Creating IPsec policies

POST /v2.0/vpn/ipsecpolicies

Create an IP security (IPsec) policy.

The IPsec policy specifies the authentication and encryption algorithms and encapsulation mode to use for the established VPN connection.

Source: https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-ipsec-policies-detail#create-ipsec-policies

Request

Parameters

Name	In	Type	Description
`ipsecpolicy`	body	object	An `ipsecpolicy` object.
`name` (Optional)	body	string	A human-readable name of the resource. Default is an empty string.
`description` (Optional)	body	string	A human-readable description for the resource. Default is an empty string.
`tenant_id`	body	string	The ID of the project.
`project_id`	body	string	The ID of the project.
`auth_algorithm` (Optional)	body	string	The authentication hash algorithm. Valid values are `sha1`, `sha256`, `sha384`, `sha512`, `aes-xcbc`, and `aes-cmac`. The default is `sha1`.
`encapsulation_mode` (Optional)	body	string	The encapsulation mode. A valid value is `tunnel` or `transport`. Default is `tunnel`.
`encryption_algorithm` (Optional)	body	string	The encryption algorithm. Valid values are `3des`, `aes-128`, `aes-192`, and `aes-256`. Additional values for AES CCM and GCM modes are defined (for example, `aes-256-ccm-16`, `aes-256-gcm-16`) for all combinations of key length 128, 192, 256 bits and ICV length 8, 12, 16 octets. Default is `aes-128`.
`pfs` (Optional)	body	string	Perfect forward secrecy (PFS). A valid value is `Group2`, `Group5`, `Group14` to `Group31`. Default is `Group5`.
`value` (Optional)	body	integer	The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`transform_protocol` (Optional)	body	string	The transform protocol. A valid value is `ESP`, `AH`, or `AH- ESP`. Default is `ESP`.
`units` (Optional)	body	string	The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`lifetime` (Optional)	body	object	The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.

Example

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' -d '\
{
    "ipsecpolicy": {
        "name": "ipsecpolicy1",
        "transform_protocol": "esp",
        "auth_algorithm": "sha1",
        "encapsulation_mode": "tunnel",
        "encryption_algorithm": "aes-128",
        "pfs": "group5",
        "lifetime": {
            "units": "seconds",
            "value": 7200
        }
    }
}' https://<node_IP_addr>:9696/v2.0/vpn/ipsecpolicies

Response

Parameters

Name	In	Type	Description
`ipsecpolicies`	body	array	A list of `ipsecpolicy` objects.
`ipsecpolicy`	body	object	An `ipsecpolicy` object.
`name` (Optional)	body	string	A human-readable name of the resource. Default is an empty string.
`description` (Optional)	body	string	A human-readable description for the resource. Default is an empty string.
`tenant_id`	body	string	The ID of the project.
`project_id`	body	string	The ID of the project.
`auth_algorithm` (Optional)	body	string	The authentication hash algorithm. Valid values are `sha1`, `sha256`, `sha384`, `sha512`, `aes-xcbc`, and `aes-cmac`. The default is `sha1`.
`encapsulation_mode` (Optional)	body	string	The encapsulation mode. A valid value is `tunnel` or `transport`. Default is `tunnel`.
`encryption_algorithm` (Optional)	body	string	The encryption algorithm. Valid values are `3des`, `aes-128`, `aes-192`, and `aes-256`. Additional values for AES CCM and GCM modes are defined (for example, `aes-256-ccm-16`, `aes-256-gcm-16`) for all combinations of key length 128, 192, 256 bits and ICV length 8, 12, 16 octets. Default is `aes-128`.
`pfs` (Optional)	body	string	Perfect forward secrecy (PFS). A valid value is `Group2`, `Group5`, `Group14` to `Group31`. Default is `Group5`.
`value` (Optional)	body	integer	The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`transform_protocol` (Optional)	body	string	The transform protocol. A valid value is `ESP`, `AH`, or `AH- ESP`. Default is `ESP`.
`units` (Optional)	body	string	The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`lifetime` (Optional)	body	object	The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
`id`	body	string	The ID of the IPsec policy.

Status codes

Success

Code	Reason
`201 - Created`	Resource was created and is ready to use.

Error

Code	Reason
`400 - Bad Request`	Some content in the request was invalid.
`401 - Unauthorized`	User must authenticate before making a request.

Example

{
  "ipsecpolicy": {
    "id": "805ab779-e91c-42db-b6b9-591156d9634e",
    "tenant_id": "284a2547ea8445d1be0e68ef2d76672c",
    "name": "ipsecpolicy1",
    "description": "",
    "transform_protocol": "esp",
    "auth_algorithm": "sha1",
    "encryption_algorithm": "aes-128",
    "encapsulation_mode": "tunnel",
    "lifetime": {
      "units": "seconds",
      "value": 7200
    },
    "pfs": "group5",
    "project_id": "284a2547ea8445d1be0e68ef2d76672c"
  }
}