Comment 4 for bug 1837847
Revision history for this message
| Adriaan Schmidt (adriaan-schmidt) wrote | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
Yes, the idea is to have the VPN clients in the same L2 domain.
Currently this is done by creating a Linux bridge in the qrouter namespace that connects the qr-* port with the tap device created by the VPN server. This is possibly another point we should discuss in more detail.
Technically, I can bypass Neutron IPAM. I can have the OpenVPN server assign IP addresses from a range that is not part of a Neutron allocation pool, and Neutron will never know about these clients. But it's probably not a good idea to do this.
One difficulty I faced: the VPN server calls a hook script on client connect/disconnect events. This does not run in the agent/driver context, so I'm not sure if I can make RPC calls from there (to allocate IPs, create Ports, ...).