VPN IKE Policy¶
The IKE Policy is used for phases one and two negotiation of the VPN connection. You can specify both the authentication and encryption algorithms for connections.
Network v2
vpn ike policy create¶
Create an IKE policy
openstack vpn ike policy create
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--description <description>]
[--auth-algorithm {sha1,sha256,sha384,sha512}]
[--encryption-algorithm {aes-128,3des,aes-192,aes-256}]
[--phase1-negotiation-mode {main,aggressive}]
[--ike-version {v1,v2}]
[--pfs {group5,group2,group14}]
[--lifetime units=UNITS,value=VALUE]
[--project <project>]
[--project-domain <project-domain>]
<name>
-
-f
<FORMATTER>
,
--format
<FORMATTER>
¶ the output format, defaults to table
-
-c
COLUMN
,
--column
COLUMN
¶ specify the column(s) to include, can be repeated to show multiple columns
-
--noindent
¶
whether to disable indenting the JSON
-
--prefix
<PREFIX>
¶ add a prefix to all variable names
-
--max-width
<integer>
¶ Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
-
--fit-width
¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
-
--print-empty
¶
Print empty table if there is no data to show.
-
--description
<description>
¶ Description of the IKE policy
-
--auth-algorithm
<AUTH_ALGORITHM>
¶ Authentication algorithm
-
--encryption-algorithm
<ENCRYPTION_ALGORITHM>
¶ Encryption algorithm
-
--phase1-negotiation-mode
<PHASE1_NEGOTIATION_MODE>
¶ IKE Phase1 negotiation mode
-
--ike-version
<IKE_VERSION>
¶ IKE version for the policy
-
--pfs
<PFS>
¶ Perfect Forward Secrecy
-
--lifetime
units=UNITS,value=VALUE
¶ IKE lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.
-
--project
<project>
¶ Owner’s project (name or ID)
-
--project-domain
<project-domain>
¶ Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
-
name
¶
Name of the IKE policy
This command is provided by the python-neutronclient plugin.
vpn ike policy delete¶
Delete IKE policy (policies)
openstack vpn ike policy delete <ike-policy> [<ike-policy> ...]
-
ike-policy
¶
IKE policy to delete (name or ID)
This command is provided by the python-neutronclient plugin.
vpn ike policy list¶
List IKE policies that belong to a given project
openstack vpn ike policy list
[-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--quote {all,minimal,none,nonnumeric}]
[--noindent]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--long]
-
-f
<FORMATTER>
,
--format
<FORMATTER>
¶ the output format, defaults to table
-
-c
COLUMN
,
--column
COLUMN
¶ specify the column(s) to include, can be repeated to show multiple columns
-
--quote
<QUOTE_MODE>
¶ when to include quotes, defaults to nonnumeric
-
--noindent
¶
whether to disable indenting the JSON
-
--max-width
<integer>
¶ Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
-
--fit-width
¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
-
--print-empty
¶
Print empty table if there is no data to show.
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--sort-ascending
¶
sort the column(s) in ascending order
-
--sort-descending
¶
sort the column(s) in descending order
-
--long
¶
List additional fields in output
This command is provided by the python-neutronclient plugin.
vpn ike policy set¶
Set IKE policy properties
openstack vpn ike policy set
[--description <description>]
[--auth-algorithm {sha1,sha256,sha384,sha512}]
[--encryption-algorithm {aes-128,3des,aes-192,aes-256}]
[--phase1-negotiation-mode {main,aggressive}]
[--ike-version {v1,v2}]
[--pfs {group5,group2,group14}]
[--lifetime units=UNITS,value=VALUE]
[--name <name>]
<ike-policy>
-
--description
<description>
¶ Description of the IKE policy
-
--auth-algorithm
<AUTH_ALGORITHM>
¶ Authentication algorithm
-
--encryption-algorithm
<ENCRYPTION_ALGORITHM>
¶ Encryption algorithm
-
--phase1-negotiation-mode
<PHASE1_NEGOTIATION_MODE>
¶ IKE Phase1 negotiation mode
-
--ike-version
<IKE_VERSION>
¶ IKE version for the policy
-
--pfs
<PFS>
¶ Perfect Forward Secrecy
-
--lifetime
units=UNITS,value=VALUE
¶ IKE lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.
-
--name
<name>
¶ Name of the IKE policy
-
ike-policy
¶
IKE policy to set (name or ID)
This command is provided by the python-neutronclient plugin.
vpn ike policy show¶
Display IKE policy details
openstack vpn ike policy show
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
<ike-policy>
-
-f
<FORMATTER>
,
--format
<FORMATTER>
¶ the output format, defaults to table
-
-c
COLUMN
,
--column
COLUMN
¶ specify the column(s) to include, can be repeated to show multiple columns
-
--noindent
¶
whether to disable indenting the JSON
-
--prefix
<PREFIX>
¶ add a prefix to all variable names
-
--max-width
<integer>
¶ Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
-
--fit-width
¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
-
--print-empty
¶
Print empty table if there is no data to show.
-
ike-policy
¶
IKE policy to display (name or ID)
This command is provided by the python-neutronclient plugin.