oracle / oracle.oci / 4.2.0 / module / oci_network_ip_sec_connection_tunnel Manage an IpSecConnectionTunnel resource in Oracle Cloud Infrastructure | "added in version" 2.9.0 of oracle.oci" Authors: Oracle (@oracle) preview | supported by communityoracle.oci.oci_network_ip_sec_connection_tunnel (4.2.0) — module
Install with ansible-galaxy collection install oracle.oci:==4.2.0
collections: - name: oracle.oci version: 4.2.0
This module allows the user to update an IpSecConnectionTunnel resource in Oracle Cloud Infrastructure
- name: Update ip_sec_connection_tunnel oci_network_ip_sec_connection_tunnel: # required ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx" tunnel_id: "ocid1.tunnel.oc1..xxxxxxEXAMPLExxxxxx" # optional display_name: display_name_example routing: BGP ike_version: V1 bgp_session_config: # optional oracle_interface_ip: oracle_interface_ip_example customer_interface_ip: customer_interface_ip_example oracle_interface_ipv6: oracle_interface_ipv6_example customer_interface_ipv6: customer_interface_ipv6_example customer_bgp_asn: customer_bgp_asn_example oracle_initiation: INITIATOR_OR_RESPONDER nat_translation_enabled: ENABLED phase_one_config: # optional is_custom_phase_one_config: true authentication_algorithm: SHA2_384 encryption_algorithm: AES_256_CBC diffie_helman_group: GROUP2 lifetime_in_seconds: 56 phase_two_config: # optional is_custom_phase_two_config: true authentication_algorithm: HMAC_SHA2_256_128 encryption_algorithm: AES_256_GCM lifetime_in_seconds: 56 is_pfs_enabled: true pfs_dh_group: GROUP2 dpd_config: # optional dpd_mode: INITIATE_AND_RESPOND dpd_timeout_in_sec: 56 encryption_domain_config: # optional oracle_traffic_selector: [ "oracle_traffic_selector_example" ] cpe_traffic_selector: [ "cpe_traffic_selector_example" ]
- name: Update ip_sec_connection_tunnel using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set) oci_network_ip_sec_connection_tunnel: # required ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx" display_name: display_name_example # optional routing: BGP ike_version: V1 bgp_session_config: # optional oracle_interface_ip: oracle_interface_ip_example customer_interface_ip: customer_interface_ip_example oracle_interface_ipv6: oracle_interface_ipv6_example customer_interface_ipv6: customer_interface_ipv6_example customer_bgp_asn: customer_bgp_asn_example oracle_initiation: INITIATOR_OR_RESPONDER nat_translation_enabled: ENABLED phase_one_config: # optional is_custom_phase_one_config: true authentication_algorithm: SHA2_384 encryption_algorithm: AES_256_CBC diffie_helman_group: GROUP2 lifetime_in_seconds: 56 phase_two_config: # optional is_custom_phase_two_config: true authentication_algorithm: HMAC_SHA2_256_128 encryption_algorithm: AES_256_GCM lifetime_in_seconds: 56 is_pfs_enabled: true pfs_dh_group: GROUP2 dpd_config: # optional dpd_mode: INITIATE_AND_RESPOND dpd_timeout_in_sec: 56 encryption_domain_config: # optional oracle_traffic_selector: [ "oracle_traffic_selector_example" ] cpe_traffic_selector: [ "cpe_traffic_selector_example" ]
wait: default: true description: Whether to wait for create or delete operation to complete. type: bool state: choices: - present default: present description: - The state of the IpSecConnectionTunnel. - Use I(state=present) to update an existing an IpSecConnectionTunnel. required: false type: str region: description: - The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See C(config_file_location)). Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm) for more information on OCI regions. type: str ipsc_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the IPSec connection. required: true type: str routing: choices: - BGP - STATIC - POLICY description: - The type of routing to use for this tunnel (BGP dynamic routing, static routing, or policy-based routing). - This parameter is updatable. type: str tenancy: description: - OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See C(config_file_location)). To get the tenancy OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm) type: str api_user: description: - The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See C(config_file_location)). To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str auth_type: choices: - api_key - instance_principal - instance_obo_user - resource_principal default: api_key description: - The type of authentication to use for making API requests. By default C(auth_type="api_key") based authentication is performed and the API key (see