VPN IPsec Site Connection¶

vpn ipsec site connection create¶

Create an IPsec site connection

openstack vpn ipsec site connection create
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--noindent]
    [--prefix PREFIX]
    [--description <description>]
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    [--mtu MTU]
    [--initiator {bi-directional,response-only}]
    [--peer-cidr PEER_CIDRS | --local-endpoint-group LOCAL_ENDPOINT_GROUP]
    [--peer-endpoint-group PEER_ENDPOINT_GROUP]
    [--enable | --disable]
    [--local-id LOCAL_ID]
    --peer
    -i
    d
    PEER_ID
    --peer
    -a
    ddress
    PEER_ADDRESS
    --psk
    PSK
    --vpnservice
    VPNSERVICE
    --ikepolicy
    IKEPOLICY
    --ipsecpolicy
    IPSECPOLICY
    [--project <project>]
    [--project-domain <project-domain>]
    <name>

-f <FORMATTER>, --format <FORMATTER>¶

the output format, defaults to table

-c COLUMN, --column COLUMN¶

specify the column(s) to include, can be repeated

--max-width <integer>¶

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width¶

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty¶

Print empty table if there is no data to show.

--noindent¶

whether to disable indenting the JSON

--prefix <PREFIX>¶

add a prefix to all variable names

--description <description>¶

Description for the connection

--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT¶

Ipsec connection Dead Peer Detection attributes. ‘action’-hold,clear,disabled,restart,restart-by-peer. ‘interval’ and ‘timeout’ are non negative integers. ‘interval’ should be less than ‘timeout’ value. ‘action’, default:hold ‘interval’, default:30, ‘timeout’, default:120.

--mtu <MTU>¶

MTU size for the connection

--initiator <INITIATOR>¶

Initiator state

--peer-cidr <PEER_CIDRS>¶

Remote subnet(s) in CIDR format. Cannot be specified when using endpoint groups. Only applicable, if subnet provided for VPN service.

--local-endpoint-group <LOCAL_ENDPOINT_GROUP>¶

Local endpoint group (name or ID) with subnet(s) for IPsec connection

--peer-endpoint-group <PEER_ENDPOINT_GROUP>¶

Peer endpoint group (name or ID) with CIDR(s) for IPSec connection

--enable¶

Enable IPSec site connection

--disable¶

Disable IPSec site connection

--local-id <LOCAL_ID>¶

An ID to be used instead of the external IP address for a virtual router

--peer-id <PEER_ID>¶

Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN

--peer-address <PEER_ADDRESS>¶

Peer gateway public IPv4/IPv6 address or FQDN

--psk <PSK>¶

Pre-shared key string.

--vpnservice VPNSERVICE¶

VPN service instance associated with this connection (name or ID)

--ikepolicy IKEPOLICY¶

IKE policy associated with this connection (name or ID)

--ipsecpolicy IPSECPOLICY¶

IPsec policy associated with this connection (name or ID)

--project <project>¶

Owner’s project (name or ID)

--project-domain <project-domain>¶

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name¶

Set friendly name for the connection

This command is provided by the python-neutronclient plugin.

vpn ipsec site connection delete¶

Delete IPsec site connection(s)

openstack vpn ipsec site connection delete
    <ipsec-site-connection>
    [<ipsec-site-connection> ...]

ipsec-site-connection¶

IPsec site connection to delete (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ipsec site connection list¶

List IPsec site connections that belong to a given project

openstack vpn ipsec site connection list
    [-f {csv,json,table,value,yaml}]
    [-c COLUMN]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--noindent]
    [--quote {all,minimal,none,nonnumeric}]
    [--sort-column SORT_COLUMN]
    [--long]

-f <FORMATTER>, --format <FORMATTER>¶

the output format, defaults to table

-c COLUMN, --column COLUMN¶

specify the column(s) to include, can be repeated

--max-width <integer>¶

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width¶

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty¶

Print empty table if there is no data to show.

--noindent¶

whether to disable indenting the JSON

--quote <QUOTE_MODE>¶

when to include quotes, defaults to nonnumeric

--sort-column SORT_COLUMN¶

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long¶

List additional fields in output

This command is provided by the python-neutronclient plugin.

vpn ipsec site connection set¶

Set IPsec site connection properties

openstack vpn ipsec site connection set
    [--description <description>]
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    [--mtu MTU]
    [--initiator {bi-directional,response-only}]
    [--peer-cidr PEER_CIDRS | --local-endpoint-group LOCAL_ENDPOINT_GROUP]
    [--peer-endpoint-group PEER_ENDPOINT_GROUP]
    [--enable | --disable]
    [--local-id LOCAL_ID]
    [--peer-id PEER_ID]
    [--peer-address PEER_ADDRESS]
    [--name <name>]
    <ipsec-site-connection>

--description <description>¶

Description for the connection

--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT¶

Ipsec connection Dead Peer Detection attributes. ‘action’-hold,clear,disabled,restart,restart-by-peer. ‘interval’ and ‘timeout’ are non negative integers. ‘interval’ should be less than ‘timeout’ value. ‘action’, default:hold ‘interval’, default:30, ‘timeout’, default:120.

--mtu <MTU>¶

MTU size for the connection

--initiator <INITIATOR>¶

Initiator state

--peer-cidr <PEER_CIDRS>¶

Remote subnet(s) in CIDR format. Cannot be specified when using endpoint groups. Only applicable, if subnet provided for VPN service.

--local-endpoint-group <LOCAL_ENDPOINT_GROUP>¶

Local endpoint group (name or ID) with subnet(s) for IPsec connection

--peer-endpoint-group <PEER_ENDPOINT_GROUP>¶

Peer endpoint group (name or ID) with CIDR(s) for IPSec connection

--enable¶

Enable IPSec site connection

--disable¶

Disable IPSec site connection

--local-id <LOCAL_ID>¶

An ID to be used instead of the external IP address for a virtual router

--peer-id <PEER_ID>¶

Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN

--peer-address <PEER_ADDRESS>¶

Peer gateway public IPv4/IPv6 address or FQDN

--name <name>¶

Set friendly name for the connection

ipsec-site-connection¶

IPsec site connection to set (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ipsec site connection show¶

Show information of a given IPsec site connection

openstack vpn ipsec site connection show
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--noindent]
    [--prefix PREFIX]
    <ipsec-site-connection>

-f <FORMATTER>, --format <FORMATTER>¶

the output format, defaults to table

-c COLUMN, --column COLUMN¶

specify the column(s) to include, can be repeated

--max-width <integer>¶

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width¶

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty¶

Print empty table if there is no data to show.

--noindent¶

whether to disable indenting the JSON

--prefix <PREFIX>¶

add a prefix to all variable names

ipsec-site-connection¶

IPsec site connection to display (name or ID)

This command is provided by the python-neutronclient plugin.