1995 lines
33 KiB
ReStructuredText
1995 lines
33 KiB
ReStructuredText
=============================================
|
||
Virtual Private Network as a Service (VPNaaS)
|
||
=============================================
|
||
|
||
The VPNaaS extension provides OpenStack tenants with the ability to
|
||
extend private networks across the public telecommunication
|
||
infrastructure. The capabilities provided by this initial implementation
|
||
of the VPNaaS extension are:
|
||
|
||
- Site-to-site Virtual Private Network connecting two private networks.
|
||
|
||
- Multiple VPN connections per tenant.
|
||
|
||
- Supporting IKEv1 policy with 3des, aes-128, aes-256, or aes-192
|
||
encryption.
|
||
|
||
- Supporting IPSec policy with 3des, aes-128, aes-256, or aes-192
|
||
encryption, sha1 authentication, ESP, AH, or AH-ESP transform
|
||
protocol, and tunnel or transport mode encapsulation.
|
||
|
||
- Dead Peer Detection (DPD) allowing hold, clear, restart, disabled, or
|
||
restart-by-peer actions.
|
||
|
||
This extension introduces new resources:
|
||
|
||
- **service**, a high level object that associates VPN with a specific
|
||
subnet and router.
|
||
|
||
- **ikepolicy**, the Internet Key Exchange policy identifying the
|
||
authentication and encryption algorithm used during phase one and
|
||
phase two negotiation of a VPN connection.
|
||
|
||
- **ipsecpolicy**, the IP security policy specifying the authentication
|
||
and encryption algorithm, and encapsulation mode used for the
|
||
established VPN connection.
|
||
|
||
- **ipsec-site-connection**, has details for the site-to-site IPsec
|
||
connection, including the peer CIDRs, MTU, authentication mode, peer
|
||
address, DPD settings, and status.
|
||
|
||
Note
|
||
~~~~
|
||
|
||
This extension is **experimental** for the Havana release. The API may
|
||
change without backward compatibility.
|
||
|
||
Concepts
|
||
~~~~~~~~
|
||
|
||
A VPN **service** relates the Virtual Private Network with a specific
|
||
subnet and router for a tenant.
|
||
|
||
An **IKE Policy** is used for phase one and phase two negotiation of the
|
||
VPN connection. Configuration selects the authentication and encryption
|
||
algorithm used to establish a connection.
|
||
|
||
An **IPsec Policy** is used to specify the encryption algorithm,
|
||
transform protocol, and mode (tunnel/transport) for the VPN connection.
|
||
|
||
A VPN **connection** represents the IPsec tunnel established between two
|
||
sites for the tenant. This contains configuration settings specifying
|
||
the policies used, peer information, MTU, and the DPD actions to take.
|
||
|
||
High-level flow
|
||
~~~~~~~~~~~~~~~
|
||
|
||
The high-level task flow for using VPNaaS API to configure a
|
||
site-to-site Virtual Private Network is as follows:
|
||
|
||
#. The tenant creates a VPN service specifying the router and subnet.
|
||
|
||
#. The tenant creates an IKE Policy.
|
||
|
||
#. The tenant creates an IPsec Policy.
|
||
|
||
#. The tenant creates a VPN connection, specifying the VPN service, peer
|
||
information, and IKE and IPsec policies.
|
||
|
||
VPN services
|
||
~~~~~~~~~~~~
|
||
|
||
Manage a tenant's VPN service through this extension.
|
||
|
||
**Table VPN Service Attributes**
|
||
|
||
Attribute
|
||
|
||
Type
|
||
|
||
Required
|
||
|
||
CRUD `:sup:`[a]` <#ftn.vpnaas_service_crud_note>`__
|
||
|
||
Default value
|
||
|
||
Validation constraints
|
||
|
||
Notes
|
||
|
||
id
|
||
|
||
uuid-str
|
||
|
||
N/A
|
||
|
||
R
|
||
|
||
generated
|
||
|
||
N/A
|
||
|
||
Unique identifier for the VPN Service object.
|
||
|
||
tenant\_id
|
||
|
||
uuid-str
|
||
|
||
Yes
|
||
|
||
CR
|
||
|
||
Derived from Authentication token
|
||
|
||
valid tenant\_id
|
||
|
||
Owner of the VPN service. Only admin users can specify a tenant
|
||
identifier other than their own.
|
||
|
||
name
|
||
|
||
String
|
||
|
||
No
|
||
|
||
CRU
|
||
|
||
None
|
||
|
||
N/A
|
||
|
||
Human readable name for the VPN service. Does not have to be unique.
|
||
|
||
description
|
||
|
||
String
|
||
|
||
No
|
||
|
||
CRU
|
||
|
||
None
|
||
|
||
N/A
|
||
|
||
Human readable description for the VPN service.
|
||
|
||
status
|
||
|
||
String
|
||
|
||
N/A
|
||
|
||
R
|
||
|
||
N/A
|
||
|
||
N/A
|
||
|
||
Indicates whether IPsec VPN service is currently operational. Possible
|
||
values include: ACTIVE, DOWN, BUILD, ERROR, PENDING\_CREATE,
|
||
PENDING\_UPDATE, or PENDING\_DELETE.
|
||
|
||
admin\_state\_up
|
||
|
||
Bool
|
||
|
||
N/A
|
||
|
||
CRU
|
||
|
||
true
|
||
|
||
{true \false }
|
||
|
||
Administrative state of the vpnservice. If false (down), port does not
|
||
forward packets.
|
||
|
||
subnet\_id
|
||
|
||
uuid-str
|
||
|
||
Yes
|
||
|
||
CR
|
||
|
||
N/A
|
||
|
||
valid subnet ID
|
||
|
||
The subnet on which the tenant wants the VPN service. This may be
|
||
extended in the future to support multiple subnets.
|
||
|
||
router\_id
|
||
|
||
uuid-str
|
||
|
||
Yes
|
||
|
||
CR
|
||
|
||
N/A
|
||
|
||
valid router ID
|
||
|
||
Router ID to which the VPN service is inserted. This may change in the
|
||
future, when router level insertion is available.
|
||
|
||
- **`:sup:`[a]` <#vpnaas_service_crud_note>`__\ C**. Use the attribute
|
||
in create operations.
|
||
|
||
- **R**. This attribute is returned in response to show and list
|
||
operations.
|
||
|
||
- **U**. You can update the value of this attribute.
|
||
|
||
- **D**. You can delete the value of this attribute.
|
||
|
||
|
||
|
||
List VPN services
|
||
^^^^^^^^^^^^^^^^^
|
||
|
||
**GET** /vpn/vpnservices
|
||
|
||
Lists VPN services.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Forbidden (403)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example List VPN Services: Request**
|
||
|
||
.. code::
|
||
|
||
GET /v2.0/vpn/vpnservices.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
**Example List VPN Services: Response**
|
||
|
||
.. code::
|
||
|
||
{
|
||
"vpnservices": [
|
||
{
|
||
"router_id": "ec8619be-0ba8-4955-8835-3b49ddb76f89",
|
||
"status": "PENDING_CREATE",
|
||
"name": "myservice",
|
||
"admin_state_up": true,
|
||
"subnet_id": "f4fb4528-ed93-467c-a57b-11c7ea9f963e",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"id": "9faaf49f-dd89-4e39-a8c6-101839aa49bc",
|
||
"description": ""
|
||
}
|
||
]
|
||
}
|
||
|
||
|
||
|
||
Show VPN service details
|
||
^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
**GET** /vpn/vpnservices/*``service-id``*
|
||
|
||
Shows details about a specified VPN service.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Forbidden (403), Not Found
|
||
(404)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example Show VPN Service: Request**
|
||
|
||
.. code::
|
||
|
||
GET /v2.0/vpn/vpnservices/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
**Example Show VPN Service: Response**
|
||
|
||
.. code::
|
||
|
||
{
|
||
"vpnservice": {
|
||
"router_id": "ec8619be-0ba8-4955-8835-3b49ddb76f89",
|
||
"status": "PENDING_CREATE",
|
||
"name": "myservice",
|
||
"admin_state_up": true,
|
||
"subnet_id": "f4fb4528-ed93-467c-a57b-11c7ea9f963e",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"id": "9faaf49f-dd89-4e39-a8c6-101839aa49bc",
|
||
"description": ""
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Create VPN service
|
||
^^^^^^^^^^^^^^^^^^
|
||
|
||
**POST** /vpn/vpnservices
|
||
|
||
Creates a VPN service.
|
||
|
||
Normal Response Code: 201
|
||
|
||
Error Response Codes: Unauthorized (401), Bad Request (400)
|
||
|
||
This operation requires a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example Create VPN Service: Request**
|
||
|
||
.. code::
|
||
|
||
POST /v2.0/vpn/vpnservices.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
.. code::
|
||
|
||
{
|
||
"vpnservice": {
|
||
"subnet_id": "f4fb4528-ed93-467c-a57b-11c7ea9f963e",
|
||
"router_id": "ec8619be-0ba8-4955-8835-3b49ddb76f89",
|
||
"name": "myservice",
|
||
"admin_state_up": true
|
||
}
|
||
}
|
||
|
||
|
||
|
||
**Example Create VPN: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 201 Created
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"vpnservice": {
|
||
"router_id": "ec8619be-0ba8-4955-8835-3b49ddb76f89",
|
||
"status": "PENDING_CREATE",
|
||
"name": "myservice",
|
||
"admin_state_up": true,
|
||
"subnet_id": "f4fb4528-ed93-467c-a57b-11c7ea9f963e",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"id": "9faaf49f-dd89-4e39-a8c6-101839aa49bc",
|
||
"description": ""
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Update VPN service
|
||
^^^^^^^^^^^^^^^^^^
|
||
|
||
**PUT** /vpn/vpnservices/*``service-id``*
|
||
|
||
Updates a VPN service, provided status is not indicating a PENDING\_\*
|
||
state.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Bad Request (400), Not Found
|
||
(404)
|
||
|
||
**Example Update VPN Service: Request**
|
||
|
||
.. code::
|
||
|
||
PUT /v2.0/vpn/vpnservices/41bfef97-af4e-4f6b-a5d3-4678859d2485.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
.. code::
|
||
|
||
{
|
||
"vpnservice": {
|
||
"description": "Updated description"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
**Example Update VPN Service: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"vpnservice": {
|
||
"router_id": "881b7b30-4efb-407e-a162-5630a7af3595",
|
||
"status": "ACTIVE",
|
||
"name": "myvpn",
|
||
"admin_state_up": true,
|
||
"subnet_id": "25f8a35c-82d5-4f55-a45b-6965936b33f6",
|
||
"tenant_id": "26de9cd6cae94c8cb9f79d660d628e1f",
|
||
"id": "41bfef97-af4e-4f6b-a5d3-4678859d2485",
|
||
"description": "Updated description"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Delete VPN service
|
||
^^^^^^^^^^^^^^^^^^
|
||
|
||
**DELETE** /vpn/vpnservices/*``service-id``*
|
||
|
||
Deletes a VPN service.
