Creating IPsec connections

POST /v2.0/vpn/ipsec-site-connections

Create a site-to-site IPsec connection for a service.

Source: https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-ipsec-connection-detail#create-ipsec-connection

Request

Parameters

Name In Type Description
ipsec_site_connection body object An ipsec_site_connection object.
auth_mode (Optional) body string The authentication mode. A valid value is psk, which is the default.
ikepolicy_id (Optional) body string The ID of the IKE policy.
vpnservice_id (Optional) body string The ID of the VPN service.
local_ep_group_id (Optional) body string The ID for the endpoint group that contains private subnets for the local side of the connection. You must specify this parameter with the peer_ep_group_id parameter.
peer_address body string The peer gateway public IPv4 or IPv6 address or FQDN.
route_mode (Optional) body string The route mode. A valid value is static, which is the default.
ipsecpolicy_id (Optional) body string The ID of the IPsec policy.
peer_id body string The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peer_address value.
psk body string The pre-shared key. A valid value is any string.
name (Optional) body string A human-readable name of the resource. Default is an empty string.
description (Optional) body string A human-readable description for the resource. Default is an empty string.
initiator (Optional) body string Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is response-only or bi-directional. Default is bi-directional.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id body string The ID of the project.
project_id body string The ID of the project.
interval (Optional) body integer The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
mtu body integer The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6.
peer_ep_group_id (Optional) body string The ID for the endpoint group that contains private CIDRs in the form <net_address>/<prefix> for the peer side of the connection. You must specify this parameter with the local_ep_group_id parameter.
dpd (Optional) body object A dictionary with dead peer detection (DPD) protocol controls.
timeout body integer The dead peer detection (DPD) timeout in seconds. A valid value is a positive integer that is greater than the DPD interval value. Default is 120.
action body string The dead peer detection (DPD) action. A valid value is clear, hold, restart, disabled, or restart-by-peer. Default value is hold.
local_id (Optional) body string An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Example

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' -d '\
{
    "ipsec_site_connection": {
        "psk": "secret",
        "initiator": "bi-directional",
        "ipsecpolicy_id": "805ab779-e91c-42db-b6b9-591156d9634e",
        "admin_state_up": true,
        "mtu": "1500",
        "peer_ep_group_id": "e3b89342-73ee-42b9-8ee9-fd91ec36aceb",
        "ikepolicy_id": "94edd562-8b10-4e96-98d7-7b8b99d3ca5d",
        "vpnservice_id": "d6116b75-db78-4d07-9911-226b4655838a",
        "local_ep_group_id": "646938a8-322e-44b3-ac35-60deadcd4252",
        "peer_address": "10.136.18.138",
        "peer_id": "10.136.18.138",
        "name": "vpnconnection1"
    }
}' https://<node_IP_addr>:9696/v2.0/vpn/ipsec-site-connections

Response

Parameters

Name In Type Description
ipsec_site_connection body object An ipsec_site_connection object.
auth_mode (Optional) body string The authentication mode. A valid value is psk, which is the default.
ikepolicy_id body string The ID of the IKE policy.
vpnservice_id body string The ID of the VPN service.
local_ep_group_id (Optional) body string The ID for the endpoint group that contains private subnets for the local side of the connection. You must specify this parameter with the peer_ep_group_id parameter.
peer_address body string The peer gateway public IPv4 or IPv6 address or FQDN.
id (Optional) body string The ID of the IPsec site-to-site connection.
route_mode (Optional) body string The route mode. A valid value is static, which is the default.
ipsecpolicy_id body string The ID of the IPsec policy.
peer_id body string The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peer_address value.
status body string Indicates whether the IPsec connection is currently operational. Values are ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.
psk body string The pre-shared key. A valid value is any string.
name (Optional) body string A human-readable name of the resource. Default is an empty string.
description (Optional) body string A human-readable description for the resource. Default is an empty string.
initiator (Optional) body string Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is response-only or bi-directional. Default is bi-directional.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id body string The ID of the project.
project_id body string The ID of the project.
interval (Optional) body integer The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
mtu body integer The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6.
peer_ep_group_id (Optional) body string The ID for the endpoint group that contains private CIDRs in the form <net_address>/<prefix> for the peer side of the connection. You must specify this parameter with the local_ep_group_id parameter.
dpd (Optional) body object A dictionary with dead peer detection (DPD) protocol controls.
timeout body integer The dead peer detection (DPD) timeout in seconds. A valid value is a positive integer that is greater than the DPD interval value. Default is 120.
action body string The dead peer detection (DPD) action. A valid value is clear, hold, restart, disabled, or restart-by-peer. Default value is hold.
local_id (Optional) body string An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Status codes

Success

Code Reason
201 - Created Resource was created and is ready to use.

Error

Code Reason
400 - Bad Request

Some content in the request was invalid.

401 - Unauthorized

User must authenticate before making a request.

Example

{
  "ipsec_site_connection": {
    "id": "324dc68b-bdee-4a78-9d14-3484d8ee97a9",
    "tenant_id": "284a2547ea8445d1be0e68ef2d76672c",
    "name": "vpnconnection1",
    "description": "",
    "peer_address": "10.136.18.138",
    "peer_id": "10.136.18.138",
    "local_id": "",
    "route_mode": "static",
    "mtu": 1500,
    "auth_mode": "psk",
    "psk": "secret",
    "initiator": "bi-directional",
    "dpd": {
      "action": "hold",
      "interval": 30,
      "timeout": 120
    },
    "admin_state_up": true,
    "status": "PENDING_CREATE",
    "vpnservice_id": "d6116b75-db78-4d07-9911-226b4655838a",
    "ikepolicy_id": "94edd562-8b10-4e96-98d7-7b8b99d3ca5d",
    "ipsecpolicy_id": "805ab779-e91c-42db-b6b9-591156d9634e",
    "peer_cidrs": [],
    "local_ep_group_id": "646938a8-322e-44b3-ac35-60deadcd4252",
    "peer_ep_group_id": "e3b89342-73ee-42b9-8ee9-fd91ec36aceb",
    "split_selector": false,
    "project_id": "284a2547ea8445d1be0e68ef2d76672c"
  }
}