I(api_user_key_file)) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal") to use instance principal based authentication when running ansible playbooks within an OCI compute instance. type: str tunnel_id: aliases: - id description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the tunnel. - Required for update using I(state=present) when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is not set. type: str dpd_config: description: - '' - This parameter is updatable. suboptions: dpd_mode: choices: - INITIATE_AND_RESPOND - RESPOND_ONLY description: - This option defines whether DPD can be initiated from the Oracle side of the connection. - This parameter is updatable. type: str dpd_timeout_in_sec: description: - DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds. - This parameter is updatable. type: int type: dict cert_bundle: description: - The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used. type: str ike_version: choices: - V1 - V2 description: - Internet Key Exchange protocol version. - This parameter is updatable. type: str auth_purpose: choices: - service_principal description: - The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None. type: str display_name: aliases: - name description: - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. - Required for update when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is set. - This parameter is updatable when C(OCI_USE_NAME_AS_IDENTIFIER) is not set. type: str wait_timeout: description: Time, in seconds, to wait when I(wait=yes). Defaults to 1200 for most of the services but some services might have a longer wait timeout. type: int phase_one_config: description: - '' - This parameter is updatable. suboptions: authentication_algorithm: choices: - SHA2_384 - SHA2_256 - SHA1_96 description: - The custom authentication algorithm proposed during phase one tunnel negotiation. - This parameter is updatable. type: str diffie_helman_group: choices: - GROUP2 - GROUP5 - GROUP14 - GROUP19 - GROUP20 - GROUP24 description: - The custom Diffie-Hellman group proposed during phase one tunnel negotiation. - This parameter is updatable. type: str encryption_algorithm: choices: - AES_256_CBC - AES_192_CBC - AES_128_CBC description: - The custom encryption algorithm proposed during phase one tunnel negotiation. - This parameter is updatable. type: str is_custom_phase_one_config: description: - Indicates whether custom configuration is enabled for phase one options. - This parameter is updatable. type: bool lifetime_in_seconds: description: - Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours. - This parameter is updatable. type: int type: dict phase_two_config: description: - '' - This parameter is updatable. suboptions: authentication_algorithm: choices: - HMAC_SHA2_256_128 - HMAC_SHA1_128 description: - The authentication algorithm proposed during phase two tunnel negotiation. - This parameter is updatable. type: str encryption_algorithm: choices: - AES_256_GCM - AES_192_GCM - AES_128_GCM - AES_256_CBC - AES_192_CBC - AES_128_CBC description: - The encryption algorithm proposed during phase two tunnel negotiation. - This parameter is updatable. type: str is_custom_phase_two_config: description: - Indicates whether custom configuration is enabled for phase two options. - This parameter is updatable. type: bool is_pfs_enabled: description: - Indicates whether perfect forward secrecy (PFS) is enabled. - This parameter is updatable. type: bool lifetime_in_seconds: description: - Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour. - This parameter is updatable. type: int pfs_dh_group: choices: - GROUP2 - GROUP5 - GROUP14 - GROUP19 - GROUP20 - GROUP24 description: - The Diffie-Hellman group used for PFS, if PFS is enabled. - This parameter is updatable. type: str type: dict api_user_key_file: description: - Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See C(config_file_location)). If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option must also be provided. type: str oracle_initiation: choices: - INITIATOR_OR_RESPONDER - RESPONDER_ONLY description: - Indicates whether the Oracle end of the IPSec connection is able to initiate starting up the IPSec tunnel. - This parameter is updatable. type: str bgp_session_config: description: - '' - This parameter is updatable. suboptions: customer_bgp_asn: description: - The BGP ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format. - If you are switching the tunnel from using BGP dynamic routing to static routing, the `customerBgpAsn` must