vpn_agent.ini

This is a configuration file for the VPNaaS L3 agent extension of the neutron l3-agent. Note that this is not used in an OVN setup.

ipsec

config_base_dir
Type:

string

Default:

$state_path/ipsec

Location to store ipsec server config files

ipsec_status_check_interval
Type:

integer

Default:

60

Interval for checking ipsec status

enable_detailed_logging
Type:

boolean

Default:

False

Enable detail logging for ipsec pluto process. If the flag set to True, the detailed logging will be written into config_base_dir/<pid>/log. Note: This setting applies to OpenSwan and LibreSwan only. StrongSwan logs to syslog.

pluto

shutdown_check_timeout
Type:

integer

Default:

1

Initial interval in seconds for checking if pluto daemon is shutdown

Deprecated Variations

Group

Name

libreswan

shutdown_check_timeout

shutdown_check_retries
Type:

integer

Default:

5

The maximum number of retries for checking for pluto daemon shutdown

Deprecated Variations

Group

Name

libreswan

shutdown_check_retries

shutdown_check_back_off
Type:

floating point

Default:

1.5

A factor to increase the retry interval for each retry

Deprecated Variations

Group

Name

libreswan

shutdown_check_back_off

restart_check_config
Type:

boolean

Default:

False

Enable this flag to avoid from unnecessary restart

Deprecated Variations

Group

Name

libreswan

restart_check_config

strongswan

ipsec_config_template
Type:

string

Default:

/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template

Template file for ipsec configuration.

strongswan_config_template
Type:

string

Default:

/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/strongswan.conf.template

Template file for strongswan configuration.

ipsec_secret_template
Type:

string

Default:

/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.secret.template

Template file for ipsec secret configuration.

default_config_area
Type:

string

Default:

/etc/strongswan.d

The area where default StrongSwan configuration files are located.

vpnagent

vpn_device_driver
Type:

multi-valued

Default:

neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver, neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver

This option has a sample default set, which means that its actual default value may vary from the one documented above.

The vpn device drivers Neutron will use