Comment 4 for bug 2007826

Hi Rodolfo Alonso,

Sorry for not listing all the steps, I followed https://docs.openstack.org/neutron/yoga/admin/vpnaas-scenario.html#configure-vpnaas-without-endpoint-group-the-legacy-way:

Step 1: Create Subnetpool
$ openstack subnet pool create --pool-prefix 10.157.0.0/16 --share subnetpool1

Step 2: Create network:
$ openstack network create --share network1

Step 3: Create subnet
$ openstack subnet create --network network1 --subnet-pool subnetpool1 --prefix-length 24 subnet1

Step 4: Create router
$ openstack router create router2

Step 5: Add subnet to router
$ openstack router add subnet router2 subnet1

Step 6: Add gateway to router (external network already created by Horizon)
$ openstack router set --external-gateway external_1 router2

Step 7: Create IKE Policy
$ openstack vpn ike policy create ikepolicy1

Step 8: Create IPSec Policy
$ openstack vpn ipsec policy create ipsecpolicy1

Step 9: Create VPN Service
$ openstack vpn service create --subnet subnet1 --router router2 vpnservice1

Step 10: Create IPSec site connection:
$ openstack vpn ipsec site connection create conn \
> --vpnservice vpnservice1 \
> --ikepolicy ikepolicy1 \
> --ipsecpolicy ipsecpolicy1 \
> --peer-address 192.168.20.11 \
> --peer-id 192.168.20.11 \
> --peer-cidr 192.168.1.0/24 \
> --psk secret

All to be created, however, the IPSec site connection always maintains pending create state and there are error logs as above that I described.

Best Regards.