This service enables OpenStack users to make Neutron networks accessible to remote site over secure VPN tunnels.

The VPNaaS driver is not available for the NSX-T Policy plugin. The following instructions only apply to the NSX-T manager plugin.


  1. Edit /etc/neutron/neutron.conf to add the IPSec VPN as a service plugin for NSX-T Data Center, in the default configuration section: service_plugins = vmware_nsx_vpnaas,[…]
    service_plugins is a list option. It is possible to specify multiple service plugins by separating their full class names, or shortcuts, with a comma.
  2. Edit the /etc/neutron/neutron-vpnaas.conf file with the following: Set the load VPNservice driver for NSX-T Data Center, by setting the service_provider option in the service_providers configuration section. service_provider =
    The value of this option has a particular structure: <service_type>:<service_name>:<driver_class>:[<default>]. service_provider is a “multi-string” option. Every time it is specified, the value of the option is added to a list. It is possible to specify multiple service providers by setting the service_provider option for each of them.
  3. Ensure the file /etc/neutron/neutron-vpnaas.conf is added to the neutron server command line. This can be verified by running ps -aux | grep neutron and verifying that /etc/neutron/neutron-vpnaas.conf is present in the output.
    If the file is not included, the neutron service launcher should be edited. The location and structure of service launchers depend on the particular Openstack distribution used.
  4. Restart the neutron service. The specific service name depends on the OpenStack distribution used.