Create IPsec site connection

Creates an IPsec site connection.

URI

/v2.0/vpn/ipsec-site-connections

HTTP method

POST

Request parameter

Key Description Type Required/optional
psk Pre Shared Key: any string. string Required
initiator Whether this VPN can only respond to connections or can initiate as well. Select bi-directional or response-only

(default: bi-directional)

string Optional
ipsecpolicy_id Unique identifier of IPsec policy. uuid-str Required
admin_state_up Administrative state of VPN connection. If false (down), VPN connection does not forward packets.

(default: true)

bool Optional
peer_cidrs Peer private CIDRs. unique list of valid cidr in the form <net_address>/<prefix>. Only one cidr can be specifed. list Required
ikepolicy_id Unique identifier of IKE policy. uuid-str Required
dpd Dead Peer Detection protocol controls. Action: hold or restart. Interval and timeout in seconds.

(default: {'action' : 'hold', 'interval' : 30, 'timeout' : 120)

dict Optional
vpnservice_id Unique identifier of VPN service. uuid-str Required
peer_address Peer gateway public IPv4 address (It can not be specified in CIDR format). string Required
peer_id Peer router identity for authentication. Can be IPv4/IPv6 address (It can not be specified in CIDR format), e-mail address, key id, or FQDN. string Required
name Name for IPsec site-to-site connection. string Optional
description Description of the IPsec site-to-site connection. string Optional
availability_zone The Availability Zone name.

If you do not specify this, the resource will be created in the default Availability Zone.

xsd:string Optional

Example request


{
  "ipsec_site_connection": {
    "psk": "secret",
    "initiator": "bi-directional",
    "ipsecpolicy_id": "22b8abdc-e822-45b3-90dd-f2c8512acfa5",
    "admin_state_up": true,
    "peer_cidrs": [
      "10.2.0.0/24"
    ],
    "ikepolicy_id": "d3f373dc-0708-4224-b6f8-676adf27dab8",
    "dpd": {
      "action": "hold",
      "interval": 60,
      "timeout": 240
    },
    "vpnservice_id": "7b347d20-6fa3-4e22-b744-c49ee235ae4f",
    "peer_address": "172.24.4.233",
    "peer_id": "172.24.4.233",
    "name": "vpnconnection1",
    "availability_zone": "AZ1"
  }
}
     

Response status

Status code Description
201 Normal response codes
Unauthorized (401) Error response codes
Bad Request (400) Error response codes

Response body (normal status)


{
  "ipsec_site_connection": {
    "status": "PENDING_CREATE",
    "psk": "secret",
    "initiator": "bi-directional",
    "name": "vpnconnection1",
    "admin_state_up": true,
    "tenant_id": "b6887d0b45b54a249b2ce3dee01caa47",
    "description": "",
    "auth_mode": "psk",
    "peer_cidrs": [
      "10.2.0.0/24"
    ],
    "mtu": 1500,
    "ikepolicy_id": "d3f373dc-0708-4224-b6f8-676adf27dab8",
    "dpd": {
      "action": "hold",
      "interval": 60,
      "timeout": 240
    },
    "route_mode": "static",
    "vpnservice_id": "7b347d20-6fa3-4e22-b744-c49ee235ae4f",
    "peer_address": "172.24.4.233",
    "peer_id": "172.24.4.233",
    "id": "af44dfd7-cf91-4451-be57-cd4fdd96b5dc",
    "ipsecpolicy_id": "22b8abdc-e822-45b3-90dd-f2c8512acfa5",
    "availability_zone": "AZ1"
  }
}
     

Description of response body (normal status)

Item Description
status Indicates whether VPN connection is currently operational. Possible values include: ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.
psk Pre Shared Key: any string.
initiator Whether this VPN can only respond to connections or can initiate as well.
name Name for IPsec site-to-site connection.
admin_state_up Administrative state of VPN connection. If false (down), VPN connection does not forward packets.
tenant_id Unique identifier for owner of the VPN service.
description Description of the IPsec site-to-site connection.
auth_mode Authentication mode: psk.
peer_cidrs Peer private CIDRs.
mtu Maximum Transmission Unit to address fragmentation.
ikepolicy_id Unique identifier of IKE policy.
dpd Dead Peer Detection protocol controls. Action: hold or restart. Interval and timeout in seconds.
route_mode Route mode: static. This will be extended in the future.
vpnservice_id Unique identifier of VPN service.
peer_address Peer gateway public IPv4 address.
peer_id Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN.
id Unique identifier for the IPsec site-to-site connection.
ipsecpolicy_id Unique identifier of IPsec policy.
availability_zone The Availability Zone name.

CAUTION:

If the status does not become ACTIVE after creating resources, even though the connection destination settings have been completed, check the items in the notes in "List IPsec site connections".