|
||
|
||
Normal Response Code: 204
|
||
|
||
Error Response Codes: Unauthorized (401), Not Found (404), Conflict
|
||
(409)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation does not return a response body.
|
||
|
||
**Example Delete VPN Service: Request**
|
||
|
||
.. code::
|
||
|
||
DELETE /v2.0/vpn/vpnservices/1be5e5f7-c45e-49ba-85da-156575b60d50.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
**Example Delete VPN Service: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 204 No Content
|
||
Content-Length: 0
|
||
|
||
|
||
IKE policies
|
||
~~~~~~~~~~~~
|
||
|
||
Manage IKE policies through the VPN as a Service extension.
|
||
|
||
**Table IKE Policy Attributes**
|
||
|
||
Attribute
|
||
|
||
Type
|
||
|
||
Required
|
||
|
||
CRUD `:sup:`[a]` <#ftn.vpnaas_ikepolicy_crud_note>`__
|
||
|
||
Default value
|
||
|
||
Validation constraints
|
||
|
||
Notes
|
||
|
||
id
|
||
|
||
uuid-str
|
||
|
||
N/A
|
||
|
||
R
|
||
|
||
generated
|
||
|
||
N/A
|
||
|
||
Unique identifier for the IKE policy.
|
||
|
||
tenant\_id
|
||
|
||
uuid-str
|
||
|
||
Yes
|
||
|
||
CR
|
||
|
||
None
|
||
|
||
valid tenant\_id
|
||
|
||
Unique identifier for owner of the VPN service.
|
||
|
||
name
|
||
|
||
string
|
||
|
||
yes
|
||
|
||
CRU
|
||
|
||
None
|
||
|
||
N/A
|
||
|
||
Friendly name for the IKE policy.
|
||
|
||
description
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
None
|
||
|
||
N/A
|
||
|
||
Description of the IKE policy.
|
||
|
||
auth\_algorithm
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
sha1
|
||
|
||
N/A
|
||
|
||
Authentication Hash algorithms: sha1.
|
||
|
||
encryption\_algorithm
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
aes-128
|
||
|
||
N/A
|
||
|
||
Encryption Algorithms: 3des, aes-128, aes-256, aes-192, etc.
|
||
|
||
phase1\_negotiation\_mode
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
Main Mode
|
||
|
||
N/A
|
||
|
||
IKE mode: Main Mode.
|
||
|
||
pfs
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
Group5
|
||
|
||
N/A
|
||
|
||
Perfect Forward Secrecy: Group2, Group5, or Group14.
|
||
|
||
ike\_version
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
v1
|
||
|
||
N/A
|
||
|
||
Version: v1 or v2.
|
||
|
||
lifetime
|
||
|
||
dict
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
units: seconds, value: 3600.
|
||
|
||
Dictionary should be in this form: {'units': 'seconds', 'value': 2000}.
|
||
Value is a positive integer.
|
||
|
||
Lifetime of the SA. Units in 'seconds'. Either units or value may be
|
||
omitted.
|
||
|
||
- **`:sup:`[a]` <#vpnaas_ikepolicy_crud_note>`__\ C**. Use the
|
||
attribute in create operations.
|
||
|
||
- **R**. This attribute is returned in response to show and list
|
||
operations.
|
||
|
||
- **U**. You can update the value of this attribute.
|
||
|
||
- **D**. You can delete the value of this attribute.
|
||
|
||
|
||
List IKE policies
|
||
^^^^^^^^^^^^^^^^^
|
||
|
||
**GET** /vpn/ikepolicies
|
||
|
||
Lists IKE policies.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Forbidden (403)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example List IKE Policies: Request**
|
||
|
||
.. code::
|
||
|
||
GET /v2.0/vpn/ikepolicies.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
**Example List IKE Policies: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ikepolicies": [
|
||
{
|
||
"name": "ikepolicy1",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"auth_algorithm": "sha1",
|
||
"encryption_algorithm": "aes-256",
|
||
"pfs": "group5",
|
||
"phase1_negotiation_mode": "main",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 3600
|
||
},
|
||
"ike_version": "v1",
|
||
"id": "5522aff7-1b3c-48dd-9c3c-b50f016b73db",
|
||
"description": ""
|
||
}
|
||
]
|
||
}
|
||
|
||
|
||
|
||
Show IKE policy details
|
||
^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
**GET** /vpn/ikepolicies/*``ikepolicy-id``*
|
||
|
||
Shows details for a specified IKE policy.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Forbidden (403), Not Found
|
||
(404)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example Show IKE Policy: Request**
|
||
|
||
.. code::
|
||
|
||
GET /v2.0/vpn/ikepolicies/5522aff7-1b3c-48dd-9c3c-b50f016b73db.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
**Example Show IKE Policy: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ikepolicy": {
|
||
"name": "ikepolicy1",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"auth_algorithm": "sha1",
|
||
"encryption_algorithm": "aes-256",
|
||
"pfs": "group5",
|
||
"phase1_negotiation_mode": "main",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 3600
|
||
},
|
||
"ike_version": "v1",
|
||
"id": "5522aff7-1b3c-48dd-9c3c-b50f016b73db",
|
||
"description": ""
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Create IKE policy
|
||
^^^^^^^^^^^^^^^^^
|
||
|
||
**POST** /vpn/ikepolicies
|
||
|
||
Creates an IKE policy.
|
||
|
||
Normal Response Code: 201
|
||
|
||
Error Response Codes: Unauthorized (401), Bad Request (400)
|
||
|
||
This operation requires a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example Create IKE Policy: Request**
|
||
|
||
.. code::
|
||
|
||
POST /v2.0/vpn/ikepolicies.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ikepolicy": {
|
||
"phase1_negotiation_mode": "main",
|
||
"auth_algorithm": "sha1",
|
||
"encryption_algorithm": "aes-128",
|
||
"pfs": "group5",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 7200
|
||
},
|
||
"ike_version": "v1",
|
||
"name": "ikepolicy1"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
**Example Create IKE Policy: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 201 Created
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ikepolicy": {
|
||
"name": "ikepolicy1",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"auth_algorithm": "sha1",
|
||
"encryption_algorithm": "aes-128",
|
||
"pfs": "group5",
|
||
"phase1_negotiation_mode": "main",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 7200
|
||
},
|
||
"ike_version": "v1",
|
||
"id": "5522aff7-1b3c-48dd-9c3c-b50f016b73db",
|
||
"description": ""
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Update IKE policy
|
||
^^^^^^^^^^^^^^^^^
|
||
|
||
**PUT** /vpn/ikepolicies/*``ikepolicy-id``*
|
||
|
||
Updates an IKE policy.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Bad Request (400), Not Found
|
||
(404)
|
||
|
||
**Example Update IKE Policy: Request**
|
||
|
||
.. code::
|
||
|
||
PUT /v2.0/vpn/ikepolicies/5522aff7-1b3c-48dd-9c3c-b50f016b73db.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ikepolicy": {
|
||
"encryption_algorithm": "aes-256"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
**Example Update IKE Policy: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ikepolicy": {
|
||
"name": "ikepolicy1",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"auth_algorithm": "sha1",
|
||
"encryption_algorithm": "aes-256",
|
||
"pfs": "group5",
|
||
"phase1_negotiation_mode": "main",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 3600
|
||
},
|
||
"ike_version": "v1",
|
||
"id": "5522aff7-1b3c-48dd-9c3c-b50f016b73db",
|
||
"description": ""
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Delete IKE policy
|
||
^^^^^^^^^^^^^^^^^
|
||
|
||
**DELETE** /vpn/ikepolicies/*``ikepolicy-id``*
|
||
|
||
Deletes an IKE policy.
|
||
|
||
Normal Response Code: 204
|
||
|
||
Error Response Codes: Unauthorized (401), Not Found (404), Conflict
|
||
(409)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation does not return a response body.
|
||
|
||
**Example Delete IKE Policy: Request**
|
||
|
||
.. code::
|
||
|
||
DELETE /v2.0/vpn/ikepolicies/5522aff7-1b3c-48dd-9c3c-b50f016b73db.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
|
||
**Example Delete IKE Policy: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 204 No Content
|
||
Content-Length: 0
|
||
|
||
|
||
|
||
IPSec policies
|
||
~~~~~~~~~~~~~~
|
||
|
||
Manage IPSec policies through the VPN as a Service extension.
|
||
|
||
**Table IPSec Policy Attributes**
|
||
|
||
Attribute
|
||
|
||
Type
|
||
|
||
Required
|
||
|
||
CRUD `:sup:`[a]` <#ftn.vpnaas_ipsec_crud_note>`__
|
||
|
||
Default value
|
||
|
||
Validation constraints
|
||
|
||
Notes
|
||
|
||
id
|
||
|
||
uuid-str
|
||
|
||
N/A
|
||
|
||
R
|
||
|
||
generated
|
||
|
||
N/A
|
||
|
||
Unique identifier for the IPsec policy.
|
||
|
||
tenant\_id
|
||
|
||
uuid-str
|
||
|
||
Yes
|
||
|
||
CR
|
||
|
||
None
|
||
|
||
valid tenant\_id
|
||
|
||
Unique identifier for owner of the VPN service.
|
||
|
||
name
|
||
|
||
string
|
||
|
||
yes
|
||
|
||
CRU
|
||
|
||
None
|
||
|
||
N/A
|
||
|
||
Friendly name for the IPsec policy.
|
||
|
||
description
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
None
|
||
|
||
N/A
|
||
|
||
Description of the IPSec policy.
|
||
|
||
transform\_protocol
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
ESP
|
||
|
||
N/A
|
||
|
||
Transform protocol used: ESP, AH, or AH-ESP.
|
||
|
||
encapsulation\_mode
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
tunnel
|
||
|
||
N/A
|
||
|
||
Encapsulation mode: tunnel or transport.
|
||
|
||
auth\_algorithm
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
sha1
|
||
|
||
N/A
|
||
|
||
Authentication algorithm: sha1.
|
||
|
||
encryption\_algorithm
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
aes-128
|
||
|
||
N/A
|
||
|
||
Encryption Algorithms: 3des, aes-128, aes-256, or aes-192.
|
||
|
||
pfs
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
group5
|
||
|
||
N/A
|
||
|
||
Perfect Forward Secrecy: group2, group5, or group14.
|
||
|
||
lifetime
|
||
|
||
dict
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
units: seconds, value: 3600.
|
||
|
||
Dictionary should be in this form: {'units': 'seconds', 'value': 2000}.
|
||
Value is a positive integer.
|
||
|
||
Lifetime of the SA. Units in 'seconds'. Either units or value may be
|
||
omitted.
|
||
|
||
- **`:sup:`[a]` <#vpnaas_ipsec_crud_note>`__\ C**. Use the attribute in
|
||
create operations.
|
||
|
||
- **R**. This attribute is returned in response to show and list
|
||
operations.
|
||
|
||
- **U**. You can update the value of this attribute.
|
||
|
||
- **D**. You can delete the value of this attribute.
|
||
|
||
|
||
|
||
List IPSec policies
|
||
^^^^^^^^^^^^^^^^^^^
|
||
|
||
**GET** /vpn/ipsecpolicies
|
||
|
||
Lists IPSec policies.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Forbidden (403)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example List IPSec Policies: Request**
|
||
|
||
.. code::
|
||
|
||
GET /v2.0/vpn/ipsecpolicies.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
**Example List IPSec Policies: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsecpolicies": [
|
||
{
|
||
"name": "ipsecpolicy1",
|
||
"transform_protocol": "esp",
|
||
"auth_algorithm": "sha1",
|
||
"encapsulation_mode": "tunnel",
|
||
"encryption_algorithm": "aes-128",
|
||
"pfs": "group14",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 3600
|
||
},
|
||
"id": "5291b189-fd84-46e5-84bd-78f40c05d69c",
|
||
"description": ""
|
||
}
|
||
]
|
||
}
|
||
|
||
|
||
|
||
Show IPSec policy details
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
**GET** /vpn/ipsecpolicies/*``ipsecpolicy-id``*
|
||
|
||
Shows details for a specified IPSec policy.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Forbidden (403), Not Found
|
||
(404)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example Show IPSec policy: Request**
|
||
|
||
.. code::
|
||
|
||
GET /v2.0/vpn/ipsecpolicies/5291b189-fd84-46e5-84bd-78f40c05d69c.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
**Example Show IPSec policy: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsecpolicy": {
|
||
"name": "ipsecpolicy1",
|
||
"transform_protocol": "esp",
|
||
"auth_algorithm": "sha1",
|
||
"encapsulation_mode": "tunnel",
|
||
"encryption_algorithm": "aes-128",
|
||
"pfs": "group14",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 3600
|
||
},
|
||
"id": "5291b189-fd84-46e5-84bd-78f40c05d69c",
|
||
"description": ""
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Create IPSec Policy
|
||
^^^^^^^^^^^^^^^^^^^
|
||
|
||
**POST** /vpn/ipsecpolicies
|
||
|
||
Creates an IPSec policy.
|
||
|
||
Normal Response Code: 201
|
||
|
||
Error Response Codes: Unauthorized (401), Bad Request (400)
|
||
|
||
This operation requires a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example Create IPSec policy: Request**
|
||
|
||
.. code::
|
||
|
||
POST /v2.0/vpn/ipsecpolicies.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsecpolicy": {
|
||
"name": "ipsecpolicy1",
|
||
"transform_protocol": "esp",
|
||
"auth_algorithm": "sha1",
|
||
"encapsulation_mode": "tunnel",
|
||
"encryption_algorithm": "aes-128",
|
||
"pfs": "group5",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 7200
|
||
}
|
||
}
|
||
}
|
||
|
||
|
||
|
||
**Example Create IPSec policy: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 201 Created
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsecpolicy": {
|
||
"name": "ipsecpolicy1",
|
||
"transform_protocol": "esp",
|
||
"auth_algorithm": "sha1",
|
||
"encapsulation_mode": "tunnel",
|
||
"encryption_algorithm": "aes-128",
|
||
"pfs": "group5",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 7200
|
||
},
|
||
"id": "5291b189-fd84-46e5-84bd-78f40c05d69c",
|
||
"description": ""
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Update IPSec Policy
|
||
^^^^^^^^^^^^^^^^^^^
|
||
|
||
**PUT** /vpn/ipsecpolicies/*``ipsecpolicy-id``*
|
||
|
||
Updates an IPSec policy.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Bad Request (400), Not Found
|
||
(404)
|
||
|
||
**Example Update IPSec policy: Request**
|
||
|
||
.. code::
|
||
|
||
PUT /v2.0/vpn/ipsecpolicies/5291b189-fd84-46e5-84bd-78f40c05d69c.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsecpolicy": {
|
||
"pfs": "group14"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
**Example Update IPSec policy: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsecpolicy": {
|
||
"name": "ipsecpolicy1",
|
||
"transform_protocol": "esp",
|
||
"auth_algorithm": "sha1",
|
||
"encapsulation_mode": "tunnel",
|
||
"encryption_algorithm": "aes-128",
|
||
"pfs": "group14",
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"lifetime": {
|
||
"units": "seconds",
|
||
"value": 3600
|
||
},
|
||
"id": "5291b189-fd84-46e5-84bd-78f40c05d69c",
|
||
"description": ""
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Delete IPSec policy
|
||
^^^^^^^^^^^^^^^^^^^
|
||
|
||
**DELETE** /vpn/ipsecpolicies/*``ipsecpolicy-id``*
|
||
|
||
Deletes an IPSec policy.
|
||
|
||
Normal Response Code: 204
|
||
|
||
Error Response Codes: Unauthorized (401), Not Found (404), Conflict
|
||
(409)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation does not return a response body.
|
||
|
||
**Example Delete IPSec policy: Request**
|
||
|
||
.. code::
|
||
|
||
DELETE /v2.0/vpn/ipsecpolicies/5291b189-fd84-46e5-84bd-78f40c05d69c.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
|
||
**Example Delete IPSec policy: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 204 No Content
|
||
Content-Length: 0
|
||
|
||
|
||
|
||
IPSec site connections
|
||
~~~~~~~~~~~~~~~~~~~~~~
|
||
|
||
Manage IPSec site-to-site connections through the VPN as a Service
|
||
extension.
|
||
|
||
**Table IPSec site connection attributes**
|
||
|
||
Attribute
|
||
|
||
Type
|
||
|
||
Required
|
||
|
||
CRUD `:sup:`[a]` <#ftn.vpnaas_ipsec_site_connection_crud_note>`__
|
||
|
||
Default Value
|
||
|
||
Validation Constraints
|
||
|
||
Notes
|
||
|
||
id
|
||
|
||
uuid-str
|
||
|
||
N/A
|
||
|
||
R
|
||
|
||
generated
|
||
|
||
N/A
|
||
|
||
Unique identifier for the IPSec site-to-site connection.
|
||
|
||
tenant\_id
|
||
|
||
uuid-str
|
||
|
||
Yes
|
||
|
||
CR
|
||
|
||
None
|
||
|
||
valid tenant\_id
|
||
|
||
Unique identifier for owner of the VPN service.
|
||
|
||
name
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
None
|
||
|
||
N/A
|
||
|
||
Name for IPSec site-to-site connection.
|
||
|
||
description
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
None
|
||
|
||
N/A
|
||
|
||
Description of the IPSec site-to-site connection.
|
||
|
||
peer\_address
|
||
|
||
string
|
||
|
||
yes
|
||
|
||
CRU
|
||
|
||
N/A
|
||
|
||
N/A
|
||
|
||
Peer gateway public IPv4/IPv6 address or FQDN.
|
||
|
||
peer\_id
|
||
|
||
string
|
||
|
||
yes
|
||
|
||
CRU
|
||
|
||
N/A
|
||
|
||
N/A
|
||
|
||
Peer router identity for authentication. Can be IPv4/IPv6 address,
|
||
e-mail address, key id, or FQDN.
|
||
|
||
peer\_cidrs
|
||
|
||
list[string]
|
||
|
||
yes
|
||
|
||
CRU
|
||
|
||
N/A
|
||
|
||
unique list of valid cidr in the form <net\_address>/<prefix>
|
||
|
||
Peer private CIDRs.
|
||
|
||
route\_mode
|
||
|
||
string
|
||
|
||
no
|
||
|
||
R
|
||
|
||
static
|
||
|
||
static
|
||
|
||
Route mode: static. This will be extended in the future.
|
||
|
||
mtu
|
||
|
||
integer
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
1500
|
||
|
||
Integer. Minimum is 68 for IPv4 and 1280 for IPv6.
|
||
|
||
Maximum Transmission Unit to address fragmentation.
|
||
|
||
auth\_mode
|
||
|
||
string
|
||
|
||
no
|
||
|
||
R
|
||
|
||
psk
|
||
|
||
psk/certs
|
||
|
||
Authentication mode: PSK or certificate.
|
||
|
||
psk
|
||
|
||
string
|
||
|
||
yes
|
||
|
||
CRU
|
||
|
||
N/A
|
||
|
||
NO
|
||
|
||
Pre Shared Key: any string.
|
||
|
||
initiator
|
||
|
||
string
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
bi-directional
|
||
|
||
bi-directional / response-only
|
||
|
||
Whether this VPN can only respond to connections or can initiate as
|
||
well.
|
||
|
||
admin\_state\_up
|
||
|
||
bool
|
||
|
||
N/A
|
||
|
||
CRU
|
||
|
||
TRUE
|
||
|
||
true / false
|
||
|
||
Administrative state of VPN connection. If false (down), VPN connection
|
||
does not forward packets.
|
||
|
||
status
|
||
|
||
string
|
||
|
||
N/A
|
||
|
||
R
|
||
|
||
N/A
|
||
|
||
N/A
|
||
|
||
Indicates whether VPN connection is currently operational. Possible
|
||
values include: ACTIVE, DOWN, BUILD, ERROR, PENDING\_CREATE,
|
||
PENDING\_UPDATE, or PENDING\_DELETE.
|
||
|
||
ikepolicy\_id
|
||
|
||
uuid
|
||
|
||
yes
|
||
|
||
CR
|
||
|
||
N/A
|
||
|
||
Unique identifier of IKE policy
|
||
|
||
Unique identifier of IKE policy.
|
||
|
||
ipsecpolicy\_id
|
||
|
||
uuid
|
||
|
||
yes
|
||
|
||
CR
|
||
|
||
N/A
|
||
|
||
Unique identifier of IPSec policy
|
||
|
||
Unique identifier of IPSec policy.
|
||
|
||
vpnservice\_id
|
||
|
||
uuid
|
||
|
||
yes
|
||
|
||
CR
|
||
|
||
N/A
|
||
|
||
Unique identifier of VPN service
|
||
|
||
Unique identifier of VPN service.
|
||
|
||
dpd
|
||
|
||
dict
|
||
|
||
no
|
||
|
||
CRU
|
||
|
||
action: hold, interval: 30, timeout: 120
|
||
|
||
Dictionary should be in this form: {'action': 'clear', 'interval': 20,
|
||
'timeout': 60}. Interval is positive integer. Timeout is greater than
|
||
interval.
|
||
|
||
Dead Peer Detection protocol controls. Action: clear, hold, restart,
|
||
disabled, or restart-by-peer. Interval and timeout in seconds.
|
||
|
||
- **`:sup:`[a]` <#vpnaas_ipsec_site_connection_crud_note>`__\ C**. Use
|
||
the attribute in create operations.
|
||
|
||
- **R**. This attribute is returned in response to show and list
|
||
operations.
|
||
|
||
- **U**. You can update the value of this attribute.
|
||
|
||
- **D**. You can delete the value of this attribute.
|
||
|
||
|
||
|
||
List IPSec site connections
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
**GET**
|
||
|
||
/vpn/ipsec-site-connections
|
||
|
||
Lists the IPSec site-to-site connections.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Forbidden (403)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example List IPSec site connections: Request**
|
||
|
||
.. code::
|
||
|
||
GET /v2.0/vpn/ipsec-site-connections.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
|
||
**Example List IPSec site connections: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsec_site_connections": [
|
||
{
|
||
"status": "PENDING_CREATE",
|
||
"psk": "secret",
|
||
"initiator": "bi-directional",
|
||
"name": "vpnconnection1",
|
||
"admin_state_up": true,
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"description": "",
|
||
"auth_mode": "psk",
|
||
"peer_cidrs": [
|
||
"10.1.0.0/24"
|
||
],
|
||
"mtu": 1500,
|
||
"ikepolicy_id": "bf5612ac-15fb-460c-9b3d-6453da2fafa2",
|
||
"dpd": {
|
||
"action": "hold",
|
||
"interval": 30,
|
||
"timeout": 120
|
||
},
|
||
"route_mode": "static",
|
||
"vpnservice_id": "c2f3178d-5530-4c4a-89fc-050ecd552636",
|
||
"peer_address": "172.24.4.226",
|
||
"peer_id": "172.24.4.226",
|
||
"id": "cbc152a0-7e93-4f98-9f04-b085a4bf2511",
|
||
"ipsecpolicy_id": "8ba867b2-67eb-4835-bb61-c226804a1584"
|
||
}
|
||
]
|
||
}
|
||
|
||
|
||
|
||
Show IPSec site connection details
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
**GET**
|
||
|
||
/vpn/ipsec-site-connections/*``connection-id``*
|
||
|
||
Shows details about a specified IPSec site-to-site connection.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Forbidden (403), Not Found
|
||
(404)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example Show IPSec site connection: Request**
|
||
|
||
.. code::
|
||
|
||
GET /v2.0/vpn/ipsec-site-connections/cbc152a0-7e93-4f98-9f04-b085a4bf2511.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
|
||
**Example Show IPSec site connection: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsec_site_connection": {
|
||
"status": "PENDING_CREATE",
|
||
"psk": "secret",
|
||
"initiator": "bi-directional",
|
||
"name": "vpnconnection1",
|
||
"admin_state_up": true,
|
||
"tenant_id": "ccb81365fe36411a9011e90491fe1330",
|
||
"description": "",
|
||
"auth_mode": "psk",
|
||
"peer_cidrs": [
|
||
"10.1.0.0/24"
|
||
],
|
||
"mtu": 1500,
|
||
"ikepolicy_id": "bf5612ac-15fb-460c-9b3d-6453da2fafa2",
|
||
"dpd": {
|
||
"action": "hold",
|
||
"interval": 30,
|
||
"timeout": 120
|
||
},
|
||
"route_mode": "static",
|
||
"vpnservice_id": "c2f3178d-5530-4c4a-89fc-050ecd552636",
|
||
"peer_address": "172.24.4.226",
|
||
"peer_id": "172.24.4.226",
|
||
"id": "cbc152a0-7e93-4f98-9f04-b085a4bf2511",
|
||
"ipsecpolicy_id": "8ba867b2-67eb-4835-bb61-c226804a1584"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Create IPSec site connection
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
**POST**
|
||
|
||
/vpn/ipsec-site-connections
|
||
|
||
Creates an IPSec site connection.
|
||
|
||
Normal Response Code: 201
|
||
|
||
Error Response Codes: Unauthorized (401), Bad Request (400)
|
||
|
||
This operation requires a request body.
|
||
|
||
This operation returns a response body.
