vpnaas not working on centos8-stream on xena

Hello

After configuring VPN Endpoint, the l3 agent has problem with start the vpn service:

2022-09-02 13:54:02.390 654 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router 3659d2d3-5c2e-4097-92dc-08f1567524f5: neutron_lib.exceptions.ProcessExecutionError: Exit code: 1; Cmd: ['ip', 'netns', 'exec', 'qrouter-3659d2d3-5c2e-4097-92dc-08f1567524f5', '/var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper', '--mount_paths=/etc:/var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/etc,/var/run:/var/lib/neutron/ipsec/3659d2d3-5c2e-409
7-92dc-08f1567524f5/var/run', '--rootwrap_config=/etc/neutron/rootwrap.conf', '--cmd=ipsec,_stackmanager,start']; Stdin: ; Stdout: 2022-09-02 13:54:01.673 88268 INFO neutron.common.config [-] Logging enabled!ESC[00m
2022-09-02 13:54:01.674 88268 INFO neutron.common.config [-] /var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper version 19.3.1.dev44ESC[00m
Command: ['mount', '--bind', '/var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/etc', '/etc'] Exit code: 0 Stdout: Stderr: 2022-09-02 13:54:01.693 88268 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/etc has been bind-mounted in /etcESC[00m
Command: ['mount', '--bind', '/var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/var/run', '/var/run'] Exit code: 0 Stdout: Stderr: 2022-09-02 13:54:01.714 88268 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/var/run has been bind-mounted in /var/runESC[00m
Command: ['ipsec', '_stackmanager', 'start'] Exit code: 1 Stdout: Stderr: cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:3: syntax error, unexpected STRING [nat_traversal]
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:3: syntax error, unexpected STRING [nat_traversal]

So I did the workaround putting into
/var/lib/kolla/venv/lib/python3.6/site-packages/neutron_vpnaas/services/vpn/device_drivers/template/openswan/ipsec.conf.template

config setup
    #nat_traversal=yes

After that the second problem appeared:

2022-09-02 13:41:35.252 35 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [req-aa8d3095-578e-4747-a708-d55d3a4ff889 7a8ec6fc4ec12049bb7f243a354430b4b5ecc5a3fedcdc1c555f1f1a5ce70eb5 715cf7f57a6f47119161fe0654ed8a1c - - -] Failed to enable vpn process on router 3659d2d3-5c2e-4097-92dc-08f1567524f5: neutron_lib.exceptions.ProcessExecutionError: Exit code: 1; Cmd: ['ip', 'netns', 'exec', 'qrouter-3659d2d3-5c2e-4097-92dc-08f1567524f5', '/var/lib/kolla/venv/bin/neutron-vpn-netns-w
rapper', '--mount_paths=/etc:/var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/etc,/var/run:/var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/var/run', '--rootwrap_config=/etc/neutron/rootwrap.conf', '--cmd=ipsec,pluto,--use-netkey,--uniqueids']; Stdin: ; Stdout: 2022-09-02 13:41:34.832 14537 INFO neutron.common.config [-] Logging enabled!ESC[00m
2022-09-02 13:41:34.834 14537 INFO neutron.common.config [-] /var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper version 19.3.1.dev44ESC[00m
Command: ['mount', '--bind', '/var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/etc', '/etc'] Exit code: 0 Stdout: Stderr: 2022-09-02 13:41:34.845 14537 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/etc has been bind-mounted in /etcESC[00m
Command: ['mount', '--bind', '/var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/var/run', '/var/run'] Exit code: 0 Stdout: Stderr: 2022-09-02 13:41:34.856 14537 INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] /var/lib/neutron/ipsec/3659d2d3-5c2e-4097-92dc-08f1567524f5/var/run has been bind-mounted in /var/runESC[00m
Command: ['ipsec', 'pluto', '--use-netkey', '--uniqueids'] Exit code: 1 Stdout: Stderr: /usr/libexec/ipsec/pluto: unrecognized option '--use-netkey'
For usage information: /usr/libexec/ipsec/pluto --help
Libreswan 4.5

So I deployed the second workaround in
/var/lib/kolla/venv/lib/python3.6/site-packages/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py

    def start_pluto(self):
        cmd = ['pluto',
               '--use-netkey',
               '--uniqueids']

And removed --use-netkey:
    def start_pluto(self):
        cmd = ['pluto',
               '--uniqueids']

After that the vpn endpoint starts working correctly.
Seems there is some problems with libreswan version.
Image version:
quay.io/openstack.kolla/centos-source-neutron-l3-agent
                "build-date": "20220726",