• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Neutron
  5. VPNaas
  6. Introduction

Introduction

Object

This section describes operations for the VPN services, including creating, querying, deleting, and updating IPsec VPN connections and IPsec policies, creating VPN endpoint groups, VPNs, and IKE policies.

Object Model

Table 1 IPsec VPN connection object

Attribute

Type

CRUD

Default Value

Restriction

Description

project_id

String

CR

N/A

Not supported

Specifies the ID of the project.

interval

Integer

CRU

N/A

Not supported

Specifies the DPD interval in seconds. The default value is 30.

dpd

Object

N/A

N/A

Not supported

Specifies a directory with DPD protocol controls.

psk

String

CRU

N/A

The value can contain 6 to 128 characters. Angle brackets (<) and (>) are not allowed.

Specifies the pre-shared key.

initiator

String

CRU

directional'

The value can only be bi-directional.

Specifies whether this VPN can only respond to connections or both respond to and initiate connections.

ipsecpolicy_id

String

CR

N/A

uuid

Specifies the ID of the IPSec policy.

admin_state_up

Boolean

CRU

true

The value can only be true.

Specifies the administrative status. The value can be true or false.

mtu

Integer

CRU

1500

The value can only be 1500.

MTU.

peer_ep_group_id

String

CRU

N/A

uuid

Specifies the ID for the endpoint group that contains tenant CIDRs.

ikepolicy_id

String

CR

N/A

uuid

Specifies the ID of the IKE policy.

vpnservice_id

String

CR

N/A

uuid

Specifies the ID of the VPN service.

local_ep_group_id

String

CRU

N/A

uuid

Specifies the ID for the endpoint group that contains subnets in a VPC.

peer_address

String

CRU

N/A

The value can contain 0 to 255 characters.

Specifies the remote gateway address.

peer_id

String

CRU

N/A

The value can contain 0 to 255 characters. This parameter is not supported.

Specifies the peer gateway ID.

name

String

CRU

N/A

The value can contain 0 to 255 characters.

Specifies the name of the IPSec connection.

description

String

CRU

N/A

The value can contain 0 to 255 characters. This parameter is for internal use only, and you are not allowed to configure this parameter.

Specifies the description about the IPSec connection.

ipsec_site_connection

Object

N/A

N/A

N/A

Specifies an IPSec connection object.

auth_mode

String

R

psk

The value can only be psk.

Specifies the authentication mode. The default value is psk.

id

String

R

Automatically generated

uuid

Specifies the ID of the IPSec connection.

route_mode

String

R

static

The value can only be static.

Specifies the route advertising mode. The default value is static.

status

String

R

N/A

N/A

Specifies the IPSec connection status. The value can be ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.

peer_cidrs

String

CRU

N/A

< net_address > / < prefix >

(Deprecated) Specifies a list of valid tenant CIDRs. <net_address > / < prefix > .

tenant_id

String

CR

N/A

The value can contain 0 to 255 characters.

Specifies the ID of the tenant.

timeout

Integer

CRU

N/A

Not supported

Specifies the DPD timeout in seconds. The default value is 120.

action

String

CRU

N/A

Not supported

Specifies the action of the DPD. The value can be clear, hold, restart, disabled, or restart-by-peer. The default value is hold.

local_id

String

CRU

N/A

Not supported

Specifies an ID to be used to identify the external gateway address for a virtual router.

Table 2 IPsec policy object

Attribute

Type

CRUD

Default Value

Restriction

Description

auth_algorithm

String

CU

sha1

Possible values can be md5, sha1, sha2-256, sha2-384, or sha2-512.

Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512.

description

String

CRU

N/A

The value can contain 0 to 255 characters.

Provides supplementary information about the IPsec policy.

encapsulation_mode

String

CU

tunnel

The value can only be tunnel.

Specifies the encapsulation mode. The default value is tunnel.

encryption_algorithm

String

CU

aes-128

3des, aes-128, aes-192, aes-256

Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128.

id

String

R

Automatically generated

uuid

Specifies the ID of the IPSec policy.

ipsecpolicies

List<Object>

N/A

N/A

N/A

Specifies the IPsec policy list.

ipsecpolicy

Object

N/A

N/A

N/A

Specifies the IPsec policy object.

lifetime

Object

N/A

N/A

N/A

Specifies the lifetime object of SA.

name

String

CRU

N/A

The value can contain 0 to 255 characters.

Specifies the IPsec policy name.

pfs

String

CRU

Group5

Possible values can be group2, group5, and group14.

Specifies the PFS. The value can be group2, group5, or group14. The default value is group5.

tenant_id

String

CR

N/A

The value can contain 0 to 255 characters.

