Public bug reported: * Summary When an IPsec site connection is using the IP address of the router gateway port as the local IP, user can change the IP address of the router gateway port, then the IPsec site connection will malfunction.
* Environment devstack with vpnaas * Step-by-step reproduction steps: 1. create two networks and two subnets respectively (left and right for VPN connection) 2. create two routers, connect subnets of step 1 to each of them 3. create a public network and subnet, connect two routers of step 2 to this public network 4. setup IPsec VPN site connection between the two routers, wait for their status being ACTIVE 5. change the router gateway port's fixed IP address of one of the routers: - openstack router set <ROUTER_NAME> --external-gateway <PUBLIC_NETWORK> --fixed-ip subnet=<SUBNET>,ip-address=<NEW_IP_ADDRESS> * Expected output: - Users cannot change the IP address of the router gateway port as it is being used by an active VPN IPsec site connection * Actual output: - IP address of router gateway port is successfully changed - statuses of both IPsec VPN site connections will change to DOWN ** Affects: neutron Importance: Undecided Assignee: Hunt Xu (huntxu) Status: New ** Tags: vpnaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1743791 Title: Router gateway ip can be changed while being used by a VPN IPsec site connection Status in neutron: New Bug description: * Summary When an IPsec site connection is using the IP address of the router gateway port as the local IP, user can change the IP address of the router gateway port, then the IPsec site connection will malfunction. * Environment devstack with vpnaas * Step-by-step reproduction steps: 1. create two networks and two subnets respectively (left and right for VPN connection) 2. create two routers, connect subnets of step 1 to each of them 3. create a public network and subnet, connect two routers of step 2 to this public network 4. setup IPsec VPN site connection between the two routers, wait for their status being ACTIVE 5. change the router gateway port's fixed IP address of one of the routers: - openstack router set <ROUTER_NAME> --external-gateway <PUBLIC_NETWORK> --fixed-ip subnet=<SUBNET>,ip-address=<NEW_IP_ADDRESS> * Expected output: - Users cannot change the IP address of the router gateway port as it is being used by an active VPN IPsec site connection * Actual output: - IP address of router gateway port is successfully changed - statuses of both IPsec VPN site connections will change to DOWN To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1743791/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp