Listing IPsec connections

GET /v2.0/vpn/ipsec-site-connections

List all IPsec connections.

Source: https://docs.openstack.org/api-ref/network/v2/index.html?expanded=list-ipsec-connections-detail#list-ipsec-connections

Request

Name In Type Description
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using the fields parameter, the API returns only the requested set of attributes. The fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only the id and name attributes will be returned.

Example

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' \
https://<node_IP_addr>:9696/v2.0/vpn/ipsec-site-connections

Response

Parameters

Name In Type Description
auth_mode (Optional) body string The authentication mode. A valid value is psk, which is the default.
ikepolicy_id body string The ID of the IKE policy.
vpnservice_id body string The ID of the VPN service.
local_ep_group_id (Optional) body string The ID for the endpoint group that contains private subnets for the local side of the connection. You must specify this parameter with the peer_ep_group_id parameter.
peer_address body string The peer gateway public IPv4 or IPv6 address or FQDN.
id (Optional) body string The ID of the IPsec site-to-site connection.
route_mode (Optional) body string The route mode. A valid value is static, which is the default.
ipsecpolicy_id body string The ID of the IPsec policy.
peer_id body string The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peer_address value.
status body string Indicates whether the IPsec connection is currently operational. Values are ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.
psk body string The pre-shared key. A valid value is any string.
name (Optional) body string A human-readable name of the resource. Default is an empty string.
description (Optional) body string A human-readable description for the resource. Default is an empty string.
initiator (Optional) body string Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is response-only or bi-directional. Default is bi-directional.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id body string The ID of the project.
project_id body string The ID of the project.
interval (Optional) body integer The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
mtu body integer The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6.
peer_ep_group_id (Optional) body string The ID for the endpoint group that contains private CIDRs in the form <net_address>/<prefix> for the peer side of the connection. You must specify this parameter with the local_ep_group_id parameter.
dpd (Optional) body object A dictionary with dead peer detection (DPD) protocol controls.
timeout body integer The dead peer detection (DPD) timeout in seconds. A valid value is a positive integer that is greater than the DPD interval value. Default is 120.
action body string The dead peer detection (DPD) action. A valid value is clear, hold, restart, disabled, or restart-by-peer. Default value is hold.
local_id (Optional) body string An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Status codes

Success

Code Reason
200 - OK Request was successful.

Error

Code Reason
401 - Unauthorized

User must authenticate before making a request.

403 - Forbidden

Policy does not allow current user to do this operation.

Example

{
  "ipsec_site_connections": [
    {
      "id": "324dc68b-bdee-4a78-9d14-3484d8ee97a9",
      "tenant_id": "284a2547ea8445d1be0e68ef2d76672c",
      "name": "vpnconnection1",
      "description": "",
      "peer_address": "10.136.18.138",
      "peer_id": "10.136.18.138",
      "local_id": "",
      "route_mode": "static",
      "mtu": 1500,
      "auth_mode": "psk",
      "psk": "secret",
      "initiator": "bi-directional",
      "dpd": {
        "action": "hold",
        "interval": 30,
        "timeout": 120
      },
      "admin_state_up": true,
      "status": "DOWN",
      "vpnservice_id": "d6116b75-db78-4d07-9911-226b4655838a",
      "ikepolicy_id": "94edd562-8b10-4e96-98d7-7b8b99d3ca5d",
      "ipsecpolicy_id": "805ab779-e91c-42db-b6b9-591156d9634e",
      "peer_cidrs": [],
      "local_ep_group_id": "646938a8-322e-44b3-ac35-60deadcd4252",
      "peer_ep_group_id": "e3b89342-73ee-42b9-8ee9-fd91ec36aceb",
      "split_selector": false,
      "project_id": "284a2547ea8445d1be0e68ef2d76672c"
    }
  ]
}