1278 lines
29 KiB
ReStructuredText
1278 lines
29 KiB
ReStructuredText
.. -*- rst -*-
|
|
|
|
===================================================================================================================================================================================================
|
|
VPNaaS 2.0 (`UNMAINTAINED <http://lists.openstack.org/pipermail/openstack-dev/2016-November/107384.html>`_) (vpn, vpnservices, ikepolicies, ipsecpolicies, endpoint-groups, ipsec-site-connections)
|
|
===================================================================================================================================================================================================
|
|
|
|
The Virtual-Private-Network-as-a-Service (VPNaaS) extension enables
|
|
OpenStack projects to extend private networks across the public
|
|
telecommunication infrastructure.
|
|
|
|
This initial implementation of the VPNaaS extension provides:
|
|
|
|
- Site-to-site VPN that connects two private networks.
|
|
|
|
- Multiple VPN connections per project.
|
|
|
|
- IKEv1 policy support with 3des, aes-128, aes-256, or aes-192
|
|
encryption.
|
|
|
|
- IPSec policy support with 3des, aes-128, aes-192, or aes-256
|
|
encryption, sha1 authentication, ESP, AH, or AH-ESP transform
|
|
protocol, and tunnel or transport mode encapsulation.
|
|
|
|
- Dead Peer Detection (DPD) with hold, clear, restart, disabled, or
|
|
restart-by-peer actions.
|
|
|
|
This extension introduces these resources:
|
|
|
|
- ``service``. A parent object that associates VPN with a specific
|
|
subnet and router.
|
|
|
|
- ``ikepolicy``. The Internet Key Exchange (IKE) policy that
|
|
identifies the authentication and encryption algorithm to use
|
|
during phase one and two negotiation of a VPN connection.
|
|
|
|
- ``ipsecpolicy``. The IP security policy that specifies the
|
|
authentication and encryption algorithm and encapsulation mode to
|
|
use for the established VPN connection.
|
|
|
|
- ``ipsec-site-connection``. Details for the site-to-site IPsec
|
|
connection, including the peer CIDRs, MTU, authentication mode,
|
|
peer address, DPD settings, and status.
|
|
|
|
- ``endpoint-groups``. Defines one or more endpoints of a specific type,
|
|
and can be used to specify both local and peer endpoints for
|
|
IPSec Connections.
|
|
|
|
List IKE policies
|
|
=================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/ikepolicies
|
|
|
|
Lists IKE policies.
|
|
|
|
Use the ``fields`` query parameter to control which fields are
|
|
returned in the response body. Additionally, you can filter results
|
|
by using query string parameters. For information, see `Filtering
|
|
and Column Selection <https://wiki.openstack.org/wiki/Neutron/APIv2
|
|
-specification#Filtering_and_Column_Selection>`__.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- fields: fields
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ikepolicies: ikepolicies
|
|
- name: name
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- phase1_negotiation_mode: phase1_negotiation_mode
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- id: ikepolicy_id-body-response
|
|
- ike_version: ike_version
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ikepolicies-list-response.json
|
|
:language: javascript
|
|
|
|
Create IKE policy
|
|
=================
|
|
|
|
.. rest_method:: POST /v2.0/vpn/ikepolicies
|
|
|
|
Creates an IKE policy.
|
|
|
|
The IKE policy is used for phases one and two negotiation of the
|
|
VPN connection. You can specify both the authentication and
|
|
encryption algorithms for connections.
