Public bug reported: ipsec-site-connection-list showing status PENDING_CREATE for strongswan driver, though tunnel is up
The tunnel is up, and see that the packets are having esp as protocol. ipsec status also show Security Associations ip xfrm policy & ip xfrm state also showing valid info. Still ipsec-site-connection-list showing status as PENDING_CREATE. Command: ['sudo', '/usr/local/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-44872765-4b50-4ac9-badf-8d41432975ed', 'neutron-vpn-netns-wrapper', '--mount_paths=/etc:/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/etc,/var/run:/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/var/run', '--cmd=ipsec,status'] Exit code: 0 Stdin: Stdout: Command: ['mount', '--bind', '/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/etc', '/etc'] Exit code: 0 Stdout: Stderr: Command: ['mount', '--bind', '/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/var/run', '/var/run'] Exit code: 0 Stdout: Stderr: Command: ['ipsec', 'status'] Exit code: 0 Stdout: Routed Connections: a044ebee-24e7-40a9-966a-42f348f36b30{1}: ROUTED, TUNNEL a044ebee-24e7-40a9-966a-42f348f36b30{1}: 10.2.0.0/24 === 10.1.0.0/24 Security Associations (1 up, 0 connecting): a044ebee-24e7-40a9-966a-42f348f36b30[3]: ESTABLISHED 36 minutes ago, 172.24.4.6[172.24.4.6]...172.24.4.5[172.24.4.5] a044ebee-24e7-40a9-966a-42f348f36b30{1}: INSTALLED, TUNNEL, ESP SPIs: c5ac2539_i cdc26f87_o a044ebee-24e7-40a9-966a-42f348f36b30{1}: 10.2.0.0/24 === 10.1.0.0/24 ubuntu@stack:~$ sudo ip netns exec qrouter-52e07469-908a-4d09-8c7e-118d447a76b4 ip xfrm policy src 10.2.0.0/24 dst 10.1.0.0/24 dir fwd priority 1859 tmpl src 172.24.4.6 dst 172.24.4.5 proto esp reqid 1 mode tunnel src 10.2.0.0/24 dst 10.1.0.0/24 dir in priority 1859 tmpl src 172.24.4.6 dst 172.24.4.5 proto esp reqid 1 mode tunnel src 10.1.0.0/24 dst 10.2.0.0/24 dir out priority 1859 tmpl src 172.24.4.5 dst 172.24.4.6 proto esp reqid 1 mode tunnel ubuntu@stack:~$ sudo ip netns exec qrouter-52e07469-908a-4d09-8c7e-118d447a76b4 ip xfrm state src 172.24.4.5 dst 172.24.4.6 proto esp spi 0xca3c62ad reqid 1 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha1) 0x16b3e73abbdf33710c85c83ffa3387b2152c771e 96 enc cbc(aes) 0xcbecf8d670e502367b71b202daafebde src 172.24.4.6 dst 172.24.4.5 proto esp spi 0xc158abb3 reqid 1 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha1) 0x13a7135db1eb5b8debc47ece4ff98b2ff7fba2e8 96 enc cbc(aes) 0x76bee8300a87b65325bd6b5add956e39 ** Affects: neutron Importance: Undecided Assignee: venkata anil (anil-venkata) Status: New ** Tags: vpnaas ** Changed in: neutron Assignee: (unassigned) => venkata anil (anil-venkata) ** Tags added: vpnaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1450094 Title: ipsec-site-connection-list showing status PENDING_CREATE though tunnel is up Status in OpenStack Neutron (virtual network service): New Bug description: ipsec-site-connection-list showing status PENDING_CREATE for strongswan driver, though tunnel is up The tunnel is up, and see that the packets are having esp as protocol. ipsec status also show Security Associations ip xfrm policy & ip xfrm state also showing valid info. Still ipsec-site-connection-list showing status as PENDING_CREATE. Command: ['sudo', '/usr/local/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-44872765-4b50-4ac9-badf-8d41432975ed', 'neutron-vpn-netns-wrapper', '--mount_paths=/etc:/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/etc,/var/run:/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/var/run', '--cmd=ipsec,status'] Exit code: 0 Stdin: Stdout: Command: ['mount', '--bind', '/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/etc', '/etc'] Exit code: 0 Stdout: Stderr: Command: ['mount', '--bind', '/opt/stack/data/neutron/ipsec/44872765-4b50-4ac9-badf-8d41432975ed/var/run', '/var/run'] Exit code: 0 Stdout: Stderr: Command: ['ipsec', 'status'] Exit code: 0 Stdout: Routed Connections: a044ebee-24e7-40a9-966a-42f348f36b30{1}: ROUTED, TUNNEL a044ebee-24e7-40a9-966a-42f348f36b30{1}: 10.2.0.0/24 === 10.1.0.0/24 Security Associations (1 up, 0 connecting): a044ebee-24e7-40a9-966a-42f348f36b30[3]: ESTABLISHED 36 minutes ago, 172.24.4.6[172.24.4.6]...172.24.4.5[172.24.4.5] a044ebee-24e7-40a9-966a-42f348f36b30{1}: INSTALLED, TUNNEL, ESP SPIs: c5ac2539_i cdc26f87_o a044ebee-24e7-40a9-966a-42f348f36b30{1}: 10.2.0.0/24 === 10.1.0.0/24 ubuntu@stack:~$ sudo ip netns exec qrouter-52e07469-908a-4d09-8c7e-118d447a76b4 ip xfrm policy src 10.2.0.0/24 dst 10.1.0.0/24 dir fwd priority 1859 tmpl src 172.24.4.6 dst 172.24.4.5 proto esp reqid 1 mode tunnel src 10.2.0.0/24 dst 10.1.0.0/24 dir in priority 1859 tmpl src 172.24.4.6 dst 172.24.4.5 proto esp reqid 1 mode tunnel src 10.1.0.0/24 dst 10.2.0.0/24 dir out priority 1859 tmpl src 172.24.4.5 dst 172.24.4.6 proto esp reqid 1 mode tunnel ubuntu@stack:~$ sudo ip netns exec qrouter-52e07469-908a-4d09-8c7e-118d447a76b4 ip xfrm state src 172.24.4.5 dst 172.24.4.6 proto esp spi 0xca3c62ad reqid 1 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha1) 0x16b3e73abbdf33710c85c83ffa3387b2152c771e 96 enc cbc(aes) 0xcbecf8d670e502367b71b202daafebde src 172.24.4.6 dst 172.24.4.5 proto esp spi 0xc158abb3 reqid 1 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha1) 0x13a7135db1eb5b8debc47ece4ff98b2ff7fba2e8 96 enc cbc(aes) 0x76bee8300a87b65325bd6b5add956e39 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1450094/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp