The IKE Policy is used for phases one and two negotiation of the VPN connection. You can specify both the authentication and encryption algorithms for connections.
Network v2
Create an IKE policy
openstack vpn ike policy create
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--noindent]
[--prefix PREFIX]
[--description <description>]
[--auth-algorithm {sha1,sha256,sha384,sha512}]
[--encryption-algorithm {aes-128,3des,aes-192,aes-256}]
[--phase1-negotiation-mode {main}]
[--ike-version {v1,v2}]
[--pfs {group5,group2,group14}]
[--lifetime units=UNITS,value=VALUE]
[--project <project>]
[--project-domain <project-domain>]
<name>
-f
<FORMATTER>
,
--format
<FORMATTER>
¶the output format, defaults to table
-c
COLUMN
,
--column
COLUMN
¶specify the column(s) to include, can be repeated
--max-width
<integer>
¶Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
--fit-width
¶Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
--print-empty
¶Print empty table if there is no data to show.
--noindent
¶whether to disable indenting the JSON
--prefix
<PREFIX>
¶add a prefix to all variable names
--description
<description>
¶Description of the IKE policy
--auth-algorithm
<AUTH_ALGORITHM>
¶Authentication algorithm
--encryption-algorithm
<ENCRYPTION_ALGORITHM>
¶Encryption algorithm
--phase1-negotiation-mode
<PHASE1_NEGOTIATION_MODE>
¶IKE Phase1 negotiation mode
--ike-version
<IKE_VERSION>
¶IKE version for the policy
--pfs
<PFS>
¶Perfect Forward Secrecy
--lifetime
units=UNITS,value=VALUE
¶IKE lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.
--project
<project>
¶Owner’s project (name or ID)
--project-domain
<project-domain>
¶Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
name
¶Name of the IKE policy
This command is provided by the python-neutronclient plugin.
Delete IKE policy (policies)
openstack vpn ike policy delete <ike-policy> [<ike-policy> ...]
ike-policy
¶IKE policy to delete (name or ID)
This command is provided by the python-neutronclient plugin.
List IKE policies that belong to a given project
openstack vpn ike policy list
[-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--noindent]
[--quote {all,minimal,none,nonnumeric}]
[--sort-column SORT_COLUMN]
[--long]
-f
<FORMATTER>
,
--format
<FORMATTER>
¶the output format, defaults to table
-c
COLUMN
,
--column
COLUMN
¶specify the column(s) to include, can be repeated
--max-width
<integer>
¶Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
--fit-width
¶Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
--print-empty
¶Print empty table if there is no data to show.
--noindent
¶whether to disable indenting the JSON
--quote
<QUOTE_MODE>
¶when to include quotes, defaults to nonnumeric
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--long
¶List additional fields in output
This command is provided by the python-neutronclient plugin.
Set IKE policy properties
openstack vpn ike policy set
[--description <description>]
[--auth-algorithm {sha1,sha256,sha384,sha512}]
[--encryption-algorithm {aes-128,3des,aes-192,aes-256}]
[--phase1-negotiation-mode {main}]
[--ike-version {v1,v2}]
[--pfs {group5,group2,group14}]
[--lifetime units=UNITS,value=VALUE]
[--name <name>]
<ike-policy>
--description
<description>
¶Description of the IKE policy
--auth-algorithm
<AUTH_ALGORITHM>
¶Authentication algorithm
--encryption-algorithm
<ENCRYPTION_ALGORITHM>
¶Encryption algorithm
--phase1-negotiation-mode
<PHASE1_NEGOTIATION_MODE>
¶IKE Phase1 negotiation mode
--ike-version
<IKE_VERSION>
¶IKE version for the policy
--pfs
<PFS>
¶Perfect Forward Secrecy
--lifetime
units=UNITS,value=VALUE
¶IKE lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.
--name
<name>
¶Name of the IKE policy
ike-policy
¶IKE policy to set (name or ID)
This command is provided by the python-neutronclient plugin.
Display IKE policy details
openstack vpn ike policy show
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--noindent]
[--prefix PREFIX]
<ike-policy>
-f
<FORMATTER>
,
--format
<FORMATTER>
¶the output format, defaults to table
-c
COLUMN
,
--column
COLUMN
¶specify the column(s) to include, can be repeated
--max-width
<integer>
¶Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
--fit-width
¶Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
--print-empty
¶Print empty table if there is no data to show.
--noindent
¶whether to disable indenting the JSON
--prefix
<PREFIX>
¶add a prefix to all variable names
ike-policy
¶IKE policy to display (name or ID)
This command is provided by the python-neutronclient plugin.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.