| *** yamamoto has joined #openstack-vpnaas | 00:13 | |
| *** yamamoto has quit IRC | 00:18 | |
| *** huntxu has joined #openstack-vpnaas | 00:44 | |
| *** yamamoto has joined #openstack-vpnaas | 01:13 | |
| *** yamamoto has quit IRC | 01:19 | |
| *** yamamoto has joined #openstack-vpnaas | 01:41 | |
| *** hoangcx has joined #openstack-vpnaas | 01:54 | |
| *** ChanServ sets mode: +o hoangcx | 01:54 | |
| *** dsteuww[m] has joined #openstack-vpnaas | 03:36 | |
| *** dsteuww[m] has quit IRC | 03:36 | |
| *** openstackgerrit has joined #openstack-vpnaas | 03:58 | |
| openstackgerrit | Merged openstack/neutron-vpnaas master: Avoid tox-install.sh https://review.openstack.org/553056 | 03:58 |
|---|---|---|
| hoangcx | huntxu: ping | 04:31 |
| hoangcx | huntxu: I am testing with https://review.openstack.org/#/c/547347/ | 04:31 |
| hoangcx | huntxu: Having a problem as follow: http://paste.openstack.org/show/704080/ | 04:32 |
| hoangcx | huntxu: Did you meet this problem before or have you test with latest neutron? | 04:32 |
| hoangcx | huntxu: thanks | 04:32 |
| openstackgerrit | Merged openstack/neutron-vpnaas master: Updated from global requirements https://review.openstack.org/552361 | 05:00 |
| openstackgerrit | Merged openstack/neutron-vpnaas master: use plugin common utils from neutron-lib https://review.openstack.org/550992 | 05:16 |
| huntxu | hoangcx: no, I didn't meet it before, the addconn exit code 5 is new to me | 05:37 |
| hoangcx | huntxu: I wonder whether it is affected by recent wire community change? | 05:39 |
| hoangcx | huntxu: Re: [openstack-dev] [horizon][neutron][kolla] tools/tox_install changes - breakage with constraints | 05:40 |
| hoangcx | amotoki: ^^ | 05:40 |
| huntxu | hoangcx: I guess not, looks like it should be a problem of libreswan itself | 05:40 |
| huntxu | hoangcx: I'll update my setup to the newest and see whether I can reproduce this | 05:41 |
| hoangcx | huntxu: I think so, as it show the problem with "nat_traversal" that included in the patch | 05:41 |
| hoangcx | huntxu: I see. thank you. | 05:42 |
| huntxu | hoangcx: the nat_traversal part is a bit misleading, it is just a warning and it doesn't matter in my previous tests | 05:43 |
| huntxu | hoangcx: the exit code 5 is what caused the ProcessExecutionError | 05:43 |
| hoangcx | huntxu: +1 | 05:44 |
| hoangcx | huntxu: will wait for your update on it. Thanks again | 05:44 |
| hoangcx | huntxu: note that I have just test with default auth algorithm of ike and ipsec (not test with sha384/sha512 yet) | 05:46 |
| *** openstackgerrit has quit IRC | 05:49 | |
| huntxu | hoangcx: ok, I'll keep using the defaults (as I always do, just copying the simplest commands from the devstack doc) | 05:50 |
| hoangcx | huntxu: +1 This script (need to update for OSC later) is used for quick test https://git.openstack.org/cgit/openstack/neutron-vpnaas/tree/tools/test_script.sh | 05:52 |
| huntxu | hoangcx: ping, still around? | 06:36 |
| huntxu | hoangcx: would you try to update the test_script.sh with a stronger secret and see whether it will work normally | 06:36 |
| hoangcx | huntxu: You mean neutron ipsec-site-connection-create --name conn_west --vpnservice-id vpn_west --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address $EAST_IP --peer-id $EAST_IP --peer-cidr $EAST_SUBNET --psk secret | 06:38 |
| hoangcx | huntxu: the --psk option? | 06:38 |
