• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Neutron
  5. VPNaas
  6. Creating an IKE Policy

Creating an IKE Policy

Function Description

This interface is used to create an IKE policy.

Interface Format

Method

URI

Description

POST

/v2.0/vpn/ikepolicies

Used to create an IKE policy

Restrictions

  • The project_id parameter is not supported.
  • The tenant_id value is an UUID.
  • The value of name is a string of no more than 255 characters.
  • The value of description is a string of no more than 255 characters.
  • The value of auth_algorithm can only be md5, sha1, sha2-256, sha2-384, or sha2-512.
  • The value of encryption_algorithm can only be 3des, aes-128, aes-192, or aes-256.
  • The value of phase1_negotiation_mode can only be main.
  • The value of units can only be in seconds.
  • The value of value can only be an integer ranging from 60 to 604,800.
  • The value of ike_version can only be v1 or v2.
  • The value of pfs can only be group2, group5, or group14.

Request Parameter

Parameter

Type

Mandatory

Description

name

String

No

Specifies the IKE policy name.

auth_algorithm

String

No

Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512.

description

String

No

Specifies the description about the IKE policy.

encryption_algorithm

String

No

Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128.

ike_version

String

No

Specifies the IKE version. The value can be v1 or v2. The default value is v1.

lifetime

Object

No

Specifies the lifetime object of SA.

pfs

String

No

Specifies the PFS. The value can be group2, group5, or group14. The default value is group5.

phase1_negotiation_mode

String

No

Specifies the IKE mode. The default value is main.

tenant_id

String

No

Specifies the tenant ID.

value

String

No

Specifies the lifetime value of the SA. The unit is in seconds. The default value is 3600.

units

String

No

Specifies the lifetime unit of the SA. The unit is in seconds. The default value is 3600.

project_id

String

No

Specifies the project ID.

ikepolicy

Object

Yes

Specifies the IKE policy object.

Response Parameter

Parameter

Type

Mandatory

Description

auth_algorithm

String

No

Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512.

description

String

Yes

Specifies the description about the IKE policy.

encryption_algorithm

String

No

Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128.

lifetime

Object

No

Specifies the lifetime object of SA.

name

String

Yes

Specifies the IKE policy name.

pfs

String

No

Specifies the PFS. The value can be group2, group5, or group14. The default value is group5.

phase1_negotiation_mode

String

No

Specifies the IKE mode. The default value is main.

tenant_id

String

Yes

Specifies the tenant ID.

ikepolicy

Object

Yes

Specifies the IKE policy object.

project_id

String

Yes

Specifies the project ID.

ikepolicies

List<Object>

Yes

Specifies the IKE policy list.

value

Integer

No

Specifies the lifetime value of the SA. The unit is in seconds. The default value is 3600.

units

String

No

Specifies the lifetime unit of the SA. The unit is in seconds. The default value is 3600.

id

String

Yes

Specifies the IKE policy ID.

ike_version

String

No

Specifies the IKE version. The value can be v1 or v2. The default value is v1.

Request Example

POST /v2.0/vpn/ikepolicies
{
  "ikepolicy" : {
    "phase1_negotiation_mode" : "main",
    "auth_algorithm" : "sha1",
    "encryption_algorithm" : "aes-128",
    "pfs" : "group5",
    "lifetime" : {
      "units" : "seconds",
      "value" : 7200
    },
    "ike_version" : "v1",
    "name" : "ikepolicy1"
  }
}

Response Example

{
  "ikepolicy" : {
    "name" : "ikepolicy1",
    "project_id" : "ccb81365fe36411a9011e90491fe1330",
    "tenant_id" : "ccb81365fe36411a9011e90491fe1330",
    "auth_algorithm" : "sha1",
    "encryption_algorithm" : "aes-128",
    "pfs" : "group5",
    "phase1_negotiation_mode" : "main",
    "lifetime" : {
      "units" : "seconds",
      "value" : 7200
    },
    "ike_version" : "v1",
    "id" : "5522aff7-1b3c-48dd-9c3c-b50f016b73db",
    "description" : ""
  }
}

Error Code

See section Return Code Processing.