strongswan. As neutron relies on ip net namespaces, the resolv.conf from the neutron node is not used by StrongSwan.
Usually applications that work in ip netns try to use the resolv.conf in the net namespace's etc dir and try /etc/ when they cannot find the specified file, but it seems strongswan does not follow this procedure.
I added resolv.conf to the template directory of strongswan and changed strongswan_
- added to strongswan_opts array:
cfg.StrOpt(
- added to ensure_configs method:
Sorry - I dont know yet how to commit fixes and I am not even sure if that's the correct way :-) But resolv.conf is added to every net ns /etc dir and name resolution is working now within strongswan.
I attached the updated strongswan_ipsec.py
| Tobias (tobik) wrote | #1 |
| Armando Migliaccio (armando-migliaccio) wrote | #2 |
| Changed in neutron: | |
| status: | New → Incomplete |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in neutron: | |
| status: | Incomplete → Expired |
This bug is > 365 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.
If the bug is still valid, then update the bug status.