vpn_agent.ini¶
This is a configuration file for the VPNaaS L3 agent extension of the neutron l3-agent.
ipsec¶
-
config_base_dir¶ - Type
string
- Default
$state_path/ipsec
Location to store ipsec server config files
-
ipsec_status_check_interval¶ - Type
integer
- Default
60
Interval for checking ipsec status
-
enable_detailed_logging¶ - Type
boolean
- Default
false
Enable detail logging for ipsec pluto process. If the flag set to True, the detailed logging will be written into config_base_dir/<pid>/log. Note: This setting applies to OpenSwan and LibreSwan only. StrongSwan logs to syslog.
pluto¶
-
shutdown_check_timeout¶ - Type
integer
- Default
1
Initial interval in seconds for checking if pluto daemon is shutdown
Deprecated Variations¶ Group
Name
libreswan
shutdown_check_timeout
-
shutdown_check_retries¶ - Type
integer
- Default
5
The maximum number of retries for checking for pluto daemon shutdown
Deprecated Variations¶ Group
Name
libreswan
shutdown_check_retries
-
shutdown_check_back_off¶ - Type
floating point
- Default
1.5
A factor to increase the retry interval for each retry
Deprecated Variations¶ Group
Name
libreswan
shutdown_check_back_off
-
restart_check_config¶ - Type
boolean
- Default
false
Enable this flag to avoid from unnecessary restart
Deprecated Variations¶ Group
Name
libreswan
restart_check_config
strongswan¶
-
ipsec_config_template¶ - Type
string
- Default
/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template
Template file for ipsec configuration.
-
strongswan_config_template¶ - Type
string
- Default
/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/strongswan.conf.template
Template file for strongswan configuration.
-
ipsec_secret_template¶ - Type
string
- Default
/home/zuul/src/opendev.org/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.secret.template
Template file for ipsec secret configuration.
-
default_config_area¶ - Type
string
- Default
/etc/strongswan.d
The area where default StrongSwan configuration files are located.
vpnagent¶
-
vpn_device_driver¶ - Type
multi-valued
- Default
neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver, neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver
This option has a sample default set, which means that its actual default value may vary from the one documented above.
The vpn device drivers Neutron will use
