This section discusses operations for managing IPSec site-to-site connections through the VPN as a Service extension.
Attribute | Type | Required | CRUD [a] | Default Value | Validation Constraints | Notes | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
id | uuid-str | N/A | R | generated | N/A | Unique identifier for the IPSec site-to-site connection. | |||||||||||||||||||||||||||||||||||||||||||
tenant_id | uuid-str | Yes | CR | None | valid tenant_id | Unique identifier for owner of the VPN service. | |||||||||||||||||||||||||||||||||||||||||||
name | string | no | CRU | None | N/A | Name for IPSec site-to-site connection. | |||||||||||||||||||||||||||||||||||||||||||
description | string | no | CRU | None | N/A | Description of the IPSec site-to-site connection. | |||||||||||||||||||||||||||||||||||||||||||
peer_address | string | yes | CRU | N/A | N/A | Peer gateway public IPv4/IPv6 address or FQDN. | |||||||||||||||||||||||||||||||||||||||||||
peer_id | string | yes | CRU | N/A | N/A | Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN. | |||||||||||||||||||||||||||||||||||||||||||
peer_cidrs | list[string] | yes | CRU | N/A | unique list of valid cidr in the form <net_address>/<prefix> | Peer private CIDRs. | |||||||||||||||||||||||||||||||||||||||||||
route_mode | string | no | R | static | static | Route mode: static. This will be extended in the future. | |||||||||||||||||||||||||||||||||||||||||||
mtu | integer | no | CRU | 1500 | Integer. Minimum is 68 for IPv4 and 1280 for IPv6. | Maximum Transmission Unit to address fragmentation. | |||||||||||||||||||||||||||||||||||||||||||
auth_mode | string | no | R | psk | psk/certs | Authentication mode: PSK or certificate. | |||||||||||||||||||||||||||||||||||||||||||
psk | string | yes | CRU | N/A | NO | Pre Shared Key: any string. | |||||||||||||||||||||||||||||||||||||||||||
initiator | string | no | CRU | bi-directional | bi-directional / response-only | Whether this VPN can only respond to connections or can initiate as well. | |||||||||||||||||||||||||||||||||||||||||||
admin_state_up | bool | N/A | CRU | TRUE | true / false | Administrative state of VPN connection. If false (down), VPN connection does not forward packets. | |||||||||||||||||||||||||||||||||||||||||||
status | string | N/A | R | N/A | N/A | Indicates whether VPN connection is currently operational. Possible values include: ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE. | |||||||||||||||||||||||||||||||||||||||||||
ikepolicy_id | uuid | yes | CR | N/A | Unique identifier of IKE policy | Unique identifier of IKE policy. | |||||||||||||||||||||||||||||||||||||||||||
ipsecpolicy_id | uuid | yes | CR | N/A | Unique identifier of IPSec policy | Unique identifier of IPSec policy. | |||||||||||||||||||||||||||||||||||||||||||
vpnservice_id | uuid | yes | CR | N/A | Unique identifier of VPN service | Unique identifier of VPN service. | |||||||||||||||||||||||||||||||||||||||||||
dpd | dict | no | CRU | action: hold, interval: 30, timeout: 120 | Dictionary should be in this form: {'action': 'clear', 'interval': 20, 'timeout': 60}. Interval is positive integer. Timeout is greater than interval. | Dead Peer Detection protocol controls. Action: clear, hold, restart, disabled, or restart-by-peer. Interval and timeout in seconds. | |||||||||||||||||||||||||||||||||||||||||||
[a]
|