VPN IPsec Site Connection¶
Creates a site-to-site IPsec Site Connection for a VPN service.
Network v2
vpn ipsec site connection create¶
Create an IPsec site connection
openstack vpn ipsec site connection create
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--description <description>]
[--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
[--mtu MTU]
[--initiator {bi-directional,response-only}]
[--peer-cidr PEER_CIDRS | --local-endpoint-group LOCAL_ENDPOINT_GROUP]
[--peer-endpoint-group PEER_ENDPOINT_GROUP]
[--enable | --disable]
[--local-id LOCAL_ID]
--peer-id PEER_ID
--peer-address PEER_ADDRESS
--psk PSK
--vpnservice VPNSERVICE
--ikepolicy IKEPOLICY
--ipsecpolicy IPSECPOLICY
[--project <project>]
[--project-domain <project-domain>]
<name>
-
-f
<FORMATTER>
,
--format
<FORMATTER>
¶ the output format, defaults to table
-
-c
COLUMN
,
--column
COLUMN
¶ specify the column(s) to include, can be repeated
-
--noindent
¶
whether to disable indenting the JSON
-
--prefix
<PREFIX>
¶ add a prefix to all variable names
-
--max-width
<integer>
¶ Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
-
--fit-width
¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
-
--print-empty
¶
Print empty table if there is no data to show.
-
--description
<description>
¶ Description for the connection
-
--dpd
action=ACTION,interval=INTERVAL,timeout=TIMEOUT
¶ Ipsec connection Dead Peer Detection attributes. ‘action’-hold,clear,disabled,restart,restart-by-peer. ‘interval’ and ‘timeout’ are non negative integers. ‘interval’ should be less than ‘timeout’ value. ‘action’, default:hold ‘interval’, default:30, ‘timeout’, default:120.
-
--mtu
<MTU>
¶ MTU size for the connection
-
--initiator
<INITIATOR>
¶ Initiator state
-
--peer-cidr
<PEER_CIDRS>
¶ Remote subnet(s) in CIDR format. Cannot be specified when using endpoint groups. Only applicable, if subnet provided for VPN service.
-
--local-endpoint-group
<LOCAL_ENDPOINT_GROUP>
¶ Local endpoint group (name or ID) with subnet(s) for IPsec connection
-
--peer-endpoint-group
<PEER_ENDPOINT_GROUP>
¶ Peer endpoint group (name or ID) with CIDR(s) for IPSec connection
-
--enable
¶
Enable IPSec site connection
-
--disable
¶
Disable IPSec site connection
-
--local-id
<LOCAL_ID>
¶ An ID to be used instead of the external IP address for a virtual router
-
--peer-id
<PEER_ID>
¶ Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN
-
--peer-address
<PEER_ADDRESS>
¶ Peer gateway public IPv4/IPv6 address or FQDN
-
--psk
<PSK>
¶ Pre-shared key string.
-
--vpnservice
VPNSERVICE
¶ VPN service instance associated with this connection (name or ID)
-
--ikepolicy
IKEPOLICY
¶ IKE policy associated with this connection (name or ID)
-
--ipsecpolicy
IPSECPOLICY
¶ IPsec policy associated with this connection (name or ID)
-
--project
<project>
¶ Owner’s project (name or ID)
-
--project-domain
<project-domain>
¶ Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
-
name
¶
Set friendly name for the connection
This command is provided by the python-neutronclient plugin.
vpn ipsec site connection delete¶
Delete IPsec site connection(s)
openstack vpn ipsec site connection delete
<ipsec-site-connection>
[<ipsec-site-connection> ...]
-
ipsec-site-connection
¶
IPsec site connection to delete (name or ID)
This command is provided by the python-neutronclient plugin.
vpn ipsec site connection list¶
List IPsec site connections that belong to a given project
openstack vpn ipsec site connection list
[-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--quote {all,minimal,none,nonnumeric}]
[--noindent]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--sort-column SORT_COLUMN]
[--long]
-
-f
<FORMATTER>
,
--format
<FORMATTER>
¶ the output format, defaults to table
-
-c
COLUMN
,
--column
COLUMN
¶ specify the column(s) to include, can be repeated
-
--quote
<QUOTE_MODE>
¶ when to include quotes, defaults to nonnumeric
-
--noindent
¶
whether to disable indenting the JSON
-
--max-width
<integer>
¶ Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
-
--fit-width
¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
-
--print-empty
¶
Print empty table if there is no data to show.
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--long
¶
List additional fields in output
This command is provided by the python-neutronclient plugin.
vpn ipsec site connection set¶
Set IPsec site connection properties
openstack vpn ipsec site connection set
[--description <description>]
[--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
[--mtu MTU]
[--initiator {bi-directional,response-only}]
[--peer-cidr PEER_CIDRS | --local-endpoint-group LOCAL_ENDPOINT_GROUP]
[--peer-endpoint-group PEER_ENDPOINT_GROUP]
[--enable | --disable]
[--local-id LOCAL_ID]
[--peer-id PEER_ID]
[--peer-address PEER_ADDRESS]
[--name <name>]
<ipsec-site-connection>
-
--description
<description>
¶ Description for the connection
-
--dpd
action=ACTION,interval=INTERVAL,timeout=TIMEOUT
¶ Ipsec connection Dead Peer Detection attributes. ‘action’-hold,clear,disabled,restart,restart-by-peer. ‘interval’ and ‘timeout’ are non negative integers. ‘interval’ should be less than ‘timeout’ value. ‘action’, default:hold ‘interval’, default:30, ‘timeout’, default:120.
-
--mtu
<MTU>
¶ MTU size for the connection
-
--initiator
<INITIATOR>
¶ Initiator state
-
--peer-cidr
<PEER_CIDRS>
¶ Remote subnet(s) in CIDR format. Cannot be specified when using endpoint groups. Only applicable, if subnet provided for VPN service.
-
--local-endpoint-group
<LOCAL_ENDPOINT_GROUP>
¶ Local endpoint group (name or ID) with subnet(s) for IPsec connection
-
--peer-endpoint-group
<PEER_ENDPOINT_GROUP>
¶ Peer endpoint group (name or ID) with CIDR(s) for IPSec connection
-
--enable
¶
Enable IPSec site connection
-
--disable
¶
Disable IPSec site connection
-
--local-id
<LOCAL_ID>
¶ An ID to be used instead of the external IP address for a virtual router
-
--peer-id
<PEER_ID>
¶ Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN
-
--peer-address
<PEER_ADDRESS>
¶ Peer gateway public IPv4/IPv6 address or FQDN
-
--name
<name>
¶ Set friendly name for the connection
-
ipsec-site-connection
¶
IPsec site connection to set (name or ID)
This command is provided by the python-neutronclient plugin.
vpn ipsec site connection show¶
Show information of a given IPsec site connection
openstack vpn ipsec site connection show
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
<ipsec-site-connection>
-
-f
<FORMATTER>
,
--format
<FORMATTER>
¶ the output format, defaults to table
-
-c
COLUMN
,
--column
COLUMN
¶ specify the column(s) to include, can be repeated
-
--noindent
¶
whether to disable indenting the JSON
-
--prefix
<PREFIX>
¶ add a prefix to all variable names
-
--max-width
<integer>
¶ Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
-
--fit-width
¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
-
--print-empty
¶
Print empty table if there is no data to show.
-
ipsec-site-connection
¶
IPsec site connection to display (name or ID)
This command is provided by the python-neutronclient plugin.