vpn service can't be active again if the openswan process crash
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
We are using VPNaaS with OpenSwan on Ubuntu and found that the OpenSwan will crash when it receives some kinds of IKE2 attack packets. But I'm not very sure the format of the packet. After the OpenSwan crash, VPN-agent can't bring up it again and the VPN service status will be alway DOWN.
We could use following steps to reproduce it.
1. Bring up a VPN connection and show the VPN service status
vpn-service-list
+------
| id | name | router_id | status |
+------
| c354e5d7-
| daa15ef8-
+------
2. Kill the OpenSwan process
3. Show the VPN service status again
vpn-service-list
+------
| id | name | router_id | status |
+------
| c354e5d7-
| daa15ef8-
+------
The VPN service will keep DOWN until the VPN-agent is restarted.
So we expect the VPN-agent can bring the OpenSwan process again if it crashed.
We found this issue with vpnaas-agent master
Changed in neutron: | |
assignee: | nobody → MingShuang Xian (xianms) |
tags: | added: vpnaas |
Changed in neutron: | |
importance: | Undecided → Medium |
I should submit this defect in neutron-vpnaas project. So I change its status to invalid