vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/vpn/api-ref/en_topic_0093011492.html
gtema 6b71b4a1fa Initial import of the VPN API document 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: gtema <artem.goncharov@gmail.com>
Co-committed-by: gtema <artem.goncharov@gmail.com>
2022-12-07 13:22:09 +00:00

36 KiB
Raw Blame History

Creating an IPsec VPN Connection

Function

This interface is used to create an IPsec VPN connection.

URI

POST /v2.0/vpn/ipsec-site-connections

Request Message

Table 1 lists the request parameters for creating an IPsec site connection.

Table 1 Request parameters

Parameter

Type

Mandatory

Description

dpd

Object

No

Specifies the DPD protocol control.

local_id

String

No

Specifies the ID of the external gateway address of a virtual router.

psk

String

Yes

Specifies the pre-shared key.

initiator

String

No

Specifies whether this VPN can only respond to connections or both respond to and initiate connections.

ipsecpolicy_id

String

Yes

Specifies the IPsec policy ID.

admin_state_up

Boolean

No

Specifies the administrative status. The value can be true or false.

mtu

Integer

No

Specifies the maximum transmission unit to address fragmentation.

peer_ep_group_id

String

Yes

Specifies the endpoint group ID (tenant CIDR blocks).

ikepolicy_id

String

Yes

Specifies the IKE policy ID.

vpnservice_id

String

Yes

Specifies the VPN service ID.

local_ep_group_id

String

Yes

Specifies the endpoint group ID (VPC subnets).

peer_address

String

Yes

Specifies the remote gateway address.

peer_id

String

Yes

Specifies the remote gateway ID.

name

String

No

Specifies the IPsec VPN connection name.

description

String

No

Provides supplementary information about the IPsec VPN connection.

auth_mode

String

No

Specifies the authentication mode. The default value is psk.

peer_cidrs

List<String>

No

(Deprecated) Specifies the tenant's CIDR blocks. The value is in the form of <net_address > / < prefix >.

tenant_id

String

No

Specifies the project ID.
  1. The project_id, peer_id, dpd, and local_id parameters are not supported.
  2. The value of tenant_id can contain a maximum of 255 characters.
  3. The value of name can contain 1 to 64 characters.
  4. The value of description can contain a maximum of 255 characters. This parameter has been used by internal components, and you are not allowed to configure the parameter.
  5. The value of peer_address can contain a maximum of 250 characters.
  6. The value of peer_id can contain a maximum of 250 characters and is unconfigurable.
  7. The route_mode parameter cannot be configured. The default value is static.
  8. The value of mtu can only be 1500.
  9. The value of initiator can only be bi-directional.
  10. The value of auth_mode can only be psk.
  11. The value of admin_state_up can only be true.
  12. A PSK can contain 6 to 128 characters. Spaces and question marks (?) are not allowed in a PSK. The PSK cannot contain only asterisks (*).
  13. To enable two IPsec connections to work in active/standby mode, the local_ep_group_id and peer_ep_group_id parameters of the active and standby connections must be set to the same value. If the parameter values are different and the local_ep_group and peer_ep_group values are different, the connection cannot work in active/standby mode.

Response Message

Table 2 describes the response parameters.

Table 2 Response parameters

Parameter

Type

Description

interval

Integer

Specifies the DPD interval in seconds. The default value is 30.

dpd

Object

Specifies the DPD protocol control.

psk

String

Specifies the pre-shared key.

initiator

String

Specifies whether this VPN can only respond to connections or both respond to and initiate connections.

ipsecpolicy_id

String

Specifies the IPsec policy ID.

admin_state_up

Boolean

Specifies the administrative status. The value can be true or false.

mtu

Integer

Specifies the maximum transmission unit to address fragmentation.

peer_ep_group_id

String

Specifies the endpoint group ID (tenant CIDR blocks).

ikepolicy_id

String

Specifies the IKE policy ID.

vpnservice_id

String

Specifies the VPN service ID.

local_ep_group_id

String

Specifies the endpoint group ID (VPC subnets).

peer_address

String

Specifies the remote gateway address.

peer_id

String

Specifies the remote gateway ID.

name

String

Specifies the IPsec VPN connection name.

description

String

Provides supplementary information about the IPsec VPN connection.

auth_mode

String

Specifies the authentication mode. The default value is psk.

id

String

Specifies the IPsec VPN connection ID.

route_mode

String

Specifies the route advertising mode. The default value is static.

status

String

Specifies the IPsec VPN connection status. The value can be ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.

peer_cidrs

List

(Deprecated) Specifies the tenant's CIDR blocks. The value is in the form of <net_address > / < prefix >.

tenant_id

String

Specifies the project ID.

timeout

Integer

Specifies the DPD timeout. The default value is 120 seconds.

action

String

Specifies the DPD action. The value can be clear, hold, restart, disabled, or restart-by-peer. The default value is hold.

created_at

String

Specifies the time when the IPsec connection was created.

Example

  • Example Request
    POST /v2.0/vpn/ipsec-site-connections
{
  "ipsec_site_connection" : {
    "psk" : "secret",
    "initiator" : "bi-directional",
    "ipsecpolicy_id" : "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
    "admin_state_up" : true,
    "mtu" : 1500,
    "peer_ep_group_id" : "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
    "ikepolicy_id" : "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
    "vpnservice_id" : "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
    "local_ep_group_id" : "3e1815dd-e212-43d0-8f13-b494fa553e68",
    "peer_address" : "172.24.4.233",
    "peer_id" : "172.24.4.233",
    "name" : "vpnconnection1"
  }
}
  • Example Response
    {
  "ipsec_site_connection" : {
    "status" : "PENDING_CREATE",
    "psk" : "secret",
    "initiator" : "bi-directional",
    "name" : "vpnconnection1",
    "admin_state_up" : true,
    "tenant_id" : "10039663455a446d8ba2cbb058b0f578",
    "auth_mode" : "psk",
    "peer_cidrs" : [ ],
    "mtu" : 1500,
    "peer_ep_group_id" : "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
    "ikepolicy_id" : "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
    "vpnservice_id" : "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
    "dpd" : {
      "action" : "hold",
      "interval" : 30,
      "timeout" : 120
    },
    "route_mode" : "static",
    "vpnservice_id": "4754261f-f8c5-4799-a365-78b2e682e38a",
    "ipsecpolicy_id" : "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
    "local_ep_group_id" : "3e1815dd-e212-43d0-8f13-b494fa553e68",
    "peer_address" : "172.24.4.233",
    "created_at": "2018-11-03 14:24:33.749714",
    "peer_id" : "172.24.4.233",
    "id" : "851f280f-5639-4ea3-81aa-e298525ab74b",
    "description" : ""
  }
}

Returned Values

For details, see section Common Returned Values.