Creating IKE policies

POST /v2.0/vpn/ikepolicies

Create an IKE policy.

The IKE policy is used for phases one and two negotiation of the VPN connection. You can specify both the authentication and encryption algorithms for connections.

Source: https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-ike-policy-detail#create-ike-policy

Request

Parameters

Name	In	Type	Description
`ikepolicy`	body	object	An `ikepolicy` object.
`name` (Optional)	body	string	A human-readable name of the resource. Default is an empty string.
`description` (Optional)	body	string	A human-readable description for the resource. Default is an empty string.
`tenant_id`	body	string	The ID of the project.
`project_id`	body	string	The ID of the project.
`auth_algorithm` (Optional)	body	string	The authentication hash algorithm. Valid values are `sha1`, `sha256`, `sha384`, `sha512`, `aes-xcbc`, and `aes-cmac`. The default is `sha1`.
`encryption_algorithm` (Optional)	body	string	The encryption algorithm. Valid values are `3des`, `aes-128`, `aes-192`, and `aes-256`. Additional values for AES CCM and GCM modes are defined (for example, `aes-256-ccm-16`, `aes-256-gcm-16`) for all combinations of key length 128, 192, 256 bits and ICV length 8, 12, 16 octets. Default is `aes-128`.
`pfs` (Optional)	body	string	Perfect forward secrecy (PFS). A valid value is `Group2`, `Group5`, `Group14` to `Group31`. Default is `Group5`.
`value` (Optional)	body	integer	The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`phase1_negotiation_mode` (Optional)	body	string	The IKE mode. A valid value is `main`, which is the default.
`units` (Optional)	body	string	The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`lifetime` (Optional)	body	object	The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`ike_version` (Optional)	body	string	The IKE version. A valid value is `v1` or `v2`. Default is `v1`.

Example

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' -d '\
{
    "ikepolicy": {
        "phase1_negotiation_mode": "main",
        "auth_algorithm": "sha1",
        "encryption_algorithm": "aes-128",
        "pfs": "group5",
        "lifetime": {
            "units": "seconds",
            "value": 7200
        },
        "ike_version": "v1",
        "name": "ikepolicy1"
    }
}' https://<node_IP_addr>:9696/v2.0/vpn/ikepolicies

Response

Parameters

Name	In	Type	Description
`ikepolicies`	body	array	A list of `ikepolicy` objects.
`ikepolicy`	body	object	An `ikepolicy` object.
`name` (Optional)	body	string	A human-readable name of the resource. Default is an empty string.
`description` (Optional)	body	string	A human-readable description for the resource. Default is an empty string.
`tenant_id`	body	string	The ID of the project.
`project_id`	body	string	The ID of the project.
`auth_algorithm` (Optional)	body	string	The authentication hash algorithm. Valid values are `sha1`, `sha256`, `sha384`, `sha512`, `aes-xcbc`, and `aes-cmac`. The default is `sha1`.
`encryption_algorithm` (Optional)	body	string	The encryption algorithm. Valid values are `3des`, `aes-128`, `aes-192`, and `aes-256`. Additional values for AES CCM and GCM modes are defined (for example, `aes-256-ccm-16`, `aes-256-gcm-16`) for all combinations of key length 128, 192, 256 bits and ICV length 8, 12, 16 octets. Default is `aes-128`.
`pfs` (Optional)	body	string	Perfect forward secrecy (PFS). A valid value is `Group2`, `Group5`, `Group14` to `Group31`. Default is `Group5`.
`value` (Optional)	body	integer	The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`phase1_negotiation_mode` (Optional)	body	string	The IKE mode. A valid value is `main`, which is the default.
`units` (Optional)	body	string	The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`lifetime` (Optional)	body	object	The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`id`	body	string	The ID of the IKE policy.
`ike_version` (Optional)	body	string	The IKE version. A valid value is `v1` or `v2`. Default is `v1`.

Status codes

Success

Code	Reason
`201 - Created`	Resource was created and is ready to use.

Error

Code	Reason
`400 - Bad Request`	Some content in the request was invalid.
`401 - Unauthorized`	User must authenticate before making a request.

Example

{
  "ikepolicy": {
    "id": "94edd562-8b10-4e96-98d7-7b8b99d3ca5d",
    "tenant_id": "284a2547ea8445d1be0e68ef2d76672c",
    "name": "ikepolicy1",
    "description": "",
    "auth_algorithm": "sha1",
    "encryption_algorithm": "aes-128",
    "phase1_negotiation_mode": "main",
    "lifetime": {
      "units": "seconds",
      "value": 7200
    },
    "ike_version": "v1",
    "pfs": "group5",
    "project_id": "284a2547ea8445d1be0e68ef2d76672c"
  }
}