dear all, I am trying to compare OpenVPN and VPNaaS usage in OpenStack.
I want to be able to create a VPN between VMs deployed in a single Openstack
cloud to ensure communication privacy and security.
I also want to be able to connect with my PC to the VPN.
To use OpenVPN, post install scripts work well :
-A- I can see 2 interaces on each VM: the public one and the one associated to
the VPN
-B- my own PC can easily join
I want to do the same using VPNaaS (the script is below)
But:
-1- VPN is created but its status is « DOWN »
-2- I don’t see any VPN interface inside VMs
-3- I don’t undersand how my PC could join the VPN
Any help welcome,
Oleg Lodygensky
usage() {
echo "Usage: $0 [start | stop | status] <configName>"
exit 1
}
writeVariable() {
echo $* >> ${CONFIG_FILE}
}
start() {
CONFIG_NAME=$2
CONFIG_FILE=$2
if [ -f ${CONFIG_FILE} ] ; then
echo "VPNAAS error : config already exist. Cowardingly refusing
to overwrite it"
exit 1
fi
touch ${CONFIG_FILE}
KEY="NET1"
NET1="${CONFIG_NAME}_net1"
VALUE="${NET1}"
neutron net-create ${NET1} && writeVariable "${KEY}=${VALUE}"
KEY="SUBNET1"
SUBNET1="${CONFIG_NAME}_subnet1"
VALUE="${SUBNET1}"
neutron subnet-create --name ${SUBNET1} ${NET1} 10.100.0.0/24 --gateway
10.100.0.1 && writeVariable "${KEY}=${VALUE}"
KEY="ROUTER1"
ROUTER1="${CONFIG_NAME}_router1"
VALUE="${ROUTER1}"
neutron router-create ${ROUTER1} && writeVariable "${KEY}=${VALUE}"
neutron router-interface-add ${ROUTER1} ${SUBNET1}
neutron router-gateway-set ${ROUTER1} public
KEY="NET2"
NET2="${CONFIG_NAME}_net2"
VALUE="${NET2}"
neutron net-create ${NET2} && writeVariable "${KEY}=${VALUE}"
KEY="SUBNET2"
SUBNET2="${CONFIG_NAME}_subnet2"
VALUE="${SUBNET2}"
neutron subnet-create --name ${SUBNET2} ${NET2} 20.200.0.0/24 --gateway
20.200.0.2 && writeVariable "${KEY}=${VALUE}"
KEY="ROUTER2"
ROUTER2="${CONFIG_NAME}_router2"
VALUE="${ROUTER2}"
neutron router-create ${ROUTER2} && writeVariable "${KEY}=${VALUE}"
neutron router-interface-add ${ROUTER2} ${SUBNET2}
neutron router-gateway-set ${ROUTER2} public
PRIVATE_NET1=`neutron net-list | grep "${NET1}" | cut -f 2 -d' '`
KEY="VM1"
VM1="${CONFIG_NAME}_vm1"
VALUE="${VM1}"
nova boot --key-name os-77345-demo --flavor 2 --image ubuntu14 --nic
net-id=${PRIVATE_NET1} ${VM1} && writeVariable "${KEY}=${VALUE}"
FLOATINGIP1=`nova floating-ip-create | grep -vE 'Pool|--'| cut -d ' '
-f 4`
KEY="FLOATINGIP1"
VALUE="${FLOATINGIP1}"
nova add-floating-ip ${VM1} $FLOATINGIP1 && writeVariable
"${KEY}=${VALUE}"
PRIVATE_NET2=`neutron net-list | grep "${NET2}" | cut -f 2 -d' '`
KEY="VM2"
VM2="${CONFIG_NAME}_vm2"
VALUE="${VM2}"
nova boot --key-name os-77345-demo --flavor 2 --image ubuntu14 --nic
net-id=${PRIVATE_NET2} ${VM2} && writeVariable "${KEY}=${VALUE}"
FLOATINGIP2=`nova floating-ip-create | grep -vE 'Pool|--'| cut -d ' '
-f 4`
KEY="FLOATINGIP2"
VALUE="${FLOATINGIP2}"
nova add-floating-ip ${VM2} $FLOATINGIP2 && writeVariable
"${KEY}=${VALUE}"
#Create VPN connections
KEY="IKEPOLICY"
IKEPOLICY="${CONFIG_NAME}_ikepolicy"
VALUE="${IKEPOLICY}"
neutron vpn-ikepolicy-create ${IKEPOLICY} && writeVariable
"${KEY}=${VALUE}"
KEY="IPSECPOLICY"
IPSECPOLICY="${CONFIG_NAME}_ipsecpolicy"
VALUE="${IPSECPOLICY}"
neutron vpn-ipsecpolicy-create ${IPSECPOLICY} && writeVariable
"${KEY}=${VALUE}"
KEY="VPNSERVICE"
VPNSERVICE="${CONFIG_NAME}_vpnservice"
VALUE="${VPNSERVICE}"
neutron vpn-service-create --name ${VPNSERVICE} --description "Mon
service VPN1" ${ROUTER1} ${SUBNET1} && writeVariable "${KEY}=${VALUE}"
KEY="CONNECTION"
CONNECTION="${CONFIG_NAME}_connection"
VALUE="${CONNECTION}"
# neutron ipsec-site-connection-create --name ${CONNECTION}
--vpnservice-id ${VPNSERVICE} \
# --ikepolicy-id ${IKEPOLICY} --ipsecpolicy-id ${IPSECPOLICY}
--peer-address 172.24.4.227 \
# --peer-id 172.24.4.227 --peer-cidr 10.100.0.0/24 --psk secret &&
writeVariable "${KEY}=${VALUE}"
[ ! -s ${CONFIG_FILE} ] && rm -f ${CONFIG_FILE}
}
stop() {
CONFIG_FILE=$2
if [ ! -f ${CONFIG_FILE} ] ; then
echo "VPNAAS \"${CONFIG_FILE}\" error : config not found"
exit 1
fi
. ${CONFIG_FILE}
nova delete ${VM1}
nova delete ${VM2}
nova floating-ip-delete ${FLOATINGIP1}
nova floating-ip-delete ${FLOATINGIP2}
neutron ipsec-site-connection-delete ${CONNECTION}
neutron vpn-service-delete ${VPNSERVICE}
neutron vpn-ipsecpolicy-delete ${IPSECPOLICY}
neutron vpn-ikepolicy-delete ${IKEPOLICY}
for i in `neutron port-list | grep -vE 'fixed_ips|--' | cut -f 2 -d' '`
; do neutron port-delete $i ; done
neutron router-interface-delete ${ROUTER2} ${SUBNET2}
neutron router-delete ${ROUTER2}
neutron net-delete ${NET2}
neutron router-interface-delete ${ROUTER1} ${SUBNET1}
neutron router-delete ${ROUTER1}
neutron net-delete ${NET1}
rm -f ${CONFIG_FILE}
}
status() {
CONFIG_FILE=$2
if [ ! -f ${CONFIG_FILE} ] ; then
echo "VPNAAS \"${CONFIG_FILE}\" error : config not found"
exit 1
fi
echo "VNPAAS \"${CONFIG_FILE}\": started"
cat ${CONFIG_FILE}
}
[ $# -ne 2 ] && usage
case $1 in
"start" )
start $*
;;
"stop" )
stop $*
;;
"status" )
status $*
;;
esac
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
