IKE Policy Operations

This section discusses operations for managing IKE Policies through the VPN as a Service extension.

Table 4.14. IKE Policy Attributes
Attribute Type Required CRUD [a] Default Value Validation Constraints Notes
id uuid-str N/A R generated N/A Unique identifier for the IKE policy.
tenant_id uuid-str Yes CR None valid tenant_id Unique identifier for owner of the VPN service.
name string yes CRU None N/A Friendly name for the IKE policy.
description string no CRU None N/A Description of the IKE policy.
auth_algorithm string no CRU sha1 N/A Authentication Hash algorithms: sha1.
encryption_algorithm string no CRU aes-128 N/A Encryption Algorithms: 3des, aes-128, aes-256, aes-192, etc.
phase1_negotiation_mode string no CRU Main Mode N/A IKE mode: Main Mode.
pfs string no CRU Group5 N/A Perfect Forward Secrecy: Group2, Group5, or Group14.
ike_version string no CRU v1 N/A Version: v1 or v2.
lifetime dict no CRU units: seconds, value: 3600. Dictionary should be in this form: {'units': 'seconds', 'value': 2000}. Value is a positive integer. Lifetime of the SA. Units in 'seconds'. Either units or value may be omitted.

[a]

  • C. Use the attribute in create operations.

  • R. This attribute is returned in response to show and list operations.

  • U. You can update the value of this attribute.

  • D. You can delete the value of this attribute.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page


loading table of contents...