neutron

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1943449
Comment #7

Comment 7 for bug 1943449

Revision history for this message

Christian Rohmann (christian-rohmann) wrote on 2022-10-17: Re: VPNaaS reconfiguration creates duplicate IPtables rules causes the VPN connection to remain DOWN

terraform code setting up an IPSEC VPN between two OS projects Edit (20.0 KiB, application/x-tar)

Hello Mahammed. Sorry sorry for the extreme delay in responding to you.
I have now setup a cloud with 3 ctrl nodes and 4 compute nodes on Ubuntu Focal 20.04 running OpenStack Xena and can quite quickly reproduce the issue(s) with Neutron L3 agent complaining

a) about duplicate iptable rules (in relation to IPSEC) and
b) a non-working IPSEC connection on keepalived after switching the master of a router to a new node

Attached please find the terraform setting up a router+network in two projects and then connecting them both using Neutron the VPNaaS.

I setup an instance on each side for easy connectivity testing and debugging.