openstack vpnaas 플러그인 설치

| 2020년 3월 25일 | 0 Comments

openstack neutron 프로젝트에서 vpn 을 사용하려면 vpnaas 플러그인을 설치 해야 합니다.

vpnaas 플러그인은 strongswan등을 통하여 구현 되며 오픈 스택 유저 및 pfsense, openvpn등 site to site 방식으로 구현이 가능 합니다.

openstack 테스트 버전은 queens 이며 neutron-server, neutron-l3-agent 서비스가 구동되는 노드에 vpnaas 플러그인을 설치하면 됩니다.

한가지 주의 할점은 neutron-openvswitch-agent로 유저 네트웍이 dvr로 구성되있으면 vpn 기능이 되지 않습니다….

 


  1. neutron-server가 설치된 노드
    – 패키지 설치

    root@controller:~# apt install python-neutron-vpnaas
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    The following additional packages will be installed:
    libcharon-standard-plugins libstrongswan libstrongswan-standard-plugins strongswan strongswan-charon strongswan-libcharon strongswan-starter
    Suggested packages:
    libstrongswan-extra-plugins libcharon-extra-plugins
    The following NEW packages will be installed:
    libcharon-standard-plugins libstrongswan libstrongswan-standard-plugins python-neutron-vpnaas strongswan strongswan-charon strongswan-libcharon strongswan-starter
    0 upgraded, 8 newly installed, 0 to remove and 31 not upgraded.
    Need to get 993 kB of archives.
    After this operation, 4939 kB of additional disk space will be used.
    Do you want to continue? [Y/n] y

    – 설정

    root@controller:~# cat /etc/neutron/neutron.conf
    [DEFAULT]
    ..
    ..
    service_plugins = ….,vpnaas

    root@controller:~# cat /etc/neutron/neutron_vpnaas.conf
    [DEFAULT]

    [service_providers]
    service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

    – 테이블 생성

    root@controller:~# neutron-db-manage –subproject neutron-vpnaas upgrade head
    INFO [alembic.runtime.migration] Context impl MySQLImpl.
    INFO [alembic.runtime.migration] Will assume non-transactional DDL.
    Running upgrade for neutron-vpnaas …
    INFO [alembic.runtime.migration] Context impl MySQLImpl.
    INFO [alembic.runtime.migration] Will assume non-transactional DDL.
    INFO [alembic.runtime.migration] Running upgrade -> start_neutron_vpnaas, start neutron-vpnaas chain
    INFO [alembic.runtime.migration] Running upgrade start_neutron_vpnaas -> 3ea02b2a773e, add_index_tenant_id
    INFO [alembic.runtime.migration] Running upgrade 3ea02b2a773e -> kilo, kilo
    INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ed99, Initial no-op Liberty expand rule.
    INFO [alembic.runtime.migration] Running upgrade 30018084ed99 -> 24f28869838b, Add fields to VPN service table
    INFO [alembic.runtime.migration] Running upgrade 24f28869838b -> 41b509d10b5e, VPNaaS endpoint groups
    INFO [alembic.runtime.migration] Running upgrade 41b509d10b5e -> 28ee739a7e4b, Multiple local subnets
    INFO [alembic.runtime.migration] Running upgrade 28ee739a7e4b -> fe637dc3f042, support sha256
    INFO [alembic.runtime.migration] Running upgrade fe637dc3f042 -> 52783a36bd67, support local id
    INFO [alembic.runtime.migration] Running upgrade 52783a36bd67 -> 38893903cbde, add_auth_algorithm_sha384_and_sha512
    INFO [alembic.runtime.migration] Running upgrade 38893903cbde -> 95601446dbcc, add flavor id to vpnservices
    INFO [alembic.runtime.migration] Running upgrade kilo -> 56893333aa52, fix identifier map fk
    INFO [alembic.runtime.migration] Running upgrade 56893333aa52 -> 333dfd6afaa2, Populate VPN service table fields
    INFO [alembic.runtime.migration] Running upgrade 333dfd6afaa2 -> 2c82e782d734, drop_tenant_id_in_cisco_csr_identifier_map
    INFO [alembic.runtime.migration] Running upgrade 2c82e782d734 -> 2cb4ee992b41, Multiple local subnets
    INFO [alembic.runtime.migration] Running upgrade 2cb4ee992b41 -> b6a2519ab7dc, rename tenant to project
    OK

    – 서비스 재시작

    root@controller:~# service neutron-server restart
  2. neutron-l3-agent 설치된 노드
    – 패키지 설치

    root@network:~# apt install python-neutron-vpnaas
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    The following additional packages will be installed:
    libcharon-standard-plugins libstrongswan libstrongswan-standard-plugins strongswan strongswan-charon strongswan-libcharon strongswan-starter
    Suggested packages:
    libstrongswan-extra-plugins libcharon-extra-plugins
    The following NEW packages will be installed:
    libcharon-standard-plugins libstrongswan libstrongswan-standard-plugins python-neutron-vpnaas strongswan strongswan-charon strongswan-libcharon strongswan-starter
    0 upgraded, 8 newly installed, 0 to remove and 15 not upgraded.
    Need to get 993 kB of archives.
    After this operation, 4939 kB of additional disk space will be used.
    Do you want to continue? [Y/n] y

     
    – 설정

    root@network:~# cat /etc/neutron/neutron.conf
    [DEFAULT]
    ..
    ..
    service_plugins = …,vpnaas

    root@network:~# cat /etc/neutron/neutron_vpnaas.conf
    [DEFAULT]

    [service_providers]
    service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

    root@network:~# cat /etc/neutron/l3_agent.ini
    ..
    ..
    [agent]
    extensions = vpnaas

    [vpnagent]
    vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver

    – 서비스 재시작

    root@network:~# service neutron-l3-agent restart

Category: 가상화/클라우드

장영호

About the Author ()