-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Marica Antonacci edited this page Jun 18, 2014
·
34 revisions
# apt-get install openswan neutron-plugin-vpn-agent
-
Create file /etc/neutron/rootwrap.d/vpnaas.filters
# cat > /etc/neutron/rootwrap.d/vpnaas.filters << EOF [Filters] ip: IpFilter, ip, root ip_exec: IpNetnsExecFilter, ip, root openswan: CommandFilter, ipsec, root EOF
-
Create file /etc/neutron/vpn_agent.ini:
# cat > /etc/neutron/vpn_agent.ini << EOF [DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver [vpnagent] vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver [ipsec] ipsec_status_check_interval=60 EOF
-
Aggiungere il plugin in neutron.conf:
service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin,neutron.services.loadbalancer.plugin.LoadBalancerPlugin,neutron.services.firewall.fwaas_plugin.FirewallPlugin
-
Aggiungere (a quelli già eventualmente presenti per altri servizi) il service provider vpn in /etc/neutron/neutron.conf:
[service_providers] service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider = VPN:Vpn:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
-
Restart dei servizi di neutron.
# cd /etc/init.d # for s in `ls neutron-*`; do service $s restart; done
-
Infine, per abilitare il pannello VPN in horizon, modificare il file /etc/openstack-dashboard/local_settings.py:
OPENSTACK_NEUTRON_NETWORK = { ... 'enable_vpn': True, ... }
Restart apache2:
# service apache2 restart
In the example that will be shown in this document there will be one tenant at each site with one instance running within each tenant. A complete VPNaaS deployment requires an IKE Policy, IPSec Policy, VPN Service and an IPSec Site Connection. The steps for creating the VPNaaS policy are as follows:
- Step 1: Create an IKE Policy
From the "VPN" object under "Manage Network" in the Dashboard sidebar, select "Add IKE Policy" from the "IKE Policies" tab. In the example shown in Figure 1, the IKE Policy has the following settings:
- Name = ike_pol_1
- Leave all other settings at their defaults