- Weekly on-demand on Tuesdays at 1600 UTC
- IRC channel: #openstack-meeting-3
- Chair: pc_m (Paul Michali)
If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.
Next meeting: Tuesday, June 2nd, 2015.
Logs and Minutes
Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/
Updated May 12th, 2015
- Discuss DMVPN spec for Liberty (https://review.openstack.org/#/c/181563/)
- Discuss whether VPNaaS should be enhanced to support multiple local subnets
- Informal meeting on Friday, May 22nd, at summit.
Bugs under Review
Current bugs: VPN bugs
Current reviews: VPNaaS reviews
Need reviewers (core and VPN team) for:
Multiple Local Subnets on VPN connection
- Does OpenSwan/StrongSwan/LibreSwan support multiple left sides?
- If so, do they have to be the same IP version?
- Does it make sense to extend VPNaaS to support multiple subnets on left (local) side? Even if reference implementation doesn't support?
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
- User documentation for Networking Guide. (including limitations/restrictions)
- Coverage, especially in database and device driver modules, is lacking.
- Need functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs).
- Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
- The OpenSwan class should be separated from the ABC definition, and placed into a new module.
- Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
- Documentation on how to use StrongSwan
- Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
- StrongSwan execute_with_mount() to allow configurable rootwrap config file.
- Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)?
- Certificate support for IPSec (Barbican - see what LBaaS did to use certificate)?
- Devstack support for VPNaaS (see LBaaS including devstack setup in their repo).
- Functional job no longer runs devstack. Update the documentation for gate/post-test hook scripts (https://wiki.openstack.org/wiki/Neutron/FunctionalGateSetup).
- There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
- Should enhance/add unit test cases for:
- Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
- Verification of contents of configuration files created for StrongSwan and OpenSwan.
- Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):
- Paul Michali (pc_m)
- Al Miller (ajmiller)