Updating an IPsec VPN Connection

Function

This interface is used to update an IPsec VPN connection.

URI

PUT /v2.0/vpn/ipsec-site-connections/{connection_id}

Table 1 Parameter description

Parameter

Type

Mandatory

Description

connection_id

String

Yes

Specifies the IPsec VPN connection ID.

Request Message

Table 2 describes the request parameters.

Table 2 Request parameters

Parameter

Type

Mandatory

Description

ipsec_site_connection

Object

Yes

Specifies the IPsec VPN connection object.

psk

String

No

Specifies the pre-shared key.

initiator

String

No

Specifies whether this VPN can only respond to connections or both respond to and initiate connections.

description

String

No

Specifies the IPsec policy ID.

admin_state_up

Boolean

No

Specifies the administrative status. The value can be true or false.

interval

Integer

No

Specifies the DPD interval in seconds. The default value is 30.

peer_cidrs

List<String>

No

(Deprecated) Specifies the tenant's CIDR blocks. The value is in the form of <net_address > / < prefix >.

mtu

Integer

No

Specifies the maximum transmission unit to address fragmentation.

peer_ep_group_id

String

No

Specifies the endpoint group ID (tenant CIDR blocks).

local_ep_group_id

String

No

Specifies the endpoint group ID (VPC subnets).

dpd

Object

No

Specifies the DPD protocol control.

timeout

Integer

No

Specifies the DPD timeout. The default value is 120 seconds.

action

String

No

Specifies the DPD action. The value can be clear, hold, restart, disabled, or restart-by-peer. The default value is hold.

peer_address

String

Yes

Specifies the remote gateway address.

peer_id

String

Yes

Specifies the remote gateway ID.

name

String

No

Specifies the IPsec VPN connection name.

Note

  1. The project_id, peer_id, dpd, and local_id parameters are not supported.

  2. The connection_id parameter must be specified.

  3. The value of name can contain 1 to 64 characters.

  4. The value of description can contain a maximum of 255 characters. This parameter has been used by internal components, and you are not allowed to configure the parameter.

  5. The value of peer_address can contain a maximum of 250 characters.

  6. The value of peer_id can contain a maximum of 250 characters and is unconfigurable.

  7. The value of mtu can only be 1500.

  8. The value of initiator can only be bi-directional.

  9. The value of admin_state_up can only be true.

  10. A PSK can contain 6 to 128 characters. Spaces and question marks (?) are not allowed in a PSK. The PSK cannot contain only asterisks (*).

Response Message

Table 3 describes the response parameters.

Table 3 Response parameters

Parameter

Type

Description

status

String

Specifies the IPsec VPN connection status. The value can be ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.

psk

String

Specifies the pre-shared key.

initiator

String

Specifies whether this VPN can only respond to connections or both respond to and initiate connections.

name

String

Specifies the IPsec VPN connection name.

admin_state_up

Boolean

Specifies the administrative status. The value can be true or false.

tenant_id

String

Specifies the project ID.

ipsecpolicy_id

String

Specifies the IPsec policy ID.

auth_mode

String

Specifies the authentication mode. The default value is psk.

peer_cidrs

String

(Deprecated) Specifies the tenant's CIDR blocks. The value is in the form of <net_address > / < prefix >.

mtu

Integer

Specifies the maximum transmission unit to address fragmentation.

peer_ep_group_id

String

Specifies the endpoint group ID (tenant CIDR blocks).

ikepolicy_id

String

Specifies the IKE policy ID.

dpd

Object

Specifies the DPD protocol control.

route_mode

String

Specifies the route advertising mode. The default value is static.

vpnservice_id

String

Specifies the VPN service ID.

local_ep_group_id

String

Specifies the endpoint group ID (VPC subnets).

peer_address

String

Specifies the remote gateway address.

peer_id

String

Specifies the remote gateway ID.

id

String

Specifies the IPsec VPN connection ID.

description

String

Provides supplementary information about the IPsec VPN connection.

ipsec_site_connection

Object

Specifies the IPsec VPN connection object.

project_id

String

Specifies the project ID.

interval

Integer

Specifies the DPD interval in seconds. The default value is 30.

timeout

Integer

Specifies the DPD timeout. The default value is 120 seconds.

action

String

Specifies the DPD action. The value can be clear, hold, restart, disabled, or restart-by-peer. The default value is hold.

Example

  • Example Request

    PUT /v2.0/vpn/ipsec-site-connections/{connection_id}
    {
      "ipsec_site_connection" : {
        "mtu" : 1200,
      }
    }
    
  • Example Response

    {
        "ipsec_site_connection": {
            "status": "DOWN",
            "psk": "secret",
            "initiator": "bi-directional",
            "name": "vpnconnection1",
            "admin_state_up": true,
            "project_id": "10039663455a446d8ba2cbb058b0f578",
            "tenant_id": "10039663455a446d8ba2cbb058b0f578",
            "auth_mode": "psk",
            "peer_cidrs": [],
            "mtu": 1200,
            "peer_ep_group_id": "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
            "ikepolicy_id": "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
            "vpnservice_id": "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
            "dpd": {
                "action": "hold",
                "interval": 30,
                "timeout": 120
            },
            "route_mode": "static",
            "ipsecpolicy_id": "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
            "local_ep_group_id": "3e1815dd-e212-43d0-8f13-b494fa553e68",
            "peer_address": "172.24.4.233",
            "peer_id": "172.24.4.233",
            "id": "851f280f-5639-4ea3-81aa-e298525ab74b",
            "description": "New description"
        }
    }
    

Returned Values

For details, see section Common Returned Values.