osc network vpn
VPNaaS 2.0 (vpn, vpnservices, ikepolicies, ipsecpolicies, endpoint-groups, ipsec-site-connections)
The Virtual-Private-Network-as-a-Service (VPNaaS) extension enables OpenStack projects to extend private networks across the public telecommunication infrastructure.
This initial implementation of the VPNaaS extension provides:
-
Site-to-site VPN that connects two private networks.
-
Multiple VPN connections per project.
-
IKEv1 policy support with 3des, aes-128, aes-256, or aes-192 encryption.
-
IPsec policy support with 3des, aes-128, aes-192, or aes-256 encryption, sha1 authentication, ESP, AH, or AH-ESP transform protocol, and tunnel or transport mode encapsulation.
-
Dead Peer Detection (DPD) with hold, clear, restart, disabled, or restart-by-peer actions.
This extension introduces these resources:
-
service. A parent object that associates VPN with a specific subnet and router.
-
ikepolicy. The Internet Key Exchange (IKE) policy that identifies the authentication and encryption algorithm to use during phase one and two negotiation of a VPN connection.
-
ipsecpolicy. The IP security policy that specifies the authentication and encryption algorithm and encapsulation mode to use for the established VPN connection.
-
ipsec-site-connection. Details for the site-to-site IPsec connection, including the peer CIDRs, MTU, authentication mode, peer address, DPD settings, and status.
VPN Endpoint Groups
The endpoint-groups extension adds support for defining one or more endpoints of a specific type, and can be used to specify both local and peer endpoints for IPsec connections.
VPN Flavors
The vpn-flavors extension adds the flavor_id attribute to vpnservices resources. During vpnservice creation, if a flavor_id is passed, it is used to find the provider for the driver which would handle the newly created vpnservice.
Usage: osc network vpn <COMMAND>
Available subcommands:
osc network vpn endpoint-group— VPN Endpoint Groupsosc network vpn ikepolicy— The Internet Key Exchange (IKE) policy that identifies the authentication and encryption algorithm to use during phase one and two negotiation of a VPN connectionosc network vpn ipsec-site-connection— Details for the site-to-site IPsec connection, including the peer CIDRs, MTU, authentication mode, peer address, DPD settings, and statusosc network vpn ipsecpolicy— The IP security policy that specifies the authentication and encryption algorithm and encapsulation mode to use for the established VPN connectionosc network vpn vpnservice— VPN Service - A parent object that associates VPN with a specific subnet and router