IPSec Policy Operations

This section discusses operations for managing IPSec policies through the VPN as a Service extension.

Table 4.15. IPSec Policy Attributes
Attribute Type Required CRUD [a] Default Value Validation Constraints Notes
id uuid-str N/A R generated N/A Unique identifier for the IPsec policy.
tenant_id uuid-str Yes CR None valid tenant_id Unique identifier for owner of the VPN service.
name string yes CRU None N/A Friendly name for the IPsec policy.
description string no CRU None N/A Description of the IPSec policy.
transform_protocol string no CRU ESP N/A Transform protocol used: ESP, AH, or AH-ESP.
encapsulation_mode string no CRU tunnel N/A Encapsulation mode: tunnel or transport.
auth_algorithm string no CRU sha1 N/A Authentication algorithm: sha1.
encryption_algorithm string no CRU aes-128 N/A Encryption Algorithms: 3des, aes-128, aes-256, or aes-192.
pfs string no CRU group5 N/A Perfect Forward Secrecy: group2, group5, or group14.
lifetime dict no CRU units: seconds, value: 3600. Dictionary should be in this form: {'units': 'seconds', 'value': 2000}. Value is a positive integer. Lifetime of the SA. Units in 'seconds'. Either units or value may be omitted.

[a]

  • C. Use the attribute in create operations.

  • R. This attribute is returned in response to show and list operations.

  • U. You can update the value of this attribute.

  • D. You can delete the value of this attribute.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page


loading table of contents...