Jump to: navigation, search

Neutron/VPNaaS/HowToInstall

< Neutron‎ | VPNaaS
Revision as of 22:58, 7 June 2013 by Nachi Ueno (talk | contribs) (Setup VPN Connection)

Installation

  1. . apt-get install strongswan
  2. . replace binary quantum-l3-agent to quantum-vpn-agent

Note: you can use WIP devstack for VPNaaS Devstack review is here -> https://review.openstack.org/#/c/32174/ (WIP)

   git clone https://github.com/openstack-dev/devstack.git
   cd devstack
   git review -d 32174

Set localrc ( q-vpn is added)

   DEST=/opt/stack
   disable_service n-net
   enable_service q-svc
   enable_service q-agt
   enable_service q-dhcp
   enable_service q-l3
   enable_service q-meta
   enable_service quantum
   enable_service tempest
   enable_service q-vpn
   API_RATE_LIMIT=False
   VOLUME_BACKING_FILE_SIZE=4G
   FIXED_RANGE=10.1.0.0/24
   FIXED_NETWORK_SIZE=256
   VIRT_DRIVER=libvirt
   SWIFT_REPLICAS=1
   export OS_NO_CACHE=True
   SCREEN_LOGDIR=/opt/stack/screen-logs
   SYSLOG=True
   SKIP_EXERCISES=boot_from_volume,client-env
   ROOTSLEEP=0
   ACTIVE_TIMEOUT=60
   Q_USE_SECGROUP=True
   BOOT_TIMEOUT=90
   ASSOCIATE_TIMEOUT=60
   ADMIN_PASSWORD=openstack
   MYSQL_PASSWORD=openstack
   RABBIT_PASSWORD=openstack
   SERVICE_PASSWORD=openstack
   SERVICE_TOKEN=tokentoken
   Q_PLUGIN=openvswitch
   Q_USE_DEBUG_COMMAND=True
   NETWORK_GATEWAY=10.1.0.1

Checkout Test branches

Quantum TBD Quantum client : https://review.openstack.org/#/c/29811/

Run Devstack

    ./stack.sh

Setup Params

    ROUTER_ID=`quantum router-show router1 | awk '/ id /{print $4}'`
    SUBNET_ID=`quantum subnet-create private 20.0.0.0/24 | awk '/ id /{print $4}'`

CLI Walkthough

Setup VPN Connection

     # Create VPN Service
     quantum vpn-service-create --name vpn1 --router_id $ROUTER_ID --subnet_id $SUBNET_ID
     # List VPN Service
     quantum vpn-service-list
     # Show VPN Service
    quantum vpn-service-show vpn1
    VPN1=`quantum vpn-service-show vpn1 | awk '/ id /{print $4}'`
    
    # Create IKE policy
    quantum vpn-ikepolicy-create --name ike_policy1
    # List IKE policy
    quantum vpn-ikepolicy-list
    # Show IKE policy
    quantum vpn-ikepolicy-show ike_policy1
     # Create IPSec policy
    quantum vpn-ipsecpolicy-create --name ipsecpolicy1
     # Show IPSec policy
     quantum vpn-ipsecpolicy-show ike_policy1
     # Create VPN Connection
    quantum vpn-connection-create --name vpnconnection1 vpn1 ikepolicy1 ipsecpolicy1
     #List VPN Connection
    quantum vpn-connection-list
     # Show VPN Connection
    quantum vpn-connection-show vpnconnection1


Cleanup VPN Connection

     # Delete VPN Connection
     quantum vpn-connection-delete vpnconnection1
     # Delete VPN Service
     quantum vpn-service-delete $VPN1
     # Remove Router Interface ( <-- This should be automatically done by VPNService )
    quantum router-interface-delete $ROUTER_ID $SUBNET_ID
     # Delete IKE policy
    quantum vpn-ikepolicy-delete ike_policy1
    # Delete IPSec policy
    quantum vpn-ipsecpolicy-delete ipsecpolicy1