vpn_agent.ini¶

This is a configuration file for the VPNaaS L3 agent extension of the neutron l3-agent.

config_base_dir¶

Type:	string
Default:	$state_path/ipsec

Location to store ipsec server config files

ipsec_status_check_interval¶

Type:	integer
Default:	60

Interval for checking ipsec status

enable_detailed_logging¶

Type:	boolean
Default:	false

Enable detail logging for ipsec pluto process. If the flag set to True, the detailed logging will be written into config_base_dir/<pid>/log. Note: This setting applies to OpenSwan and LibreSwan only. StrongSwan logs to syslog.

shutdown_check_timeout¶

Type:	integer
Default:	1

Initial interval in seconds for checking if pluto daemon is shutdown

Deprecated Variations¶

Group	Name
libreswan	shutdown_check_timeout

shutdown_check_retries¶

Type:	integer
Default:	5

The maximum number of retries for checking for pluto daemon shutdown

Deprecated Variations¶

Group	Name
libreswan	shutdown_check_retries

shutdown_check_back_off¶

Type:	floating point
Default:	1.5

A factor to increase the retry interval for each retry

Deprecated Variations¶

Group	Name
libreswan	shutdown_check_back_off

restart_check_config¶

Type:	boolean
Default:	false

Enable this flag to avoid from unnecessary restart

Deprecated Variations¶

Group	Name
libreswan	restart_check_config

ipsec_config_template¶

Type:	string
Default:	/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template

Template file for ipsec configuration.

strongswan_config_template¶

Type:	string
Default:	/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/strongswan.conf.template

Template file for strongswan configuration.

ipsec_secret_template¶

Type:	string
Default:	/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.secret.template

Template file for ipsec secret configuration.

default_config_area¶

Type:	string
Default:	/etc/strongswan.d

The area where default StrongSwan configuration files are located.

vpn_device_driver¶

Type:	multi-valued
Default:	neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver, neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver

This option has a sample default set, which means that its actual default value may vary from the one documented above.

The vpn device drivers Neutron will use