Configuring VPNaaS for OVN¶
A general instruction to enable neutron VPNaaS is described in the Networking Guide.
For an OVN-based setup some details are different though. The following instructions adapt the general ones accordingly.
Enabling VPNaaS for OVN¶
Enable the VPNaaS plug-in in the
/etc/neutron/neutron.conffile by appendingovn-vpnaastoservice_pluginsin[DEFAULT]:[DEFAULT] # ... service_plugins = ovn-vpnaas
Note
ovn-vpnaasis the plugin variant of the reference implementation that supports OVN.Configure the VPNaaS service provider by creating the
/etc/neutron/neutron_vpnaas.conffile as follows,strongswanused in Ubuntu distribution:[service_providers] service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ovn_ipsec.IPsecOvnVPNDriver
With OVN there is no L3 agent. Instead a stand-alone VPN agent is installed. There is a new “binary” called
neutron-ovn-vpn-agent. Create its configuration file/etc/neutron/ovn_vpn_agent.iniwith the following contents:[DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@CONTROLLER_IP interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver [AGENT] extensions = vpnaas [vpnagent] vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver [ovs] ovsdb_connection="unix:/var/run/openvswitch/db.sock" [ovn] ovn_sb_connection = tcp:OVSDB_SERVER_IP:6642
Note
Replace
OVSDB_SERVER_IPwith the IP address of the controller node that runs theovsdb-serverservice. ReplaceRABBIT_PASSwith the password you chose for theopenstackaccount in RabbitMQ and CONTROLLER_IP with the IP address of the controller node that runs the RabbitMQ server.Create the required tables in the database:
# neutron-db-manage --subproject neutron-vpnaas upgrade head
Restart the
neutron-serverin controller node to apply the settings.Start the
neutron-ovn-vpn-agentin network node to apply the settings.
Specifics of the OVN variant of the plugin¶
Details about the architecture are described in the feature spec.
