VPN-as-a-Service configuration options¶
Use the following options in the vpnaas_agent.ini file for the
VPNaaS agent.
| Configuration option = Default value | Description |
|---|---|
| [vpnagent] | |
vpn_device_driver = ['neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver, neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver, neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver, neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'] |
(Multi-valued) The vpn device drivers Neutron will use |
| Configuration option = Default value | Description |
|---|---|
| [cisco_csr_ipsec] | |
status_check_interval = 60 |
(Integer) Status check interval for Cisco CSR IPSec connections |
| [ipsec] | |
config_base_dir = $state_path/ipsec |
(String) Location to store ipsec server config files |
enable_detailed_logging = False |
(Boolean) Enable detail logging for ipsec pluto process. If the flag set to True, the detailed logging will be written into config_base_dir/<pid>/log. Note: This setting applies to OpenSwan and LibreSwan only. StrongSwan logs to syslog. |
ipsec_status_check_interval = 60 |
(Integer) Interval for checking ipsec status |
| [pluto] | |
restart_check_config = False |
(Boolean) Enable this flag to avoid from unnecessary restart |
shutdown_check_back_off = 1.5 |
(Floating point) A factor to increase the retry interval for each retry |
shutdown_check_retries = 5 |
(Integer) The maximum number of retries for checking for pluto daemon shutdown |
shutdown_check_timeout = 1 |
(Integer) Initial interval in seconds for checking if pluto daemon is shutdown |
| Configuration option = Default value | Description |
|---|---|
| [openswan] | |
ipsec_config_template = /usr/lib/python/site-packages/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/openswan/ipsec.conf.template |
(String) Template file for ipsec configuration |
ipsec_secret_template = /usr/lib/python/site-packages/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/openswan/ipsec.secret.template |
(String) Template file for ipsec secret configuration |
| Configuration option = Default value | Description |
|---|---|
| [strongswan] | |
default_config_area = /etc/strongswan.d |
(String) The area where default StrongSwan configuration files are located. |
ipsec_config_template = /usr/lib/python/site-packages/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template |
(String) Template file for ipsec configuration. |
ipsec_secret_template = /usr/lib/python/site-packages/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.secret.template |
(String) Template file for ipsec secret configuration. |
strongswan_config_template = /usr/lib/python/site-packages/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/strongswan.conf.template |
(String) Template file for strongswan configuration. |
Note
strongSwan and Openswan cannot both be installed and enabled at the
same time. The vpn_device_driver configuration option in the
vpnaas_agent.ini file is an option that lists the VPN device
drivers that the Networking service will use. You must choose either
strongSwan or Openswan as part of the list.
Important
Ensure that your strongSwan version is 5 or newer.
To declare either one in the vpn_device_driver:
#Openswan
vpn_device_driver = ['neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver']
#strongSwan
vpn_device_driver = ['neutron.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver']
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.