neutron

ike version V2 incompatible with ike_phase1_mode

Bug #1726422 reported by zhichao zhu on 2017-10-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	New	Undecided	Dongcan Ye

Bug Description

Ike version V1 divides two phases to create ike&ipsec tunnel,the ike_phase1_mode(main mode or aggresive mode) is used in first phase to negotiate ike tunnel.
Ike version v2 create ipsec sa in only one phase. If ike policy uses ike V2,it will be unnecessary to use ike_phase1_mode.
The ike policy is shown in the following,phase1_negotiation_mode should be None
root@ubuntu:~# neutron vpn-ikepolicy-show c32c991d-ecb9-460e-b829-8ce61bc8aed6
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| auth_algorithm | sha1 |
| description | |
| encryption_algorithm | aes-128 |
| id | c32c991d-ecb9-460e-b829-8ce61bc8aed6 |
| ike_version | v2 |
| lifetime | {"units": "seconds", "value": 3600} |
| name | ikepolicy_a-1-1 |
| pfs | group5 |
| phase1_negotiation_mode | main |
| project_id | 899181367cc14f498f089c82c0087637 |
| tenant_id | 899181367cc14f498f089c82c0087637 |
+-------------------------+--------------------------------------+

Now the ike_phase1_mode only support main mode,it cannot be modified to set null,it need be extended to support.

See original description

Tags:

zhichao zhu (rtmdk) on 2017-10-23

description:

updated

zhichao zhu (rtmdk) on 2017-10-23

description:	updated
description:	updated

zhichao zhu (rtmdk) on 2017-10-23

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-24: Fix proposed to neutron-vpnaas (master)

Fix proposed to branch: master
Review: https://review.openstack.org/514497

Changed in neutron:
assignee:	nobody → zhichao zhu (rtmdk)
status:	New → In Progress

Revision history for this message

Slawek Kaplonski (slaweq) wrote on 2019-12-04: auto-abandon-script

This bug has had a related patch abandoned and has been automatically un-assigned due to inactivity. Please re-assign yourself if you are continuing work or adjust the state as appropriate if it is no longer valid.

Changed in neutron:
assignee:	zhichao zhu (rtmdk) → nobody
status:	In Progress → New
tags:	added: timeout-abandon

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-12-04: Change abandoned on neutron-vpnaas (master)

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: master
Review: https://review.opendev.org/514497
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Dongcan Ye (hellochosen) on 2020-05-13

Changed in neutron:
assignee:	nobody → Dongcan Ye (hellochosen)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.