Creating a VPN service (V2 service/self-signed certificate)

This section explains the procedure for creating a VPN service.



  1. Execute the following commands to perform the necessary configuration.
    $ SUBNET_ID=<Desired Subnet ID for SSL-VPN Connection>
    $ ROUTER_ID=<Router ID to Be Used for SSL-VPN>
    $ VPN_SERVICE_NAME=<VPN Service Name (Optional)>
    $ ADMIN_STATE_UP=true
    $ AZ=<Availability Zone>
    Warning:

    The parameter definition of the subnet for connecting using an SSL-VPN connection must be specified as follows:

    • cidr

      The mask value for the network address is specified in the range of "16bit - 29bit".

      Example: 192.168.1.0/24

    • gateway_ip

      The IP address of the virtual router specified for the VPN service is specified.

  2. Execute the following API.
    $ curl -sS $NETWORK/v2.0/vpn/vpnservices -X POST \
    -H "X-Auth-Token: $OS_AUTH_TOKEN" -H "Content-Type: application/json" \
    -d '{"vpnservice": {"subnet_id": "'$SUBNET_ID'",
     "router_id": "'$ROUTER_ID'", "name": "'$VPN_SERVICE_NAME'",
     "admin_state_up":"'$ADMIN_STATE_UP'", "availability_zone": "'$AZ'" }}' \
    | jq .

    The following response will be returned.

    {
      "vpnservice": {
        "availability_zone": "<Availability Zone>",
        "router_id": "<Router ID for SSL-VPN Connection>",
        "status": "PENDING_CREATE",
        "name": "<VPN Service Name>",
        "admin_state_up": true,
        "subnet_id": "<Subnet ID for SSL-VPN Connection>",
        "tenant_id": "<Project ID for SSL-VPN Connection>",
        "id": "<VPN Service ID>",
        "description": ""
      }
    }
  3. Execute the following API to confirm the status of the created VPN service.
    $ curl -sS $NETWORK/v2.0/vpn/vpnservices -X GET \
    -H "X-Auth-Token: $OS_AUTH_TOKEN" -H "Content-Type:application/json" \
    | jq .

    If the "status" of the created VPN service is "PENDING_CREATE", as shown below, then creation of the SSL-VPN connection is complete.

    {
    "vpnservices": [
        {
          "availability_zone": "<Availability Zone>",
          "router_id": "<Router ID for SSL-VPN Connection>",
          "status": "PENDING_CREATE",
          "name": "<VPN Service Name>",
          "admin_state_up": true,
          "subnet_id": "<Subnet ID for SSL-VPN Connection>",
          "tenant_id": "<Project ID for SSL-VPN Connection>",
          "id": "<VPN Service ID>",
          "description": ""
        }
      ]
    }