Install Packet.
In Centos, we use libreswan, in Ubuntu we use stronwang。只有libreswan才有ipsec指令。
yum install openswan libreswan openstack-neutron-vpn-agent
Install Github code, because newton version 9.0 can't work, use 9.01 will be ok. But it has depence so I cancel the remove without depncy check. 但我yum 9.0跟github stable/newton這兩版本的source,其實一樣。所以我不確定為什麼我這樣做有效果。
你可以自己用github,或是 http://cbs.centos.org/koji/packageinfo?packageID=650 去下載,我只驗證過github。
rpm -e --nodeps python-neutron-vpnaas
git clone https://github.com/openstack/neutron-vpnaas.git stable/newton
Disable SHLinux.
It has bug that pluto can be start with SELinux
#https://bugzilla.redhat.com/show_bug.cgi?id=466070
# vi /etc/sysconfig/selinux
SELINUX=disabled
#reboot
#/etc/neutron/neutron.conf
service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin
[service_providers]
service_provider=VPN:libreswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
#/etc/neutron/vpn_agent.ini
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver
[ipsec]
ipsec_status_check_interval=60
#/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
search vpn and enabled it
#neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade heads
update database
#restart neutorn-server neutron-vpn-agent
#check log /var/log/neutron/vpan-agent.log
DEBUG: