A tale of two routers
The following diagram represents the tunnel between two Neutron routers that are constructed from the IPSec site connections created in the previous section:
Figure 12.15
Neutron automatically generates an ipsec.conf VPN configuration file according to the settings defined by the user. The configuration files can be found on the network node in the /var/lib/neutron/ipsec/<router_id>/etc/ directory that corresponds to the individual Neutron router. In this demonstration, the controller node is also the network node.
The following configuration files correspond to the EAST and WEST routers, respectively:
# Configuration for EastRouterVPNService
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=psk
mobike=no
conn ada99bbe-4e96-4252-8d12-f9c981980942
keyexchange=ikev1
left=10.50.0.112
leftsubnet=172.25.30.0/24
leftid=10.50.0.112
leftfirewall=yes
right=10...
