Public bug reported: When creating ipsec-site-connection in VPNaaS, it looks peer-cidr validation is invalid. The cidr format like "10/8" should be rejected like cidr in subnet resources but it is accepted like the following:
$ neutron ipsec-site-connection-create --vpnservice-id service1 --ikepolicy-id ike1 --ipsecpolicy-id ipsec1 --peer-id 192.168.7.1 --peer-address 192.168.7.1 --peer-cidr 10/8 --psk pass Created a new ipsec_site_connection: +-------------------+----------------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------------+ | admin_state_up | True | | auth_mode | psk | | description | | | dpd | {"action": "hold", "interval": 30, "timeout": 120} | | id | 2bed308f-5462-45bb-ae79-5cb9003424ef | | ikepolicy_id | be1f92ab-8064-4328-8862-777ae6878691 | | initiator | bi-directional | | ipsecpolicy_id | 09c67ae8-6ede-47ca-a15b-c52be1d7feaf | | local_ep_group_id | | | local_id | | | mtu | 1500 | | name | | | peer_address | 192.168.7.1 | | peer_cidrs | 10/8 | | peer_ep_group_id | | | peer_id | 192.168.7.1 | | project_id | 068a47c758ae4b5d9fab059539e57740 | | psk | pass | | route_mode | static | | status | PENDING_CREATE | | tenant_id | 068a47c758ae4b5d9fab059539e57740 | | vpnservice_id | 4f82612c-5e3a-4699-aafa-bdfa5ede31fe | +-------------------+----------------------------------------------------+ I think this is because _validate_subnet_list_or_none method in neutron_vpnaas.extensions.vpnaas doesn't return the result. ** Affects: neutron Importance: Undecided Status: New ** Tags: vpnaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1633941 Title: VPNaaS: peer-cidr validation is invalid Status in neutron: New Bug description: When creating ipsec-site-connection in VPNaaS, it looks peer-cidr validation is invalid. The cidr format like "10/8" should be rejected like cidr in subnet resources but it is accepted like the following: $ neutron ipsec-site-connection-create --vpnservice-id service1 --ikepolicy-id ike1 --ipsecpolicy-id ipsec1 --peer-id 192.168.7.1 --peer-address 192.168.7.1 --peer-cidr 10/8 --psk pass Created a new ipsec_site_connection: +-------------------+----------------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------------+ | admin_state_up | True | | auth_mode | psk | | description | | | dpd | {"action": "hold", "interval": 30, "timeout": 120} | | id | 2bed308f-5462-45bb-ae79-5cb9003424ef | | ikepolicy_id | be1f92ab-8064-4328-8862-777ae6878691 | | initiator | bi-directional | | ipsecpolicy_id | 09c67ae8-6ede-47ca-a15b-c52be1d7feaf | | local_ep_group_id | | | local_id | | | mtu | 1500 | | name | | | peer_address | 192.168.7.1 | | peer_cidrs | 10/8 | | peer_ep_group_id | | | peer_id | 192.168.7.1 | | project_id | 068a47c758ae4b5d9fab059539e57740 | | psk | pass | | route_mode | static | | status | PENDING_CREATE | | tenant_id | 068a47c758ae4b5d9fab059539e57740 | | vpnservice_id | 4f82612c-5e3a-4699-aafa-bdfa5ede31fe | +-------------------+----------------------------------------------------+ I think this is because _validate_subnet_list_or_none method in neutron_vpnaas.extensions.vpnaas doesn't return the result. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1633941/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp