VPN IPsec Site Connection¶
Creates a site-to-site IPsec Site Connection for a VPN service.
Network v2
vpn ipsec site connection create¶
Create an IPsec site connection
openstack vpn ipsec site connection create
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--description <description>]
[--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
[--mtu MTU]
[--initiator {bi-directional,response-only}]
[--peer-cidr PEER_CIDRS | --local-endpoint-group LOCAL_ENDPOINT_GROUP]
[--peer-endpoint-group PEER_ENDPOINT_GROUP]
[--enable | --disable]
[--local-id LOCAL_ID]
--peer-id PEER_ID
--peer-address PEER_ADDRESS
--psk PSK
--vpnservice VPNSERVICE
--ikepolicy IKEPOLICY
--ipsecpolicy IPSECPOLICY
[--project <project>]
[--project-domain <project-domain>]
<name>
- -f <FORMATTER>, --format <FORMATTER>¶
the output format, defaults to table
- -c COLUMN, --column COLUMN¶
specify the column(s) to include, can be repeated to show multiple columns
- --noindent¶
whether to disable indenting the JSON
- --prefix <PREFIX>¶
add a prefix to all variable names
- --max-width <integer>¶
Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
- --fit-width¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
- --print-empty¶
Print empty table if there is no data to show.
- --description <description>¶
Description for the connection
- --dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT¶
Ipsec connection Dead Peer Detection attributes. ‘action’-hold,clear,disabled,restart,restart-by-peer. ‘interval’ and ‘timeout’ are non negative integers. ‘interval’ should be less than ‘timeout’ value. ‘action’, default:hold ‘interval’, default:30, ‘timeout’, default:120.
- --mtu <MTU>¶
MTU size for the connection
- --initiator <INITIATOR>¶
Initiator state
- --peer-cidr <PEER_CIDRS>¶
Remote subnet(s) in CIDR format. Cannot be specified when using endpoint groups. Only applicable, if subnet provided for VPN service.
- --local-endpoint-group <LOCAL_ENDPOINT_GROUP>¶
Local endpoint group (name or ID) with subnet(s) for IPsec connection
- --peer-endpoint-group <PEER_ENDPOINT_GROUP>¶
Peer endpoint group (name or ID) with CIDR(s) for IPSec connection
- --enable¶
Enable IPSec site connection
- --disable¶
Disable IPSec site connection
- --local-id <LOCAL_ID>¶
An ID to be used instead of the external IP address for a virtual router
- --peer-id <PEER_ID>¶
Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN
- --peer-address <PEER_ADDRESS>¶
Peer gateway public IPv4/IPv6 address or FQDN
- --psk <PSK>¶
Pre-shared key string.
- --vpnservice VPNSERVICE¶
VPN service instance associated with this connection (name or ID)
- --ikepolicy IKEPOLICY¶
IKE policy associated with this connection (name or ID)
- --ipsecpolicy IPSECPOLICY¶
IPsec policy associated with this connection (name or ID)
- --project <project>¶
Owner’s project (name or ID)
- --project-domain <project-domain>¶
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
- name¶
Set friendly name for the connection
This command is provided by the python-neutronclient plugin.
vpn ipsec site connection delete¶
Delete IPsec site connection(s)
openstack vpn ipsec site connection delete
<ipsec-site-connection>
[<ipsec-site-connection> ...]
- ipsec-site-connection¶
IPsec site connection to delete (name or ID)
This command is provided by the python-neutronclient plugin.
vpn ipsec site connection list¶
List IPsec site connections that belong to a given project
openstack vpn ipsec site connection list
[-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--quote {all,minimal,none,nonnumeric}]
[--noindent]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--long]
- -f <FORMATTER>, --format <FORMATTER>¶
the output format, defaults to table
- -c COLUMN, --column COLUMN¶
specify the column(s) to include, can be repeated to show multiple columns
- --quote <QUOTE_MODE>¶
when to include quotes, defaults to nonnumeric
- --noindent¶
whether to disable indenting the JSON
- --max-width <integer>¶
Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
- --fit-width¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
- --print-empty¶
Print empty table if there is no data to show.
- --sort-column SORT_COLUMN¶
specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
- --sort-ascending¶
sort the column(s) in ascending order
- --sort-descending¶
sort the column(s) in descending order
- --long¶
List additional fields in output
This command is provided by the python-neutronclient plugin.
vpn ipsec site connection set¶
Set IPsec site connection properties
openstack vpn ipsec site connection set
[--description <description>]
[--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
[--mtu MTU]
[--initiator {bi-directional,response-only}]
[--peer-cidr PEER_CIDRS | --local-endpoint-group LOCAL_ENDPOINT_GROUP]
[--peer-endpoint-group PEER_ENDPOINT_GROUP]
[--enable | --disable]
[--local-id LOCAL_ID]
[--peer-id PEER_ID]
[--peer-address PEER_ADDRESS]
[--name <name>]
<ipsec-site-connection>
- --description <description>¶
Description for the connection
- --dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT¶
Ipsec connection Dead Peer Detection attributes. ‘action’-hold,clear,disabled,restart,restart-by-peer. ‘interval’ and ‘timeout’ are non negative integers. ‘interval’ should be less than ‘timeout’ value. ‘action’, default:hold ‘interval’, default:30, ‘timeout’, default:120.
- --mtu <MTU>¶
MTU size for the connection
- --initiator <INITIATOR>¶
Initiator state
- --peer-cidr <PEER_CIDRS>¶
Remote subnet(s) in CIDR format. Cannot be specified when using endpoint groups. Only applicable, if subnet provided for VPN service.
- --local-endpoint-group <LOCAL_ENDPOINT_GROUP>¶
Local endpoint group (name or ID) with subnet(s) for IPsec connection
- --peer-endpoint-group <PEER_ENDPOINT_GROUP>¶
Peer endpoint group (name or ID) with CIDR(s) for IPSec connection
- --enable¶
Enable IPSec site connection
- --disable¶
Disable IPSec site connection
- --local-id <LOCAL_ID>¶
An ID to be used instead of the external IP address for a virtual router
- --peer-id <PEER_ID>¶
Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN
- --peer-address <PEER_ADDRESS>¶
Peer gateway public IPv4/IPv6 address or FQDN
- --name <name>¶
Set friendly name for the connection
- ipsec-site-connection¶
IPsec site connection to set (name or ID)
This command is provided by the python-neutronclient plugin.
vpn ipsec site connection show¶
Show information of a given IPsec site connection
openstack vpn ipsec site connection show
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
<ipsec-site-connection>
- -f <FORMATTER>, --format <FORMATTER>¶
the output format, defaults to table
- -c COLUMN, --column COLUMN¶
specify the column(s) to include, can be repeated to show multiple columns
- --noindent¶
whether to disable indenting the JSON
- --prefix <PREFIX>¶
add a prefix to all variable names
- --max-width <integer>¶
Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
- --fit-width¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
- --print-empty¶
Print empty table if there is no data to show.
- ipsec-site-connection¶
IPsec site connection to display (name or ID)
This command is provided by the python-neutronclient plugin.
