IPSec Site Connection Operations

This section discusses operations for managing IPSec site-to-site connections through the VPN as a Service extension.

Table 4.16. IPSec Site Connection Attributes
Attribute Type Required CRUD [a] Default Value Validation Constraints Notes
id uuid-str N/A R generated N/A Unique identifier for the IPSec site-to-site connection.
tenant_id uuid-str Yes CR None valid tenant_id Unique identifier for owner of the VPN service.
name string no CRU None N/A Name for IPSec site-to-site connection.
description string no CRU None N/A Description of the IPSec site-to-site connection.
peer_address string yes CRU N/A N/A Peer gateway public IPv4/IPv6 address or FQDN.
peer_id string yes CRU N/A N/A Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN.
peer_cidrs list[string] yes CRU N/A unique list of valid cidr in the form <net_address>/<prefix> Peer private CIDRs.
route_mode string no R static static Route mode: static. This will be extended in the future.
mtu integer no CRU 1500 Integer. Minimum is 68 for IPv4 and 1280 for IPv6. Maximum Transmission Unit to address fragmentation.
auth_mode string no R psk psk/certs Authentication mode: PSK or certificate.
psk string yes CRU N/A NO Pre Shared Key: any string.
initiator string no CRU bi-directional bi-directional / response-only Whether this VPN can only respond to connections or can initiate as well.
admin_state_up bool N/A CRU TRUE true / false Administrative state of VPN connection. If false (down), VPN connection does not forward packets.
status string N/A R N/A N/A Indicates whether VPN connection is currently operational. Possible values include: ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.
ikepolicy_id uuid yes CR N/A Unique identifier of IKE policy Unique identifier of IKE policy.
ipsecpolicy_id uuid yes CR N/A Unique identifier of IPSec policy Unique identifier of IPSec policy.
vpnservice_id uuid yes CR N/A Unique identifier of VPN service Unique identifier of VPN service.
dpd dict no CRU action: hold, interval: 30, timeout: 120 Dictionary should be in this form: {'action': 'clear', 'interval': 20, 'timeout': 60}. Interval is positive integer. Timeout is greater than interval. Dead Peer Detection protocol controls. Action: clear, hold, restart, disabled, or restart-by-peer. Interval and timeout in seconds.

[a]

  • C. Use the attribute in create operations.

  • R. This attribute is returned in response to show and list operations.

  • U. You can update the value of this attribute.

  • D. You can delete the value of this attribute.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page


loading table of contents...