• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Neutron
  5. VPNaas
  6. Create IPSec connection

Create IPSec connection

Function Description

This interface is used to create an IPSec connection.

Interface Format

Method

URI

Description

POST

/v2.0/vpn/ipsec-site-connections

Creates an IPSec connection.

Restrictions

Attributes project_idpeer_iddpd, and local_id are not supported.

The tenant_id value is the UUID.

The value of name is a string of no more than 255 characters.

The description value can contain a maximum of 255 characters. This parameter is for internal use and cannot be configured.

The value of peer_address is a string of no more than 255 characters.

The value of peer_id is a string of no more than 255 characters and is inconfigurable.

The parameter route_mode cannot be configured. The default value is static.

The value of mtu can be only 1500.

The value of initiator can be only bi-directional.

The value of auth_mode can be only psk.

The psk value cannot contain <> and must contain 6 to 128 characters.

Request Parameter

Parameter

Type

Mandatory

Description

dpd

Object

No

Specifies a directory with DPD protocol controls.

timeout

String

No

Specifies the DPD timeout in seconds. The default value is 120.

action

String

No

Specifies the action of the DPD. The value can be clear, hold, restart, disabled, or restart-by-peer. The default value is hold.

local_id

String

No

Identifies the ID of the external gateway address of the virtual router.

psk

String

Yes

Specifies the pre-shared key.

initiator

String

No

Specifies whether this VPN can only respond to connections or both respond to and initiate connections.

ipsecpolicy_id

String

Yes

Specifies the ID of the IPSec policy.

admin_state_up

Boolean

No

Specifies the administrator status. The value can be true or false.

mtu

Integer

No

MTU.

peer_ep_group_id

String

Yes

Specifies the ID for the endpoint group that contains tenant CIDRs.

ikepolicy_id

String

Yes

Specifies the ID of the IKE policy.

vpnservice_id

String

Yes

Specifies the ID of the VPN service.

local_ep_group_id

String

Yes

Specifies the ID for the endpoint group that contains the VPC subnets.

peer_address

String

Yes

Specifies the remote gateway address.

peer_id

String

Yes

Specifies the peer gateway ID.

name

String

No

Specifies the name of the IPSec connection.

description

String

No

Specifies the description about the IPSec connection.

ipsec_site_connection

Object

Yes

Specifies an IPSec connection object.

auth_mode

String

No

Specifies the authentication mode. The default value is psk.

peer_cidrs

List<String>

No

(Deprecated) Specifies a list of valid tenant CIDRs. <net_address > / < prefix > .

tenant_id

String

No

Specifies the ID of the tenant.

project_id

String

No

Specifies the ID of the project.

interval

Integer

No

Specifies the DPD interval in seconds. The default value is 30.

Response Parameter

Parameter

Type

Mandatory

Description

project_id

String

Yes

Specifies the ID of the project.

interval

Integer

No

Specifies the DPD interval in seconds. The default value is 30.

dpd

Object

No

Specifies a directory with DPD protocol controls.

psk

String

Yes

Specifies the pre-shared key.

initiator

String

No

Specifies whether this VPN can only respond to connections or both respond to and initiate connections.

ipsecpolicy_id

String

Yes

Specifies the ID of the IPSec policy.

admin_state_up

Boolean

Yes

Specifies the administrator status. The value can be true or false.

mtu

Integer

No

MTU.

peer_ep_group_id

String

Yes

Specifies the ID for the endpoint group that contains tenant CIDRs.

ikepolicy_id

String

Yes

Specifies the ID of the IKE policy.

vpnservice_id

String

Yes

Specifies the ID of the VPN service.

local_ep_group_id

String

Yes

Specifies the ID for the endpoint group that contains subnets in a VPC.

peer_address

String

Yes

Specifies the remote gateway address.

peer_id

String

Yes

Specifies the peer gateway ID.

name

String

Yes

Specifies the name of the IPSec connection.

description

String

Yes

Specifies the description about the IPSec connection.

ipsec_site_connection

Object

Yes

Specifies an IPSec connection object.

auth_mode

String

No

Specifies the authentication mode. The default value is psk.

id

String

No

Specifies the ID of the IPSec connection.

route_mode

String

No

Specifies the route advertising mode. The default value is static.

status

String

Yes

Specifies the IPSec connection status. The value can be ACTIVEDOWNBUILDERRORPENDING_CREATEPENDING_UPDATE, or PENDING_DELETE.

peer_cidrs

String

No

(Deprecated) Specifies a list of valid tenant CIDRs.

The value is in the form of < net_address > or < prefix >.

tenant_id

String

Yes

Specifies the ID of the tenant.

timeout

Integer

Yes

Specifies the DPD timeout in seconds. The default value is 120.

action

String

Yes

Specifies the action of the DPD. The value can be clear, hold, restart, disabled, or restart-by-peer. The default value is hold.

local_id

String

No

Specifies an ID to be used to identify the external gateway address for a virtual router.

Request Example

POST /v2.0/vpn/ipsec-site-connections
{
  "ipsec_site_connection" : {
    "psk" : "secret",
    "initiator" : "bi-directional",
    "ipsecpolicy_id" : "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
    "admin_state_up" : true,
    "mtu" : "1500",
    "peer_ep_group_id" : "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
    "ikepolicy_id" : "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
    "vpnservice_id" : "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
    "local_ep_group_id" : "3e1815dd-e212-43d0-8f13-b494fa553e68",
    "peer_address" : "172.24.4.233",
    "peer_id" : "172.24.4.233",
    "name" : "vpnconnection1"
  }
}

Response Example

{
  "ipsec_site_connection" : {
    "status" : "PENDING_CREATE",
    "psk" : "secret",
    "initiator" : "bi-directional",
    "name" : "vpnconnection1",
    "admin_state_up" : true,
    "project_id" : "10039663455a446d8ba2cbb058b0f578",
    "tenant_id" : "10039663455a446d8ba2cbb058b0f578",
    "auth_mode" : "psk",
    "peer_cidrs" : [ ],
    "mtu" : 1500,
    "peer_ep_group_id" : "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
    "ikepolicy_id" : "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
    "vpnservice_id" : "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
    "dpd" : {
      "action" : "hold",
      "interval" : 30,
      "timeout" : 120
    },
    "route_mode" : "static",
    "ipsecpolicy_id" : "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
    "local_ep_group_id" : "3e1815dd-e212-43d0-8f13-b494fa553e68",
    "peer_address" : "172.24.4.233",
    "peer_id" : "172.24.4.233",
    "id" : "851f280f-5639-4ea3-81aa-e298525ab74b",
    "description" : ""
  }
}

Error Code

For details, see section Return Code Processing.