VPN IKE Policy

The IKE Policy is used for phases one and two negotiation of the VPN connection. You can specify both the authentication and encryption algorithms for connections.

Network v2

vpn ike policy create

Create an IKE policy

openstack vpn ike policy create
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--noindent]
    [--prefix PREFIX]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--description <description>]
    [--auth-algorithm {sha1,sha256,sha384,sha512}]
    [--encryption-algorithm {aes-128,3des,aes-192,aes-256}]
    [--phase1-negotiation-mode {main,aggressive}]
    [--ike-version {v1,v2}]
    [--pfs {group5,group2,group14}]
    [--lifetime units=UNITS,value=VALUE]
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated to show multiple columns

--noindent

whether to disable indenting the JSON

--prefix <PREFIX>

add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

--description <description>

Description of the IKE policy

--auth-algorithm <AUTH_ALGORITHM>

Authentication algorithm

--encryption-algorithm <ENCRYPTION_ALGORITHM>

Encryption algorithm

--phase1-negotiation-mode <PHASE1_NEGOTIATION_MODE>

IKE Phase1 negotiation mode

--ike-version <IKE_VERSION>

IKE version for the policy

--pfs <PFS>

Perfect Forward Secrecy

--lifetime units=UNITS,value=VALUE

IKE lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name

Name of the IKE policy

This command is provided by the python-neutronclient plugin.

vpn ike policy delete

Delete IKE policy (policies)

openstack vpn ike policy delete <ike-policy> [<ike-policy> ...]
ike-policy

IKE policy to delete (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ike policy list

List IKE policies that belong to a given project

openstack vpn ike policy list
    [-f {csv,json,table,value,yaml}]
    [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--noindent]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--sort-column SORT_COLUMN]
    [--long]
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated to show multiple columns

--quote <QUOTE_MODE>

when to include quotes, defaults to nonnumeric

--noindent

whether to disable indenting the JSON

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

vpn ike policy set

Set IKE policy properties

openstack vpn ike policy set
    [--description <description>]
    [--auth-algorithm {sha1,sha256,sha384,sha512}]
    [--encryption-algorithm {aes-128,3des,aes-192,aes-256}]
    [--phase1-negotiation-mode {main,aggressive}]
    [--ike-version {v1,v2}]
    [--pfs {group5,group2,group14}]
    [--lifetime units=UNITS,value=VALUE]
    [--name <name>]
    <ike-policy>
--description <description>

Description of the IKE policy

--auth-algorithm <AUTH_ALGORITHM>

Authentication algorithm

--encryption-algorithm <ENCRYPTION_ALGORITHM>

Encryption algorithm

--phase1-negotiation-mode <PHASE1_NEGOTIATION_MODE>

IKE Phase1 negotiation mode

--ike-version <IKE_VERSION>

IKE version for the policy

--pfs <PFS>

Perfect Forward Secrecy

--lifetime units=UNITS,value=VALUE

IKE lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.

--name <name>

Name of the IKE policy

ike-policy

IKE policy to set (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ike policy show

Display IKE policy details

openstack vpn ike policy show
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--noindent]
    [--prefix PREFIX]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    <ike-policy>
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated to show multiple columns

--noindent

whether to disable indenting the JSON

--prefix <PREFIX>

add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

ike-policy

IKE policy to display (name or ID)

This command is provided by the python-neutronclient plugin.