VPN IPsec Policy¶
The IPsec Policy specifies the authentication and encryption algorithms and encapsulation mode to use for the established VPN connection.
Network v2
vpn ipsec policy create¶
Create an IPsec policy
openstack vpn ipsec policy create
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--description <description>]
[--auth-algorithm {sha1,sha256,sha384,sha512}]
[--encapsulation-mode {tunnel,transport}]
[--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
[--lifetime units=UNITS,value=VALUE]
[--pfs {group2,group5,group14}]
[--transform-protocol {esp,ah,ah-esp}]
[--project <project>]
[--project-domain <project-domain>]
<name>
- -f <FORMATTER>, --format <FORMATTER>¶
the output format, defaults to table
- -c COLUMN, --column COLUMN¶
specify the column(s) to include, can be repeated to show multiple columns
- --noindent¶
whether to disable indenting the JSON
- --prefix <PREFIX>¶
add a prefix to all variable names
- --max-width <integer>¶
Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
- --fit-width¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
- --print-empty¶
Print empty table if there is no data to show.
- --description <description>¶
Description of the IPsec policy
- --auth-algorithm <AUTH_ALGORITHM>¶
Authentication algorithm for IPsec policy
- --encapsulation-mode <ENCAPSULATION_MODE>¶
Encapsulation mode for IPsec policy
- --encryption-algorithm <ENCRYPTION_ALGORITHM>¶
Encryption algorithm for IPsec policy
- --lifetime units=UNITS,value=VALUE¶
IPsec lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.
- --pfs <PFS>¶
Perfect Forward Secrecy for IPsec policy
- --transform-protocol <TRANSFORM_PROTOCOL>¶
Transform protocol for IPsec policy
- --project <project>¶
Owner’s project (name or ID)
- --project-domain <project-domain>¶
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
- name¶
Name of the IPsec policy
This command is provided by the python-neutronclient plugin.
vpn ipsec policy delete¶
Delete IPsec policy(policies)
openstack vpn ipsec policy delete <ipsec-policy> [<ipsec-policy> ...]
- ipsec-policy¶
ipsec policy to delete (name or ID)
This command is provided by the python-neutronclient plugin.
vpn ipsec policy list¶
List IPsec policies that belong to a given project
openstack vpn ipsec policy list
[-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--quote {all,minimal,none,nonnumeric}]
[--noindent]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--long]
- -f <FORMATTER>, --format <FORMATTER>¶
the output format, defaults to table
- -c COLUMN, --column COLUMN¶
specify the column(s) to include, can be repeated to show multiple columns
- --quote <QUOTE_MODE>¶
when to include quotes, defaults to nonnumeric
- --noindent¶
whether to disable indenting the JSON
- --max-width <integer>¶
Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
- --fit-width¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
- --print-empty¶
Print empty table if there is no data to show.
- --sort-column SORT_COLUMN¶
specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
- --sort-ascending¶
sort the column(s) in ascending order
- --sort-descending¶
sort the column(s) in descending order
- --long¶
List additional fields in output
This command is provided by the python-neutronclient plugin.
vpn ipsec policy set¶
Set IPsec policy properties
openstack vpn ipsec policy set
[--description <description>]
[--auth-algorithm {sha1,sha256,sha384,sha512}]
[--encapsulation-mode {tunnel,transport}]
[--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
[--lifetime units=UNITS,value=VALUE]
[--pfs {group2,group5,group14}]
[--transform-protocol {esp,ah,ah-esp}]
[--name <name>]
<ipsec-policy>
- --description <description>¶
Description of the IPsec policy
- --auth-algorithm <AUTH_ALGORITHM>¶
Authentication algorithm for IPsec policy
- --encapsulation-mode <ENCAPSULATION_MODE>¶
Encapsulation mode for IPsec policy
- --encryption-algorithm <ENCRYPTION_ALGORITHM>¶
Encryption algorithm for IPsec policy
- --lifetime units=UNITS,value=VALUE¶
IPsec lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.
- --pfs <PFS>¶
Perfect Forward Secrecy for IPsec policy
- --transform-protocol <TRANSFORM_PROTOCOL>¶
Transform protocol for IPsec policy
- --name <name>¶
Name of the IPsec policy
- ipsec-policy¶
IPsec policy to set (name or ID)
This command is provided by the python-neutronclient plugin.
vpn ipsec policy show¶
Display IPsec policy details
openstack vpn ipsec policy show
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
<ipsec-policy>
- -f <FORMATTER>, --format <FORMATTER>¶
the output format, defaults to table
- -c COLUMN, --column COLUMN¶
specify the column(s) to include, can be repeated to show multiple columns
- --noindent¶
whether to disable indenting the JSON
- --prefix <PREFIX>¶
add a prefix to all variable names
- --max-width <integer>¶
Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
- --fit-width¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
- --print-empty¶
Print empty table if there is no data to show.
- ipsec-policy¶
IPsec policy to display (name or ID)
This command is provided by the python-neutronclient plugin.
