Modifying a VPN Connection

You can modify the attributes of a VPN connection.

Modifying a VPN Connection Using OSC CLI

The UpdateVpnConnection command modifies the specified attributes of a VPN connection.

Request sample
$ osc-cli api UpdateVpnConnection --profile "default" \
    --VpnConnectionId "vpn-12345678" \
    --VpnOptions '{
        "TunnelInsideIpRange": "169.254.254.22/30",
      }'

This command contains the following attributes that you need to specify:

  • ClientGatewayId: (optional) The ID of the client gateway.

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • VirtualGatewayId: (optional) The ID of the virtual gateway.

  • VpnConnectionId: The ID of the VPN connection you want to modify.

  • VpnOptions: (optional) Information about the VPN options.

    • Phase1Options: (optional) Information about Phase 1 of the Internet Key Exchange (IKE) negotiation. When Phase 1 finishes successfully, peers proceed to Phase 2 negotiations.

      • DpdTimeoutAction: (optional) The action to carry out after a Dead Peer Detection (DPD) timeout occurs.

      • DpdTimeoutSeconds: (optional) The maximum waiting time for a Dead Peer Detection (DPD) response before considering the peer as dead, in seconds.

      • IkeVersions: (optional) The Internet Key Exchange (IKE) versions allowed for the VPN tunnel.

      • Phase1DhGroupNumbers: (optional) The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 1.

      • Phase1EncryptionAlgorithms: (optional) The encryption algorithms allowed for the VPN tunnel for phase 1.

      • Phase1IntegrityAlgorithms: (optional) The integrity algorithms allowed for the VPN tunnel for phase 1.

      • Phase1LifetimeSeconds: (optional) The lifetime for phase 1 of the IKE negotiation process, in seconds.

      • ReplayWindowSize: (optional) The number of packets in an IKE replay window.

      • StartupAction: (optional) The action to carry out when establishing tunnels for a VPN connection.

    • Phase2Options: (optional) Information about Phase 2 of the Internet Key Exchange (IKE) negotiation.

      • Phase2DhGroupNumbers: (optional) The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 2.

      • Phase2EncryptionAlgorithms: (optional) The encryption algorithms allowed for the VPN tunnel for phase 2.

      • Phase2IntegrityAlgorithms: (optional) The integrity algorithms allowed for the VPN tunnel for phase 2.

      • Phase2LifetimeSeconds: (optional) The lifetime for phase 2 of the Internet Key Exchange (IKE) negociation process, in seconds.

      • PreSharedKey: (optional) The pre-shared key to establish the initial authentication between the client gateway and the virtual gateway. This key can contain any character except line breaks and double quotes (").

    • TunnelInsideIpRange: (optional) The range of inside IPs for the tunnel. This must be a /30 CIDR block from the 169.254.254.0/24 range.

The UpdateVpnConnection command returns the following elements:

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

  • VpnConnection: Information about a VPN connection.

    • ClientGatewayConfiguration: Example configuration for the client gateway.

    • ClientGatewayId: The ID of the client gateway used on the client end of the connection.

    • ConnectionType: The type of VPN connection (always ipsec.1).

    • Routes: Information about one or more static routes associated with the VPN connection, if any.

      • DestinationIpRange: The IP range used for the destination match, in CIDR notation (for example, 10.0.0.0/24).

      • RouteType: The type of route (always static).

      • State: The current state of the static route (pending | available | deleting | deleted).

    • State: The state of the VPN connection (pending | available | deleting | deleted).

    • StaticRoutesOnly: If false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If true, routing is controlled using static routes. For more information about how to create and delete static routes, see CreateVpnConnectionRoute and DeleteVpnConnectionRoute.

    • Tags: One or more tags associated with the VPN connection.

      • Key: The key of the tag, with a minimum of 1 character.

      • Value: The value of the tag, between 0 and 255 characters.

    • VgwTelemetries: Information about the current state of one or more of the VPN tunnels.

      • AcceptedRouteCount: The number of routes accepted through BGP (Border Gateway Protocol) route exchanges.

      • LastStateChangeDate: The date and time (UTC) of the latest state update.

      • OutsideIpAddress: The IP on the OUTSCALE side of the tunnel.

      • State: The state of the IPSEC tunnel (UP | DOWN).

      • StateDescription: A description of the current state of the tunnel.

    • VirtualGatewayId: The ID of the virtual gateway used on the OUTSCALE end of the connection.

    • VpnConnectionId: The ID of the VPN connection.

    • VpnOptions: Information about the VPN options.

      • Phase1Options: Information about Phase 1 of the Internet Key Exchange (IKE) negotiation. When Phase 1 finishes successfully, peers proceed to Phase 2 negotiations.

        • DpdTimeoutAction: The action to carry out after a Dead Peer Detection (DPD) timeout occurs.

        • DpdTimeoutSeconds: The maximum waiting time for a Dead Peer Detection (DPD) response before considering the peer as dead, in seconds.

        • IkeVersions: The Internet Key Exchange (IKE) versions allowed for the VPN tunnel.

        • Phase1DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 1.

        • Phase1EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 1.

        • Phase1IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 1.

        • Phase1LifetimeSeconds: The lifetime for phase 1 of the IKE negotiation process, in seconds.

        • ReplayWindowSize: The number of packets in an IKE replay window.

        • StartupAction: The action to carry out when establishing tunnels for a VPN connection.

      • Phase2Options: Information about Phase 2 of the Internet Key Exchange (IKE) negotiation.

        • Phase2DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 2.

        • Phase2EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 2.

        • Phase2IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 2.

        • Phase2LifetimeSeconds: The lifetime for phase 2 of the Internet Key Exchange (IKE) negociation process, in seconds.

        • PreSharedKey: The pre-shared key to establish the initial authentication between the client gateway and the virtual gateway. This key can contain any character except line breaks and double quotes (").

      • TunnelInsideIpRange: The range of inside IPs for the tunnel. This must be a /30 CIDR block from the 169.254.254.0/24 range.

Result sample
{
  "VpnConnection": {
    "VpnOptions": {
      "TunnelInsideIpRange": "169.254.254.22/30"
    },
    "Routes": [],
    "Tags": [],
    "ClientGatewayConfiguration": "...",
    "StaticRoutesOnly": true,
    "VirtualGatewayId": "vgw-12345678",
    "ConnectionType": "ipsec.1",
    "ClientGatewayId": "cgw-12345678",
    "State": "pending",
    "VgwTelemetries": [
      {
        "StateDescription": "IPSEC IS DOWN",
        "AcceptedRouteCount": 0,
        "LastStateChangeDate": "2017-05-10T12:34:56.789Z",
        "OutsideIpAddress": "192.0.2.0"
      }
    ],
    "VpnConnectionId": "vpn-12345678"
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Related Pages

Corresponding API Method

Export to PDF