|
||
|
||
**Example Create IPSec site connection: Request**
|
||
|
||
.. code::
|
||
|
||
POST /v2.0/vpn/ipsec-site-connections.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsec_site_connection": {
|
||
"psk": "secret",
|
||
"initiator": "bi-directional",
|
||
"ipsecpolicy_id": "22b8abdc-e822-45b3-90dd-f2c8512acfa5",
|
||
"admin_state_up": true,
|
||
"peer_cidrs": [
|
||
"10.2.0.0/24"
|
||
],
|
||
"mtu": "1500",
|
||
"ikepolicy_id": "d3f373dc-0708-4224-b6f8-676adf27dab8",
|
||
"dpd": {
|
||
"action": "disabled",
|
||
"interval": 60,
|
||
"timeout": 240
|
||
},
|
||
"vpnservice_id": "7b347d20-6fa3-4e22-b744-c49ee235ae4f",
|
||
"peer_address": "172.24.4.233",
|
||
"peer_id": "172.24.4.233",
|
||
"name": "vpnconnection1"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
**Example Create IPSec site connection: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 201 Created
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsec_site_connection": {
|
||
"status": "PENDING_CREATE",
|
||
"psk": "secret",
|
||
"initiator": "bi-directional",
|
||
"name": "vpnconnection1",
|
||
"admin_state_up": true,
|
||
"tenant_id": "b6887d0b45b54a249b2ce3dee01caa47",
|
||
"description": "",
|
||
"auth_mode": "psk",
|
||
"peer_cidrs": [
|
||
"10.2.0.0/24"
|
||
],
|
||
"mtu": 1500,
|
||
"ikepolicy_id": "d3f373dc-0708-4224-b6f8-676adf27dab8",
|
||
"dpd": {
|
||
"action": "disabled",
|
||
"interval": 60,
|
||
"timeout": 240
|
||
},
|
||
"route_mode": "static",
|
||
"vpnservice_id": "7b347d20-6fa3-4e22-b744-c49ee235ae4f",
|
||
"peer_address": "172.24.4.233",
|
||
"peer_id": "172.24.4.233",
|
||
"id": "af44dfd7-cf91-4451-be57-cd4fdd96b5dc",
|
||
"ipsecpolicy_id": "22b8abdc-e822-45b3-90dd-f2c8512acfa5"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Update IPSec site connection
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
**PUT**
|
||
|
||
/vpn/ipsec-site-connections/*``connection-id``*
|
||
|
||
Updates an IPSec site-to-site connection, provided status is not
|
||
indicating a PENDING\_\* state.
|
||
|
||
Normal Response Code: 200
|
||
|
||
Error Response Codes: Unauthorized (401), Bad Request (400), Not Found
|
||
(404)
|
||
|
||
**Example Update IPSec site connection: Request**
|
||
|
||
.. code::
|
||
|
||
PUT /v2.0/vpn/ipsec-site-connections/f7cf7305-f491-45f4-ad9c-8e7240fe3d72.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsec_site_connection": {
|
||
"mtu": "2000"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
**Example Update IPSec site connection: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 200 OK
|
||
Content-Type: application/json; charset=UTF-8
|
||
|
||
.. code::
|
||
|
||
{
|
||
"ipsec_site_connection": {
|
||
"status": "DOWN",
|
||
"psk": "secret",
|
||
"initiator": "bi-directional",
|
||
"name": "vpnconnection1",
|
||
"admin_state_up": true,
|
||
"tenant_id": "26de9cd6cae94c8cb9f79d660d628e1f",
|
||
"description": "",
|
||
"auth_mode": "psk",
|
||
"peer_cidrs": [
|
||
"10.2.0.0/24"
|
||
],
|
||
"mtu": 2000,
|
||
"ikepolicy_id": "771f081c-5ec8-4f9a-b041-015dfb7fbbe2",
|
||
"dpd": {
|
||
"action": "hold",
|
||
"interval": 30,
|
||
"timeout": 120
|
||
},
|
||
"route_mode": "static",
|
||
"vpnservice_id": "41bfef97-af4e-4f6b-a5d3-4678859d2485",
|
||
"peer_address": "172.24.4.233",
|
||
"peer_id": "172.24.4.233",
|
||
"id": "f7cf7305-f491-45f4-ad9c-8e7240fe3d72",
|
||
"ipsecpolicy_id": "9958d4fe-3719-4e8c-84e7-9893895b76b4"
|
||
}
|
||
}
|
||
|
||
|
||
|
||
Delete IPSec site connection
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
**DELETE**
|
||
|
||
/vpn/ipsec-site-connections/*``connection-id``*
|
||
|
||
Deletes an IPSec site-to-site connection.
|
||
|
||
Normal Response Code: 204
|
||
|
||
Error Response Codes: Unauthorized (401), Not Found (404), Conflict
|
||
(409)
|
||
|
||
This operation does not require a request body.
|
||
|
||
This operation does not return a response body.
|
||
|
||
**Example Delete IPSec site connection: Request**
|
||
|
||
.. code::
|
||
|
||
DELETE /v2.0/vpn/ipsec-site-connections/cbc152a0-7e93-4f98-9f04-b085a4bf2511.json
|
||
User-Agent: python-neutronclient
|
||
Accept: application/json
|
||
|
||
|
||
|
||
**Example Delete IPSec site connection: Response**
|
||
|
||
.. code::
|
||
|
||
HTTP/1.1 204 No Content
|
||
Content-Length: 0
|
||
|
||
|
||
|