|
|
|
|
Normal response codes: 201
|
|
|
|
Error response codes: 400, 401
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ikepolicy: ikepolicy
|
|
- name: name
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- phase1_negotiation_mode: phase1_negotiation_mode
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- ike_version: ike_version
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/ikepolicy-create-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ikepolicies: ikepolicies
|
|
- ikepolicy: ikepolicy
|
|
- name: name
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- phase1_negotiation_mode: phase1_negotiation_mode
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- id: ikepolicy_id-body-response
|
|
- ike_version: ike_version
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ikepolicy-create-response.json
|
|
:language: javascript
|
|
|
|
Show IKE policy details
|
|
=======================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/ikepolicies/{ikepolicy_id}
|
|
|
|
Shows details for an IKE policy.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ikepolicy_id: ikepolicy_id-path
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ikepolicies: ikepolicies
|
|
- ikepolicy: ikepolicy
|
|
- name: name
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- phase1_negotiation_mode: phase1_negotiation_mode
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- id: ikepolicy_id-body-response
|
|
- ike_version: ike_version
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ikepolicy-show-response.json
|
|
:language: javascript
|
|
|
|
Update IKE policy
|
|
=================
|
|
|
|
.. rest_method:: PUT /v2.0/vpn/ikepolicies/{ikepolicy_id}
|
|
|
|
Updates policy settings in an IKE policy.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 400, 401, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ikepolicy_id: ikepolicy_id-path
|
|
- ikepolicy: ikepolicy
|
|
- description: description
|
|
- auth_algorithm: auth_algorithm
|
|
- name: name
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- phase1_negotiation_mode: phase1_negotiation_mode
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- ike_version: ike_version
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/ikepolicy-update-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ikepolicies: ikepolicies
|
|
- ikepolicy: ikepolicy
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- name: name
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- phase1_negotiation_mode: phase1_negotiation_mode
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- id: ikepolicy_id-body-response
|
|
- ike_version: ike_version
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ikepolicy-update-response.json
|
|
:language: javascript
|
|
|
|
Remove IKE policy
|
|
=================
|
|
|
|
.. rest_method:: DELETE /v2.0/vpn/ikepolicies/{ikepolicy_id}
|
|
|
|
Removes an IKE policy.
|
|
|
|
Normal response codes: 204
|
|
|
|
Error response codes: 401, 404, 409
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ikepolicy_id: ikepolicy_id-path
|
|
|
|
Response
|
|
--------
|
|
|
|
There is no body content for the response of a successful DELETE request.
|
|
|
|
List IPSec policies
|
|
===================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/ipsecpolicies
|
|
|
|
Lists all IPSec policies.
|
|
|
|
Use the ``fields`` query parameter to control which fields are
|
|
returned in the response body. Additionally, you can filter results
|
|
by using query string parameters. For information, see `Filtering
|
|
and Column Selection <https://wiki.openstack.org/wiki/Neutron/APIv2
|
|
-specification#Filtering_and_Column_Selection>`__.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- fields: fields
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsecpolicies: ipsecpolicies
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- encapsulation_mode: encapsulation_mode
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- transform_protocol: transform_protocol
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- id: ipsecpolicy_id-body-response
|
|
- name: name
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsecpolicies-list-response.json
|
|
:language: javascript
|
|
|
|
Create IPSec policy
|
|
===================
|
|
|
|
.. rest_method:: POST /v2.0/vpn/ipsecpolicies
|
|
|
|
Creates an IP security (IPSec) policy.
|
|
|
|
The IPsec policy specifies the authentication and encryption
|
|
algorithms and encapsulation mode to use for the established VPN
|
|
connection.
|
|
|
|
Normal response codes: 201
|
|
|
|
Error response codes: 400, 401
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsecpolicy: ipsecpolicy
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- encapsulation_mode: encapsulation_mode
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- transform_protocol: transform_protocol
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- name: name
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsecpolicy-create-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsecpolicies: ipsecpolicies
|
|
- ipsecpolicy: ipsecpolicy
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- encapsulation_mode: encapsulation_mode
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- transform_protocol: transform_protocol
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- id: ipsecpolicy_id-body-response
|
|
- name: name
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsecpolicy-create-response.json
|
|
:language: javascript
|
|
|
|
Show IPSec policy
|
|
=================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/ipsecpolicies/{ipsecpolicy_id}
|
|
|
|
Shows details for an IPSec policy.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsecpolicy_id: ipsecpolicy_id-path
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsecpolicies: ipsecpolicies
|
|
- ipsecpolicy: ipsecpolicy
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- encapsulation_mode: encapsulation_mode
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- transform_protocol: transform_protocol
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- id: ipsecpolicy_id-body-response
|
|
- name: name
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsecpolicy-show-response.json
|
|
:language: javascript
|
|
|
|
Update IPSec policy
|
|
===================
|
|
|
|
.. rest_method:: PUT /v2.0/vpn/ipsecpolicies/{ipsecpolicy_id}
|
|
|
|
Updates policy settings in an IPSec policy.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 400, 401, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsecpolicy_id: ipsecpolicy_id-path
|
|
- ipsecpolicy: ipsecpolicy
|
|
- description: description
|
|
- transform_protocol: transform_protocol
|
|
- auth_algorithm: auth_algorithm
|
|
- encapsulation_mode: encapsulation_mode
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- name: name
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsecpolicy-update-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsecpolicies: ipsecpolicies
|
|
- ipsecpolicy: ipsecpolicy
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- auth_algorithm: auth_algorithm
|
|
- encapsulation_mode: encapsulation_mode
|
|
- encryption_algorithm: encryption_algorithm
|
|
- pfs: pfs
|
|
- value: value
|
|
- transform_protocol: transform_protocol
|
|
- units: units
|
|
- lifetime: lifetime
|
|
- id: ipsecpolicy_id-body-response
|
|
- name: name
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsecpolicy-update-response.json
|
|
:language: javascript
|
|
|
|
Remove IPSec policy
|
|
===================
|
|
|
|
.. rest_method:: DELETE /v2.0/vpn/ipsecpolicies/{ipsecpolicy_id}
|
|
|
|
Removes an IPSec policy.
