Creating an IPsec VPN Connection

Function

This API is used to create an IPsec VPN connection.

URI

POST /v2.0/vpn/ipsec-site-connections

Request

Table 1 lists the request parameters for creating an IPsec site connection.

Table 1 Request parameters

Parameter

Type

Mandatory

Description

psk

String

Yes

Specifies the pre-shared key.

The key

  • Can contain 6 to 128 characters.

  • Can contain only:

    • Digits

    • Uppercase letters

    • Lowercase letters

    • Special characters: ~!@#$%^()-_+=[]{}|\,./:;`

initiator

String

No

Specifies whether this VPN can only respond to connections or both respond to and initiate connections.

The value can be bi-directional or response-only.

ipsecpolicy_id

String

Yes

Specifies the IPsec policy ID.

admin_state_up

Boolean

No

Specifies the administrative status, which can be true or false.

Currently, admin_state_up can only be true.

mtu

Integer

No

Specifies the maximum transmission unit to address fragmentation.

mtu can only be 1500.

peer_ep_group_id

String

Yes

Specifies the endpoint group ID (tenant CIDR blocks).

ikepolicy_id

String

Yes

Specifies the IKE policy ID.

vpnservice_id

String

Yes

Specifies the VPN service ID.

local_ep_group_id

String

Yes

Specifies the endpoint group ID (VPC subnets).

peer_address

String

Yes

Specifies the remote gateway address.

The address can contain up to 250 characters.

peer_id

String

Yes

Specifies the remote gateway ID.

The ID can contain up to 250 characters.

name

String

No

Specifies the name of the IPsec VPN connection.

The name can contain 1 to 64 characters.

description

String

No

Provides supplementary information about the IPsec VPN connection.

description can contain a maximum of 255 characters. This parameter has been used by internal components, and you are not allowed to configure the parameter.

peer_cidrs

List<String>

No

Deprecated parameter

Specifies valid CIDR blocks of a tenant.

The format is <net_address > / < prefix >.

tenant_id

String

No

Specifies the project ID.

The ID can contain up to 255 characters.

order_id

String

No

Specifies the ID of a yearly/monthly order.

product_id

String

No

Specifies the ID of a product that is billed on a yearly/monthly basis.

dpd

Object

No

Dead Peer Detection (DPD) is used to detect whether the peer is alive.

For details, see Table 2.

ipsec_site_connection

Object

Yes

Specifies the object of the IPsec VPN connection.

Table 2 dpd parameters

Parameter

Type

Description

action

String

Specifies the DPD action, which can be clear, hold, restart, disabled, or restart-by-peer. The default action is hold.

interval

Integer

Specifies the DPD interval in seconds. The default interval is 30 seconds.

timeout

Integer

Specifies the DPD timeout. The default timeout is 120 seconds.

Note

  • route_mode cannot be configured. The default mode is static.

  • To enable two IPsec connections to work in active/standby mode, local_ep_group_id and peer_ep_group_id of the active and standby connections must be the same. If they are different and the local_ep_group and peer_ep_group values are different, the connection cannot work in active/standby mode.

Response

Table 3 describes the response parameters.

Table 3 Response parameters

Parameter

Type

Description

dpd

Object

DPD is used to detect whether the peer is alive.

For details, see Table 4.

psk

String

Specifies the pre-shared key.

The key

  • Can contain 6 to 128 characters.

  • Can contain only:

    • Digits

    • Uppercase letters

    • Lowercase letters

    • Special characters: ~!@#$%^()-_+=[]{}|\,./:;`

initiator

String

Specifies whether this VPN can only respond to connections or both respond to and initiate connections.

The value can be bi-directional or response-only.

ipsecpolicy_id

String

Specifies the IPsec policy ID.

admin_state_up

Boolean

Specifies the administrative status, which can be true or false.

mtu

Integer

Specifies the maximum transmission unit to address fragmentation.

peer_ep_group_id

String

Specifies the endpoint group ID (tenant CIDR blocks).

ikepolicy_id

String

Specifies the IKE policy ID.

vpnservice_id

String

Specifies the VPN service ID.

local_ep_group_id

String

Specifies the endpoint group ID (VPC subnets).

peer_address

String

Specifies the remote gateway address.

peer_id

String

Specifies the remote gateway ID.

name

String

Specifies the name of the IPsec VPN connection.

description

String

Provides supplementary information about the IPsec VPN connection.

auth_mode

String

Specifies the authentication mode. The default mode is psk.

id

String

Specifies the ID of the IPsec VPN connection.

route_mode

String

Specifies the route advertising mode. The default mode is static.

status

String

Specifies the status of the IPsec VPN connection, which can be ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.

peer_cidrs

List

Deprecated parameter

Specifies valid CIDR blocks of a tenant.

The format is <net_address > / < prefix >.

tenant_id

String

Specifies the project ID.

created_at

String

Specifies the time when the IPsec connection was created.

The time is in YYYY-mm-dd HH:MM:SS.ffffff format.

order_id

String

Specifies the ID of a yearly/monthly order.

product_id

String

Specifies the ID of a product that is billed on a yearly/monthly basis.

ipsec_site_connection

Object

Specifies the object of the IPsec VPN connection.

Table 4 dpd parameters

Parameter

Type

Description

action

String

Specifies the DPD action, which can be clear, hold, restart, disabled, or restart-by-peer. The default action is hold.

interval

Integer

Specifies the DPD interval in seconds. The default interval is 30 seconds.

timeout

Integer

Specifies the DPD timeout. The default timeout is 120 seconds.

Example

  • Example request

    POST /v2.0/vpn/ipsec-site-connections
{
  "ipsec_site_connection" : {
    "psk" : "secret",
    "initiator" : "bi-directional",
    "ipsecpolicy_id" : "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
    "admin_state_up" : true,
    "mtu" : 1500,
    "peer_ep_group_id" : "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
    "ikepolicy_id" : "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
    "vpnservice_id" : "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
    "local_ep_group_id" : "3e1815dd-e212-43d0-8f13-b494fa553e68",
    "peer_address" : "172.24.4.233",
    "peer_id" : "172.24.4.233",
    "name" : "vpnconnection1"
  }
}

  • Example response

    {
  "ipsec_site_connection" : {
    "status" : "PENDING_CREATE",
    "psk" : "secret",
    "initiator" : "bi-directional",
    "name" : "vpnconnection1",
    "admin_state_up" : true,
    "tenant_id" : "10039663455a446d8ba2cbb058b0f578",
    "auth_mode" : "psk",
    "peer_cidrs" : [ ],
    "mtu" : 1500,
    "peer_ep_group_id" : "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
    "ikepolicy_id" : "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
    "vpnservice_id" : "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
    "dpd" : {
      "action" : "hold",
      "interval" : 30,
      "timeout" : 120
    },
    "route_mode" : "static",
    "vpnservice_id": "4754261f-f8c5-4799-a365-78b2e682e38a",
    "ipsecpolicy_id" : "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
    "local_ep_group_id" : "3e1815dd-e212-43d0-8f13-b494fa553e68",
    "peer_address" : "172.24.4.233",
    "peer_id" : "172.24.4.233",
    "id" : "851f280f-5639-4ea3-81aa-e298525ab74b",
    "description" : "",
    "order_id": "",
    "product_id": "",
    "created_at": "2020-08-05 12:39:35.921257"
  }
}

Returned Values

For details, see Common Returned Values.

last updated: 2024-11-08 14:12 UTC - commit: 51e517955de95197f7b562b3410c207ebd27956e