| huntxu | hoangcx: yes, I use "--psk Not@wEAK5ecreT" | 06:38 |
| hoangcx | huntxu: | 06:39 |
| hoangcx | huntxu: OK. I will try | 06:39 |
| hoangcx | huntxu: hi | 07:36 |
| hoangcx | huntxu: It works with stronger --psk :) But still need to address for "nat_travelse" thing | 07:37 |
| hoangcx | huntxu: logged here http://paste.openstack.org/show/704247/ Maybe you also see this | 07:37 |
| huntxu | hoangcx: yes, I also observed that. Seems the root cause of the previous problem is in fact 'ipsec whack --listen' failed with an exit code 3. With a stronger psk the connection will work well | 07:39 |
| hoangcx | huntxu: +1 | 07:39 |
| huntxu | hoangcx: we have a workaround for openswan, https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/services/vpn/device_drivers/ipsec.py#L646-L653 | 07:40 |
| huntxu | hoangcx: I'll add that to libreswan too, and try to deal with the addconn failure. | 07:40 |
| hoangcx | huntxu: Awesome. Thank you for working on it. | 07:41 |
| *** openstackgerrit has joined #openstack-vpnaas | 07:49 | |
| openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions https://review.openstack.org/547347 | 07:49 |
| huntxu | hoangcx: ^^ this should handle the weak secret scenario. I will continue to work on the addconn one | 07:51 |
| hoangcx | huntxu: ++ Thanks | 07:51 |
| huntxu | hoangcx: The strange thing is that only one addconn error is observed whilst in fact it is called twice. | 07:51 |
| hoangcx | huntxu: No, it is twice in my env | 07:52 |
| hoangcx | huntxu: :p | 07:52 |
| huntxu | hmm, will see whether it is related to the commandline parameters, if so, we can simply drop those parameters as they are ignored anyway | 07:53 |
| hoangcx | huntxu: let propose it and see what others think : | 07:55 |
| hoangcx | huntxu: I'm ok with that. But if so, sometimes a weak psk is used without any notice and maybe not safe | 07:56 |
| huntxu | hoangcx: the warning message will still be logged by pluto and l3-agent | 07:59 |
| hoangcx | huntxu: ++ | 08:00 |
| openstackgerrit | Cao Xuan Hoang proposed openstack/neutron-vpnaas master: Remove unmaintained drivers https://review.openstack.org/543394 | 08:17 |
| *** E9TGE4quite has joined #openstack-vpnaas | 09:47 | |
| *** E9TGE4quite has quit IRC | 09:47 | |
| openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions https://review.openstack.org/547347 | 09:59 |
| *** hoangcx has quit IRC | 10:08 | |
| huntxu | hoangcx: ^^ I keep trying the whole afternoon, only the later added connection(conn_west) will hit the exit code 5 error. I don't know why :/ | 10:08 |
| *** yamamoto has quit IRC | 10:16 | |
| *** yamamoto has joined #openstack-vpnaas | 11:02 | |
| *** ydribe has joined #openstack-vpnaas | 11:55 | |
| *** huntxu has quit IRC | 13:03 | |
| *** yamamoto has quit IRC | 13:08 | |
| *** yamamoto has joined #openstack-vpnaas | 13:45 | |
| *** yamamoto_ has joined #openstack-vpnaas | 13:48 | |
| *** yamamoto has quit IRC | 13:52 | |
| *** yamamoto_ has quit IRC | 14:30 | |
| *** yamamoto has joined #openstack-vpnaas | 14:46 | |
| *** yamamoto has quit IRC | 14:51 | |
| *** yamamoto has joined #openstack-vpnaas | 15:04 | |
| *** yamamoto has quit IRC | 16:23 | |
| *** openstackgerrit has quit IRC | 18:48 | |
| *** quasisaneIDPYTT has joined #openstack-vpnaas | 19:30 | |
| *** yamamoto has joined #openstack-vpnaas | 23:27 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!