-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Marica Antonacci edited this page Jun 18, 2014
·
34 revisions
# apt-get install openswan neutron-plugin-vpn-agent
Create file /etc/neutron/rootwrap.d/vpnaas.filters
# cat > /etc/neutron/rootwrap.d/vpnaas.filters << EOF
[Filters]
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root
openswan: CommandFilter, ipsec, root
EOF
Create file /etc/neutron/vpn_agent.ini:
# cat > /etc/neutron/vpn_agent.ini << EOF
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
[vpnagent]
vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver
[ipsec]
ipsec_status_check_interval=60
EOF
Aggiungere il plugin in neutron.conf:
service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin,neutron.services.loadbalancer.plugin.LoadBalancerPlugin,neutron.services.firewall.fwaas_plugin.FirewallPlugin
Aggiungere (a quelli già eventualmente presenti per altri servizi) il service provider vpn in /etc/neutron/neutron.conf:
[service_providers]
service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider = VPN:Vpn:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
Restart dei servizi di neutron.
# cd /etc/init.d
# for s in `ls neutron-*`; do service $s restart; done
Infine, per abilitare il pannello VPN in horizon, modificare il file /etc/openstack-dashboard/local_settings.py:
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_vpn': True,
...
}
Restart apache2:
# service apache2 restart