|
|
|
|
Normal response codes: 204
|
|
|
|
Error response codes: 401, 404, 409
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsecpolicy_id: ipsecpolicy_id-path
|
|
|
|
Response
|
|
--------
|
|
|
|
There is no body content for the response of a successful DELETE request.
|
|
|
|
List IPSec connections
|
|
======================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/ipsec-site-connections
|
|
|
|
Lists all IPSec connections.
|
|
|
|
Use the ``fields`` query parameter to control which fields are
|
|
returned in the response body. For information, see `Filtering and
|
|
Column Selection <http://specs.openstack.org/openstack/neutron-
|
|
specs/specs/api/networking_general_api_information.html#filtering-
|
|
and-column-selection>`__.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- fields: fields
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- auth_mode: auth_mode
|
|
- ikepolicy_id: ikepolicy_id-body-response
|
|
- vpnservice_id: vpnservice_id-body-response
|
|
- local_ep_group_id: local_ep_group_id
|
|
- peer_address: peer_address
|
|
- id: connection_id-body-response
|
|
- route_mode: route_mode
|
|
- ipsecpolicy_id: ipsecpolicy_id-body-response
|
|
- peer_id: peer_id
|
|
- status: ipsec_site_connection-status
|
|
- psk: psk
|
|
- description: description
|
|
- initiator: initiator
|
|
- peer_cidrs: peer_cidrs
|
|
- name: name
|
|
- admin_state_up: admin_state_up
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- interval: interval
|
|
- mtu: mtu
|
|
- peer_ep_group_id: peer_ep_group_id
|
|
- dpd: dpd
|
|
- timeout: ipsec_site_connection-timeout
|
|
- action: ipsec_site_connection-action
|
|
- local_id: local_id
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsec-site-connections-list-response.json
|
|
:language: javascript
|
|
|
|
Create IPSec connection
|
|
=======================
|
|
|
|
.. rest_method:: POST /v2.0/vpn/ipsec-site-connections
|
|
|
|
Creates a site-to-site IPSec connection for a service.
|
|
|
|
Normal response codes: 201
|
|
|
|
Error response codes: 400, 401
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsec_site_connection: ipsec_site_connection
|
|
- auth_mode: auth_mode
|
|
- ikepolicy_id: ikepolicy_id-body-request
|
|
- vpnservice_id: vpnservice_id-body-request
|
|
- local_ep_group_id: local_ep_group_id
|
|
- peer_address: peer_address
|
|
- route_mode: route_mode
|
|
- ipsecpolicy_id: ipsecpolicy_id-body-request
|
|
- peer_id: peer_id
|
|
- psk: psk
|
|
- description: description
|
|
- initiator: initiator
|
|
- peer_cidrs: peer_cidrs
|
|
- name: name
|
|
- admin_state_up: admin_state_up
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- interval: interval
|
|
- mtu: mtu
|
|
- peer_ep_group_id: peer_ep_group_id
|
|
- dpd: dpd
|
|
- timeout: ipsec_site_connection-timeout
|
|
- action: ipsec_site_connection-action
|
|
- local_id: local_id
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsec-site-connection-create-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- ipsec_site_connection: ipsec_site_connection
|
|
- auth_mode: auth_mode
|
|
- ikepolicy_id: ikepolicy_id-body-response
|
|
- vpnservice_id: vpnservice_id-body-response
|
|
- local_ep_group_id: local_ep_group_id
|
|
- peer_address: peer_address
|
|
- id: connection_id-body-response
|
|
- route_mode: route_mode
|
|
- ipsecpolicy_id: ipsecpolicy_id-body-response
|
|
- peer_id: peer_id
|
|
- status: ipsec_site_connection-status
|
|
- psk: psk
|
|
- description: description
|
|
- initiator: initiator
|
|
- peer_cidrs: peer_cidrs
|
|
- name: name
|
|
- admin_state_up: admin_state_up
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- interval: interval
|
|
- mtu: mtu
|
|
- peer_ep_group_id: peer_ep_group_id
|
|
- dpd: dpd
|
|
- timeout: ipsec_site_connection-timeout
|
|
- action: ipsec_site_connection-action
|
|
- local_id: local_id
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsec-site-connection-create-response.json
|
|
:language: javascript
|
|
|
|
Show IPSec connection
|
|
=====================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/ipsec-site-connections/{connection_id}
|
|
|
|
Shows details for an IPSec connection.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- connection_id: connection_id-path
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- auth_mode: auth_mode
|
|
- ikepolicy_id: ikepolicy_id-body-response
|
|
- vpnservice_id: vpnservice_id-body-response
|
|
- local_ep_group_id: local_ep_group_id
|
|
- peer_address: peer_address
|
|
- id: connection_id-body-response
|
|
- ipsec_site_connection: ipsec_site_connection
|
|
- route_mode: route_mode
|
|
- ipsecpolicy_id: ipsecpolicy_id-body-response
|
|
- peer_id: peer_id
|
|
- status: ipsec_site_connection-status
|
|
- psk: psk
|
|
- description: description
|
|
- initiator: initiator
|
|
- peer_cidrs: peer_cidrs
|
|
- name: name
|
|
- admin_state_up: admin_state_up
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- interval: interval
|
|
- mtu: mtu
|
|
- peer_ep_group_id: peer_ep_group_id
|
|
- dpd: dpd
|
|
- timeout: ipsec_site_connection-timeout
|
|
- action: ipsec_site_connection-action
|
|
- local_id: local_id
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsec-site-connection-show-response.json
|
|
:language: javascript
|
|
|
|
Update IPSec connection
|
|
=======================
|
|
|
|
.. rest_method:: PUT /v2.0/vpn/ipsec-site-connections/{connection_id}
|
|
|
|
Updates connection settings for an IPSec connection.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 400, 401, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- connection_id: connection_id-path
|
|
- ipsec_site_connection: ipsec_site_connection
|
|
- psk: psk
|
|
- initiator: initiator
|
|
- description: description
|
|
- admin_state_up: admin_state_up
|
|
- interval: interval
|
|
- peer_cidrs: peer_cidrs
|
|
- mtu: mtu
|
|
- peer_ep_group_id: peer_ep_group_id
|
|
- local_ep_group_id: local_ep_group_id
|
|
- dpd: dpd
|
|
- timeout: ipsec_site_connection-timeout
|
|
- action: ipsec_site_connection-action
|
|
- peer_address: peer_address
|
|
- peer_id: peer_id
|
|
- name: name
|
|
- local_id: local_id
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsec-site-connection-update-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- auth_mode: auth_mode
|
|
- ikepolicy_id: ikepolicy_id-body-response
|
|
- vpnservice_id: vpnservice_id-body-response
|
|
- local_ep_group_id: local_ep_group_id
|
|
- peer_address: peer_address
|
|
- id: connection_id-body-response
|
|
- ipsec_site_connection: ipsec_site_connection
|
|
- route_mode: route_mode
|
|
- ipsecpolicy_id: ipsecpolicy_id-body-response
|
|
- peer_id: peer_id
|
|
- status: ipsec_site_connection-status
|
|
- psk: psk
|
|
- description: description
|
|
- initiator: initiator
|
|
- peer_cidrs: peer_cidrs
|
|
- name: name
|
|
- admin_state_up: admin_state_up
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- interval: interval
|
|
- mtu: mtu
|
|
- peer_ep_group_id: peer_ep_group_id
|
|
- dpd: dpd
|
|
- timeout: ipsec_site_connection-timeout
|
|
- action: ipsec_site_connection-action
|
|
- local_id: local_id
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/ipsec-site-connection-update-response.json
|
|
:language: javascript
|
|
|
|
Remove IPSec connection
|
|
=======================
|
|
|
|
.. rest_method:: DELETE /v2.0/vpn/ipsec-site-connections/{connection_id}
|
|
|
|
Removes an IPSec connection.
|
|
|
|
Normal response codes: 204
|
|
|
|
Error response codes: 401, 404, 409
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- connection_id: connection_id-path
|
|
|
|
Response
|
|
--------
|
|
|
|
There is no body content for the response of a successful DELETE request.
|
|
|
|
List VPN endpoint groups
|
|
========================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/endpoint-groups
|
|
|
|
Lists VPN endpoint groups.
|
|
|
|
Use the ``fields`` query parameter to control which fields are
|
|
returned in the response body. Additionally, you can filter results
|
|
by using query string parameters. For information, see `Filtering
|
|
and Column Selection <https://wiki.openstack.org/wiki/Neutron/APIv2
|
|
-specification#Filtering_and_Column_Selection>`__.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- fields: fields
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- endpoints: endpoints
|
|
- name: name
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- type: type
|
|
- id: endpoint_group_id-body-response
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/vpn-endpoint-groups-list-response.json
|
|
:language: javascript
|
|
|
|
Create VPN endpoint group
|
|
=========================
|
|
|
|
.. rest_method:: POST /v2.0/vpn/endpoint-groups
|
|
|
|
Creates a VPN endpoint group.
|
|
|
|
The endpoint group contains one or more endpoints of a specific
|
|
type that you can use to create a VPN connections.
|
|
|
|
Normal response codes: 201
|
|
|
|
Error response codes: 400, 401
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- endpoints: endpoints
|
|
- type: type
|
|
- description: description
|
|
- name: name
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/vpn-endpoint-group-create-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- endpoints: endpoints
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- type: type
|
|
- id: endpoint_group_id-body-response
|
|
- name: name
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/vpn-endpoint-group-create-response.json
|
|
:language: javascript
|
|
|
|
Show VPN endpoint group
|
|
=======================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/endpoint-groups/{endpoint_group_id}
|
|
|
|
Shows details for a VPN endpoint group.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- endpoint_group_id: endpoint_group_id-path
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- endpoints: endpoints
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- type: type
|
|
- id: endpoint_group_id-body-response
|
|
- name: name
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/vpn-endpoint-group-show-response.json
|
|
:language: javascript
|
|
|
|
Update VPN endpoint group
|
|
=========================
|
|
|
|
.. rest_method:: PUT /v2.0/vpn/endpoint-groups/{endpoint_group_id}
|
|
|
|
Updates settings for a VPN endpoint group.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 400, 401, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- description: description
|
|
- name: name
|
|
- endpoint_group_id: endpoint_group_id-path
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/vpn-endpoint-group-update-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- endpoints: endpoints
|
|
- description: description
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- type: type
|
|
- id: endpoint_group_id-body-response
|
|
- name: name
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/vpn-endpoint-group-update-response.json
|
|
:language: javascript
|
|
|
|
Remove VPN endpoint group
|
|
=========================
|
|
|
|
.. rest_method:: DELETE /v2.0/vpn/endpoint-groups/{endpoint_group_id}
|
|
|
|
Removes a VPN endpoint group.
|
|
|
|
Normal response codes: 204
|
|
|
|
Error response codes: 401, 404, 409
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- endpoint_group_id: endpoint_group_id-path
|
|
|
|
Response
|
|
--------
|
|
|
|
There is no body content for the response of a successful DELETE request.
|
|
|
|
List VPN services
|
|
=================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/vpnservices
|
|
|
|
Lists all VPN services.
|
|
|
|
The list might be empty.
