Creating IPsec connections

POST /v2.0/vpn/ipsec-site-connections

Create a site-to-site IPsec connection for a service.

Source: https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-ipsec-connection-detail#create-ipsec-connection

Request

Parameters

Name	In	Type	Description
`ipsec_site_connection`	body	object	An `ipsec_site_connection` object.
`auth_mode` (Optional)	body	string	The authentication mode. A valid value is `psk`, which is the default.
`ikepolicy_id` (Optional)	body	string	The ID of the IKE policy.
`vpnservice_id` (Optional)	body	string	The ID of the VPN service.
`local_ep_group_id` (Optional)	body	string	The ID for the endpoint group that contains private subnets for the local side of the connection. You must specify this parameter with the `peer_ep_group_id` parameter.
`peer_address`	body	string	The peer gateway public IPv4 or IPv6 address or FQDN.
`route_mode` (Optional)	body	string	The route mode. A valid value is `static`, which is the default.
`ipsecpolicy_id` (Optional)	body	string	The ID of the IPsec policy.
`peer_id`	body	string	The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the `peer_address` value.
`psk`	body	string	The pre-shared key. A valid value is any string.
`name` (Optional)	body	string	A human-readable name of the resource. Default is an empty string.
`description` (Optional)	body	string	A human-readable description for the resource. Default is an empty string.
`initiator` (Optional)	body	string	Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is `response-only` or `bi-directional`. Default is `bi-directional`.
`admin_state_up`	body	boolean	The administrative state of the resource, which is up (`true`) or down (`false`).
`tenant_id`	body	string	The ID of the project.
`project_id`	body	string	The ID of the project.
`interval` (Optional)	body	integer	The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
`mtu`	body	integer	The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6.
`peer_ep_group_id` (Optional)	body	string	The ID for the endpoint group that contains private CIDRs in the form `<net_address>/<prefix>` for the peer side of the connection. You must specify this parameter with the `local_ep_group_id` parameter.
`dpd` (Optional)	body	object	A dictionary with dead peer detection (DPD) protocol controls.
`timeout`	body	integer	The dead peer detection (DPD) timeout in seconds. A valid value is a positive integer that is greater than the DPD interval value. Default is 120.
`action`	body	string	The dead peer detection (DPD) action. A valid value is `clear`, `hold`, `restart`, `disabled`, or `restart-by-peer`. Default value is `hold`.
`local_id` (Optional)	body	string	An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Example

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' -d '\
{
    "ipsec_site_connection": {
        "psk": "secret",
        "initiator": "bi-directional",
        "ipsecpolicy_id": "805ab779-e91c-42db-b6b9-591156d9634e",
        "admin_state_up": true,
        "mtu": "1500",
        "peer_ep_group_id": "e3b89342-73ee-42b9-8ee9-fd91ec36aceb",
        "ikepolicy_id": "94edd562-8b10-4e96-98d7-7b8b99d3ca5d",
        "vpnservice_id": "d6116b75-db78-4d07-9911-226b4655838a",
        "local_ep_group_id": "646938a8-322e-44b3-ac35-60deadcd4252",
        "peer_address": "10.136.18.138",
        "peer_id": "10.136.18.138",
        "name": "vpnconnection1"
    }
}' https://<node_IP_addr>:9696/v2.0/vpn/ipsec-site-connections

Response

Parameters

Name	In	Type	Description
`ipsec_site_connection`	body	object	An `ipsec_site_connection` object.
`auth_mode` (Optional)	body	string	The authentication mode. A valid value is `psk`, which is the default.
`ikepolicy_id`	body	string	The ID of the IKE policy.
`vpnservice_id`	body	string	The ID of the VPN service.
`local_ep_group_id` (Optional)	body	string	The ID for the endpoint group that contains private subnets for the local side of the connection. You must specify this parameter with the `peer_ep_group_id` parameter.
`peer_address`	body	string	The peer gateway public IPv4 or IPv6 address or FQDN.
`id` (Optional)	body	string	The ID of the IPsec site-to-site connection.
`route_mode` (Optional)	body	string	The route mode. A valid value is `static`, which is the default.
`ipsecpolicy_id`	body	string	The ID of the IPsec policy.
`peer_id`	body	string	The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the `peer_address` value.
`status`	body	string	Indicates whether the IPsec connection is currently operational. Values are `ACTIVE`, `DOWN`, `BUILD`, `ERROR`, `PENDING_CREATE`, `PENDING_UPDATE`, or `PENDING_DELETE`.
`psk`	body	string	The pre-shared key. A valid value is any string.
`name` (Optional)	body	string	A human-readable name of the resource. Default is an empty string.
`description` (Optional)	body	string	A human-readable description for the resource. Default is an empty string.
`initiator` (Optional)	body	string	Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is `response-only` or `bi-directional`. Default is `bi-directional`.
`admin_state_up`	body	boolean	The administrative state of the resource, which is up (`true`) or down (`false`).
`tenant_id`	body	string	The ID of the project.
`project_id`	body	string	The ID of the project.
`interval` (Optional)	body	integer	The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
`mtu`	body	integer	The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6.
`peer_ep_group_id` (Optional)	body	string	The ID for the endpoint group that contains private CIDRs in the form `<net_address>/<prefix>` for the peer side of the connection. You must specify this parameter with the `local_ep_group_id` parameter.
`dpd` (Optional)	body	object	A dictionary with dead peer detection (DPD) protocol controls.
`timeout`	body	integer	The dead peer detection (DPD) timeout in seconds. A valid value is a positive integer that is greater than the DPD interval value. Default is 120.
`action`	body	string	The dead peer detection (DPD) action. A valid value is `clear`, `hold`, `restart`, `disabled`, or `restart-by-peer`. Default value is `hold`.
`local_id` (Optional)	body	string	An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Status codes

Success

Code	Reason
`201 - Created`	Resource was created and is ready to use.

Error

Code	Reason
`400 - Bad Request`	Some content in the request was invalid.
`401 - Unauthorized`	User must authenticate before making a request.

Example

{
  "ipsec_site_connection": {
    "id": "324dc68b-bdee-4a78-9d14-3484d8ee97a9",
    "tenant_id": "284a2547ea8445d1be0e68ef2d76672c",
    "name": "vpnconnection1",
    "description": "",
    "peer_address": "10.136.18.138",
    "peer_id": "10.136.18.138",
    "local_id": "",
    "route_mode": "static",
    "mtu": 1500,
    "auth_mode": "psk",
    "psk": "secret",
    "initiator": "bi-directional",
    "dpd": {
      "action": "hold",
      "interval": 30,
      "timeout": 120
    },
    "admin_state_up": true,
    "status": "PENDING_CREATE",
    "vpnservice_id": "d6116b75-db78-4d07-9911-226b4655838a",
    "ikepolicy_id": "94edd562-8b10-4e96-98d7-7b8b99d3ca5d",
    "ipsecpolicy_id": "805ab779-e91c-42db-b6b9-591156d9634e",
    "peer_cidrs": [],
    "local_ep_group_id": "646938a8-322e-44b3-ac35-60deadcd4252",
    "peer_ep_group_id": "e3b89342-73ee-42b9-8ee9-fd91ec36aceb",
    "split_selector": false,
    "project_id": "284a2547ea8445d1be0e68ef2d76672c"
  }
}