Create IPsec site connection
Creates an IPsec site connection.
URI
/v2.0/vpn/ipsec-site-connections
HTTP method
POST
Request parameter
| Key | Description | Type | Required/optional |
|---|---|---|---|
| psk | Pre Shared Key: any string. | string | Required |
| initiator | Whether this VPN can only respond to connections or can initiate as well. Select bi-directional or response-only (default: bi-directional) |
string | Optional |
| ipsecpolicy_id | Unique identifier of IPsec policy. | uuid-str | Required |
| admin_state_up | Administrative state of VPN connection. If false (down), VPN connection does not forward packets. (default: true) |
bool | Optional |
| peer_cidrs | Peer private CIDRs. unique list of valid cidr in the form <net_address>/<prefix>. Only one cidr can be specifed. | list | Required |
| ikepolicy_id | Unique identifier of IKE policy. | uuid-str | Required |
| dpd | Dead Peer Detection protocol controls. Action: hold or restart. Interval and timeout in seconds. (default: {'action' : 'hold', 'interval' : 30, 'timeout' : 120) |
dict | Optional |
| vpnservice_id | Unique identifier of VPN service. | uuid-str | Required |
| peer_address | Peer gateway public IPv4 address (It can not be specified in CIDR format). | string | Required |
| peer_id | Peer router identity for authentication. Can be IPv4/IPv6 address (It can not be specified in CIDR format), e-mail address, key id, or FQDN. | string | Required |
| name | Name for IPsec site-to-site connection. | string | Optional |
| description | Description of the IPsec site-to-site connection. | string | Optional |
| availability_zone | The Availability Zone name. If you do not specify this, the resource will be created in the default Availability Zone. |
xsd:string | Optional |
Example request
{
"ipsec_site_connection": {
"psk": "secret",
"initiator": "bi-directional",
"ipsecpolicy_id": "22b8abdc-e822-45b3-90dd-f2c8512acfa5",
"admin_state_up": true,
"peer_cidrs": [
"10.2.0.0/24"
],
"ikepolicy_id": "d3f373dc-0708-4224-b6f8-676adf27dab8",
"dpd": {
"action": "hold",
"interval": 60,
"timeout": 240
},
"vpnservice_id": "7b347d20-6fa3-4e22-b744-c49ee235ae4f",
"peer_address": "172.24.4.233",
"peer_id": "172.24.4.233",
"name": "vpnconnection1",
"availability_zone": "AZ1"
}
}
Response status
| Status code | Description |
|---|---|
| 201 | Normal response codes |
| Unauthorized (401) | Error response codes |
| Bad Request (400) | Error response codes |
Response body (normal status)
{
"ipsec_site_connection": {
"status": "PENDING_CREATE",
"psk": "secret",
"initiator": "bi-directional",
"name": "vpnconnection1",
"admin_state_up": true,
"tenant_id": "b6887d0b45b54a249b2ce3dee01caa47",
"description": "",
"auth_mode": "psk",
"peer_cidrs": [
"10.2.0.0/24"
],
"mtu": 1500,
"ikepolicy_id": "d3f373dc-0708-4224-b6f8-676adf27dab8",
"dpd": {
"action": "hold",
"interval": 60,
"timeout": 240
},
"route_mode": "static",
"vpnservice_id": "7b347d20-6fa3-4e22-b744-c49ee235ae4f",
"peer_address": "172.24.4.233",
"peer_id": "172.24.4.233",
"id": "af44dfd7-cf91-4451-be57-cd4fdd96b5dc",
"ipsecpolicy_id": "22b8abdc-e822-45b3-90dd-f2c8512acfa5",
"availability_zone": "AZ1"
}
}
Description of response body (normal status)
| Item | Description |
|---|---|
| status | Indicates whether VPN connection is currently operational. Possible values include: ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE. |
| psk | Pre Shared Key: any string. |
| initiator | Whether this VPN can only respond to connections or can initiate as well. |
| name | Name for IPsec site-to-site connection. |
| admin_state_up | Administrative state of VPN connection. If false (down), VPN connection does not forward packets. |
| tenant_id | Unique identifier for owner of the VPN service. |
| description | Description of the IPsec site-to-site connection. |
| auth_mode | Authentication mode: psk. |
| peer_cidrs | Peer private CIDRs. |
| mtu | Maximum Transmission Unit to address fragmentation. |
| ikepolicy_id | Unique identifier of IKE policy. |
| dpd | Dead Peer Detection protocol controls. Action: hold or restart. Interval and timeout in seconds. |
| route_mode | Route mode: static. This will be extended in the future. |
| vpnservice_id | Unique identifier of VPN service. |
| peer_address | Peer gateway public IPv4 address. |
| peer_id | Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN. |
| id | Unique identifier for the IPsec site-to-site connection. |
| ipsecpolicy_id | Unique identifier of IPsec policy. |
| availability_zone | The Availability Zone name. |
CAUTION:
If the status does not become ACTIVE after creating resources, even though the connection destination settings have been completed, check the items in the notes in "List IPsec site connections".