1 [DEFAULT] |
1 [DEFAULT] |
2 # VPN-Agent configuration file |
2 |
3 # Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also |
3 |
|
4 [ipsec] |
|
5 |
|
6 # |
|
7 # From neutron.vpnaas.agent |
|
8 # |
|
9 |
|
10 # Location to store ipsec server config files (string value) |
|
11 #config_base_dir = $state_path/ipsec |
|
12 |
|
13 # Interval for checking ipsec status (integer value) |
|
14 #ipsec_status_check_interval = 60 |
|
15 |
|
16 # Enable detail logging for ipsec pluto process. If the flag set to True, the |
|
17 # detailed logging will be written into config_base_dir/<pid>/log. Note: This |
|
18 # setting applies to OpenSwan and LibreSwan only. StrongSwan logs to syslog. |
|
19 # (boolean value) |
|
20 #enable_detailed_logging = false |
|
21 |
|
22 |
|
23 [pluto] |
|
24 |
|
25 # |
|
26 # From neutron.vpnaas.agent |
|
27 # |
|
28 |
|
29 # Initial interval in seconds for checking if pluto daemon is shutdown (integer |
|
30 # value) |
|
31 # Deprecated group/name - [libreswan]/shutdown_check_timeout |
|
32 #shutdown_check_timeout = 1 |
|
33 |
|
34 # The maximum number of retries for checking for pluto daemon shutdown (integer |
|
35 # value) |
|
36 # Deprecated group/name - [libreswan]/shutdown_check_retries |
|
37 #shutdown_check_retries = 5 |
|
38 |
|
39 # A factor to increase the retry interval for each retry (floating point value) |
|
40 # Deprecated group/name - [libreswan]/shutdown_check_back_off |
|
41 #shutdown_check_back_off = 1.5 |
|
42 |
|
43 |
|
44 [solaris] |
|
45 |
|
46 # |
|
47 # From neutron.vpnaas.agent |
|
48 # |
|
49 |
|
50 # Interval for checking ipsec status (integer value) |
|
51 #ipsec_status_check_interval = 60 |
|
52 |
|
53 # IPsec policy failure logging (boolean value) |
|
54 #packet_logging = false |
|
55 |
|
56 # IPsec policy log level (string value) |
|
57 #logger_level = message+packet |
|
58 |
|
59 |
|
60 [strongswan] |
|
61 |
|
62 # |
|
63 # From neutron.vpnaas.agent |
|
64 # |
|
65 |
|
66 # Template file for ipsec configuration. (string value) |
|
67 #ipsec_config_template = /usr/lib/python2.7/vendor-packagesneutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template |
|
68 |
|
69 # Template file for strongswan configuration. (string value) |
|
70 #strongswan_config_template = /usr/lib/python2.7/vendor-packagesneutron_vpnaas/services/vpn/device_drivers/template/strongswan/strongswan.conf.template |
|
71 |
|
72 # Template file for ipsec secret configuration. (string value) |
|
73 #ipsec_secret_template = /usr/lib/python2.7/vendor-packagesneutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.secret.template |
|
74 |
|
75 # The area where default StrongSwan configuration files are located. (string |
|
76 # value) |
|
77 #default_config_area = /etc/strongswan.d |
|
78 |
4 |
79 |
5 [vpnagent] |
80 [vpnagent] |
6 # vpn device drivers which vpn agent will use |
|
7 # If we want to use multiple drivers, we need to define this option multiple |
|
8 # times. |
|
9 # NOTE: StrongSwan and openSwan cannot be installed at the same time. Thus, both |
|
10 # cannot be enabled for use. In the future when flavors/STF support is |
|
11 # available, this will still constrain the flavors which can be used |
|
12 # together. |
|
13 # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver |
|
14 # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver |
|
15 # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver |
|
16 # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver |
|
17 # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver |
|
18 # vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver |
|
19 # vpn_device_driver=another_driver |
|
20 vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.solaris_ipsec.SolarisIPsecDriver |
|
21 |
81 |
22 [ipsec] |
82 # |
23 # Status check interval |
83 # From neutron.vpnaas.agent |
24 # ipsec_status_check_interval=60 |
84 # |
25 |
85 |
26 [strongswan] |
86 # The vpn device drivers Neutron will use (multi valued) |
27 # For fedora use: |
87 vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.solaris_ipsec.SolarisIPsecDriver |
28 # default_config_area=/usr/share/strongswan/templates/config/strongswan.d |
|
29 # Default is for ubuntu use, /etc/strongswan.d |
|
30 # default_config_area=/etc/strongswan.d |
|
31 |
|
32 [libreswan] |
|
33 # Initial interval in seconds for checking if pluto daemon is shutdown |
|
34 # shutdown_check_timeout=1 |
|
35 # |
|
36 # The maximum number of retries for checking for pluto daemon shutdown |
|
37 # shutdown_check_retries=5 |
|
38 # |
|
39 # A factor to increase the retry interval for each retry |
|
40 # shutdown_check_back_off=1.5 |
|
41 |
|
42 [solaris] |
|
43 # The Solaris driver only reads values from this section. Setting a value |
|
44 # here will override the defaults which are set in the driver files as |
|
45 # solaris_opts. Setting values here is optional. |
|
46 # |
|
47 # Setting ipsec_status_check_interval will change the interval that the |
|
48 # driver runs the status update code. The value is in seconds. |
|
49 # A lower value will result in more frequent updates to neutron. |
|
50 # |
|
51 # ipsec_status_check_interval = 10 |
|
52 # |
|
53 # This will enable the packet logging service which logs discarded packets. |
|
54 # |
|
55 # packet_logging = True |
|
56 # logger_level = "message+packet" |
|