The VPNaaS extension provides OpenStack tenants with the ability to extend private networks across the public telecommunication infrastructure. The capabilities provided by this initial implementation of the VPNaaS extension are:
Site-to-site Virtual Private Network connecting two private networks.
Multiple VPN connections per tenant.
Supporting IKEv1 policy with 3des, aes-128, aes-256, or aes-192 encryption.
Supporting IPSec policy with 3des, aes-128, aes-256, or aes-192 encryption, sha1 authentication, ESP, AH, or AH-ESP transform protocol, and tunnel or transport mode encapsulation.
Dead Peer Detection (DPD) allowing hold, clear, restart, disabled, or restart-by-peer actions.
This extension introduces new resources:
service, a high level object that associates VPN with a specific subnet and router.
ikepolicy, the Internet Key Exchange policy identifying the authentication and encryption algorithm used during phase one and phase two negotiation of a VPN connection.
ipsecpolicy, the IP security policy specifying the authentication and encryption algorithm, and encapsulation mode used for the established VPN connection.
ipsec-site-connection, has details for the site-to-site IPsec connection, including the peer CIDRs, MTU, authentication mode, peer address, DPD settings, and status.
Note | |
---|---|
This extension is experimental for the Havana release. The API may change without backward compatibility. |