# show VPN objects openstack vpn ipsec site connection list openstack vpn endpoint group list openstack vpn service list openstack vpn ipsec policy list openstack vpn ike policy list # show IP openstack vpn service list --long openstack vpn service list -c ID -f value | xargs -i openstack vpn service show {} openstack vpn ipsec site connection list -c ID -f value | xargs -L1 openstack vpn ipsec site connection show
Restart VPN
openstack vpn ipsec site connection set --disable vpn-conn1 openstack vpn ipsec site connection set --enable vpn-conn1
Check VPN peer address
PRIVATE_PEER_ADDRESSES=$(openstack vpn ipsec site connection list -c "Peer Address" -f value | egrep "^10.|^172.|^192.") for PRIVATE_PEER_ADDRESSE in ${PRIVATE_PEER_ADDRESSES}; do echo "PRIVATE_PEER_ADDRESSES: ${PRIVATE_PEER_ADDRESSE}" CONNECTION_ID=$(openstack vpn ipsec site connection list | grep ${PRIVATE_PEER_ADDRESSE} | cut -d" " -f2) openstack vpn ipsec site connection show ${CONNECTION_ID} VPN_SERVICE_ID=$(openstack vpn ipsec site connection show ${CONNECTION_ID} -c "VPN Service" -f value) openstack vpn service show ${VPN_SERVICE_ID} PROJECT_ID=$(openstack vpn service show ${VPN_SERVICE_ID} -c project_id -f value) openstack project show ${PROJECT_ID} done
OpenStack IpSec VPN ports
UDP 500 UDP 4500 ESP IP Protocol 50
IPSec VPN – Diffie-Hellman Groups
DH Group 1: 768-bit Key DH Group 2: 1024-bit Key DH Group 5: 1536-bit Key DH Group 14: 2048-bit Key
Links
https://docs.openstack.org/neutron/rocky/admin/vpnaas-scenario.html