Specifies the ID of the tenant.

transform_protocol

String

CU

esp

'esp', 'ah', 'ah-esp'

Specifies the transform protocol used. The value can be ESP, AH, or AH-ESP. The default value is ESP.

project_id

String

CR

N/A

Not supported

Specifies the ID of the project.

value

Integer

CRU

3600

The value ranges from 60 to 604800.

Specifies the lifetime value of the SA. The unit is in seconds. The default value is 3600.

units

String

CRU

seconds

The value can only be in seconds.

Specifies the lifetime unit of the SA. The unit is in seconds. The default value is 3600.

Table 3 VPN endpoint group object

Attribute

Type

CRUD

Default Value

Restriction

Description

description

String

CRU

N/A

The value can contain 0 to 255 characters.

Provides supplementary information about the VPN endpoint group.

tenant_id

String

CR

N/A

The value can contain 0 to 255 characters.

Specifies the ID of the tenant.

endpoints

List<String>

CR

N/A

N/A

Specifies the endpoint list. The endpoints in a list must be of the same type.

type

String

CR

N/A

Possible value can be subnet or cidr.

Specifies the endpoint type. The value can be subnet or cidr.

id

String

R

Automatically generated

uuid

Specifies the ID of the VPN endpoint group.

name

String

CRU

N/A

The value can contain 0 to 255 characters.

Specifies the VPN endpoint group name.

project_id

String

CR

N/A

Not supported

Specifies the ID of the project.

Table 4 VPN service object

Attribute

Type

CRUD

Default Value

Restriction

Description

router_id

String

CR

N/A

uuid

Specifies the router ID.

status

String

R

N/A

N/A

Specifies whether the VPN service is currently operational. The value can be ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.

name

String

CRU

N/A

The value can contain 0 to 255 characters.

Specifies the VPN service name.

external_v6_ip

String

CRU

N/A

The value can contain 0 to 255 characters.

Specifies the IPv6 address of the VPN service external gateway.

admin_state_up

Boolean

CRU

true

The value can only be true.

Specifies the administrative status. The value can be true or false.

subnet_id

String

CR

N/A

uuid

Specifies the subnet ID.

tenant_id

String

CR

N/A

The value can contain 0 to 255 characters.

Specifies the ID of the tenant.

external_v4_ip

String

CRU

N/A

The value can contain 0 to 255 characters.

Specifies the IPv4 address of the VPN service external gateway.

id

String

R

Automatically generated

uuid

Specifies the ID of the VPN service.

description

String

CRU

N/A

The value can contain 0 to 255 characters.

Provides supplementary information about the VPN service.

vpnservice

Object

N/A

N/A

N/A

Specifies the VPN service object.

project_id

String

CR

N/A

Not supported

Specifies the ID of the project.

Table 5 IKE policy object

Attribute

Type

CRUD

Default Value

Restriction

Description

auth_algorithm

String

CU

sha1

Possible values can be md5, sha1, sha2-256, sha2-384, or sha2-512.

Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512.

description

String

CRU

N/A

The value can contain 0 to 255 characters.

Provides supplementary information about the IKE policy.

encryption_algorithm

String

CU

aes-128

3des, aes-128, aes-192, aes-256

Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128.

lifetime

Object

N/A

N/A

N/A

Specifies the lifetime object of SA.

name

String

CRU

N/A

The value can contain 0 to 255 characters.

Specifies the IKE policy name.

pfs

String

CRU

Group5

Possible values can be group2, group5, and group14.

Specifies the PFS. The value can be group2, group5, or group14. The default value is group5.

phase1_negotiation_mode

String

CU

main

The value can only be main.

Specifies the IKE mode The default value is main.

tenant_id

String

CR

N/A

The value can contain 0 to 255 characters.

Specifies the ID of the tenant.

ikepolicy

Object

N/A

N/A

N/A

Specifies the IKE policy object.

project_id

String

CR

N/A

Not supported

Specifies the ID of the project.

ikepolicies

List<Object>

N/A

N/A

N/A

Specifies the IKE policy list.

value

Integer

CRU

3600

The value ranges from 60 to 604800.

Specifies the lifetime value of the SA. The unit is in seconds. The default value is 3600.

units

String

CRU

seconds

The value can only be in seconds.

Specifies the lifetime unit of the SA. The unit is in seconds. The default value is 3600.

id

String

R

Automatically generated

uuid

Specifies the IKE policy ID.

ike_version

String

CRU

v1

v1, v2

Specifies the IKE version. The value can be v1 or v2. The default value is v1.