|
|
|
|
Use the ``fields`` query parameter to control which fields are
|
|
returned in the response body. Additionally, you can filter results
|
|
by using query string parameters. For information, see `Filtering
|
|
and Column Selection <https://wiki.openstack.org/wiki/Neutron/APIv2
|
|
-specification#Filtering_and_Column_Selection>`__.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- fields: fields
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- vpnservices: vpnservices
|
|
- router_id: router_id
|
|
- status: vpnservice-status
|
|
- name: name
|
|
- external_v6_ip: external_v6_ip
|
|
- admin_state_up: admin_state_up
|
|
- subnet_id: subnet_id
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- external_v4_ip: external_v4_ip
|
|
- id: vpnservice_id-body-response
|
|
- description: description
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/vpnservices-list-response.json
|
|
:language: javascript
|
|
|
|
Create VPN service
|
|
==================
|
|
|
|
.. rest_method:: POST /v2.0/vpn/vpnservices
|
|
|
|
Creates a VPN service.
|
|
|
|
The service is associated with a router. After you create the
|
|
service, it can contain multiple VPN connections.
|
|
|
|
Normal response codes: 201
|
|
|
|
Error response codes: 400, 401
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- vpnservice: vpnservice
|
|
- router_id: router_id
|
|
- description: description
|
|
- admin_state_up: admin_state_up
|
|
- subnet_id: subnet_id
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- name: name
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/vpnservice-create-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- vpnservice: vpnservice
|
|
- router_id: router_id
|
|
- status: vpnservice-status
|
|
- name: name
|
|
- external_v6_ip: external_v6_ip
|
|
- admin_state_up: admin_state_up
|
|
- subnet_id: subnet_id
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- external_v4_ip: external_v4_ip
|
|
- id: vpnservice_id-body-response
|
|
- description: description
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/vpnservice-create-response.json
|
|
:language: javascript
|
|
|
|
Show VPN service details
|
|
========================
|
|
|
|
.. rest_method:: GET /v2.0/vpn/vpnservices/{service_id}
|
|
|
|
Shows details for a VPN service.
|
|
|
|
If the user is not an administrative user and the VPN service
|
|
object does not belong to the tenant account for the user, the
|
|
operation returns the ``Forbidden (403)`` response code.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 401, 403, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- service_id: vpnservice_id-path
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- vpnservice: vpnservice
|
|
- router_id: router_id
|
|
- status: vpnservice-status
|
|
- name: name
|
|
- external_v6_ip: external_v6_ip
|
|
- admin_state_up: admin_state_up
|
|
- subnet_id: subnet_id
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- external_v4_ip: external_v4_ip
|
|
- id: vpnservice_id-body-response
|
|
- description: description
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/vpnservice-show-response.json
|
|
:language: javascript
|
|
|
|
Update VPN service
|
|
==================
|
|
|
|
.. rest_method:: PUT /v2.0/vpn/vpnservices/{service_id}
|
|
|
|
Updates a VPN service.
|
|
|
|
Updates the attributes of a VPN service. You cannot update a
|
|
service with a ``PENDING_*`` status.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: 400, 401, 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- vpnservice: vpnservice
|
|
- description: description
|
|
- name: name
|
|
- admin_state_up: admin_state_up
|
|
- service_id: vpnservice_id-path
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: samples/vpn/vpnservice-update-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- vpnservice: vpnservice
|
|
- router_id: router_id
|
|
- status: vpnservice-status
|
|
- name: name
|
|
- external_v6_ip: external_v6_ip
|
|
- admin_state_up: admin_state_up
|
|
- subnet_id: subnet_id
|
|
- tenant_id: project_id
|
|
- project_id: project_id
|
|
- external_v4_ip: external_v4_ip
|
|
- id: vpnservice_id-body-response
|
|
- description: description
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/vpn/vpnservice-update-response.json
|
|
:language: javascript
|
|
|
|
Remove VPN service
|
|
==================
|
|
|
|
.. rest_method:: DELETE /v2.0/vpn/vpnservices/{service_id}
|
|
|
|
Removes a VPN service.
|
|
|
|
If the service has connections, the request is rejected.
|
|
|
|
Normal response codes: 204
|
|
|
|
Error response codes: 401, 404, 409
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- service_id: vpnservice_id-path
|
|
|
|
Response
|
|
--------
|
|
|
|
There is no body content for the response of a successful DELETE request.
|