vpn_agent.ini¶
This is a configuration file for the VPNaaS L3 agent extension of the neutron l3-agent. Note that this is not used in an OVN setup.
ipsec¶
- config_base_dir¶
- Type:
string
- Default:
$state_path/ipsec
Location to store ipsec server config files
- ipsec_status_check_interval¶
- Type:
integer
- Default:
60
Interval for checking ipsec status
- enable_detailed_logging¶
- Type:
boolean
- Default:
False
Enable detail logging for ipsec pluto process. If the flag set to True, the detailed logging will be written into config_base_dir/<pid>/log. Note: This setting applies to OpenSwan and LibreSwan only. StrongSwan logs to syslog.
pluto¶
- shutdown_check_timeout¶
- Type:
integer
- Default:
1
Initial interval in seconds for checking if pluto daemon is shutdown
¶ Group
Name
libreswan
shutdown_check_timeout
- shutdown_check_retries¶
- Type:
integer
- Default:
5
The maximum number of retries for checking for pluto daemon shutdown
¶ Group
Name
libreswan
shutdown_check_retries
- shutdown_check_back_off¶
- Type:
floating point
- Default:
1.5
A factor to increase the retry interval for each retry
¶ Group
Name
libreswan
shutdown_check_back_off
- restart_check_config¶
- Type:
boolean
- Default:
False
Enable this flag to avoid from unnecessary restart
¶ Group
Name
libreswan
restart_check_config
strongswan¶
- ipsec_config_template¶
- Type:
string
- Default:
/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template
Template file for ipsec configuration.
- strongswan_config_template¶
- Type:
string
- Default:
/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/strongswan.conf.template
Template file for strongswan configuration.
- ipsec_secret_template¶
- Type:
string
- Default:
/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.secret.template
Template file for ipsec secret configuration.
- default_config_area¶
- Type:
string
- Default:
/etc/strongswan.d
The area where default StrongSwan configuration files are located.
vpnagent¶
- vpn_device_driver¶
- Type:
multi-valued
- Default:
neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver, neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver
This option has a sample default set, which means that its actual default value may vary from the one documented above.
The vpn device drivers Neutron will use