be null. - 'Example: `12345` (2-byte) or `1587232876` (4-byte)' - This parameter is updatable. type: str customer_interface_ip: description: - The IP address for the CPE end of the inside tunnel interface. - If the tunnel's `routing` attribute is set to `BGP` (see L(UpdateIPSecConnectionTunnelDetails,https://docs.cloud.oracle.com/en- us/iaas/api/#/en/iaas/latest/datatypes/UpdateIPSecConnectionTunnelDetails)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - The value must be a /30 or /31. - If you are switching the tunnel from using BGP dynamic routing to static routing and want to remove the value for `customerInterfaceIp`, you can set the value to an empty string. - 'Example: `10.0.0.5/31`' - This parameter is updatable. type: str customer_interface_ipv6: description: - The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - Only subnet masks from /64 up to /127 are allowed. - 'Example: `2001:db8::1/64`' - This parameter is updatable. type: str oracle_interface_ip: description: - The IP address for the Oracle end of the inside tunnel interface. - If the tunnel's `routing` attribute is set to `BGP` (see L(UpdateIPSecConnectionTunnelDetails,https://docs.cloud.oracle.com/en- us/iaas/api/#/en/iaas/latest/datatypes/UpdateIPSecConnectionTunnelDetails)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - The value must be a /30 or /31. - If you are switching the tunnel from using BGP dynamic routing to static routing and want to remove the value for `oracleInterfaceIp`, you can set the value to an empty string. - 'Example: `10.0.0.4/31`' - This parameter is updatable. type: str oracle_interface_ipv6: description: - The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - Only subnet masks from /64 up to /127 are allowed. - 'Example: `2001:db8::1/64`' - This parameter is updatable. type: str type: dict config_profile_name: description: - The profile to load from the config file referenced by C(config_file_location). If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location). type: str api_user_fingerprint: description: - Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See C(config_file_location)). To get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str config_file_location: description: - Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config. type: str nat_translation_enabled: choices: - ENABLED - DISABLED - AUTO description: - By default (the `AUTO` setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T. - The `ENABLED` option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets. - The `DISABLED` option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use. - This parameter is updatable. type: str api_user_key_pass_phrase: description: - Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See C(config_file_location)). type: str encryption_domain_config: description: - '' - This parameter is updatable. suboptions: cpe_traffic_selector: description: - Lists IPv4 or IPv6-enabled subnets in your on-premises network. - This parameter is updatable. elements: str type: list oracle_traffic_selector: description: - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy. - This parameter is updatable. elements: str type: list type: dict
ip_sec_connection_tunnel: contains: bgp_session_info: contains: bgp_ipv6_state: description: - The state of the BGP IPv6 session. returned: on success sample: UP type: str bgp_state: description: - The state of the BGP session. returned: on success sample: UP type: str customer_bgp_asn: description: - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format. - If the tunnel uses static routing, the `customerBgpAsn` must be null. - 'Example: `12345` (2-byte) or `1587232876` (4-byte)' returned: on success sample: customer_bgp_asn_example type: str customer_interface_ip: description: - The IP address for the CPE end of the inside tunnel interface. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is required and used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, this IP address is optional. You can set this IP address so you can troubleshoot or monitor the tunnel. - The value must be a /30 or /31. - 'Example: `10.0.0.5/31`' returned: on success sample: customer_interface_ip_example type: str customer_interface_ipv6: description: - The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - Only subnet masks from /64 up to /127 are allowed. - 'Example: `2001:db8::1/64`' returned: on success sample: customer_interface_ipv6_example type: str oracle_bgp_asn: description: - The Oracle BGP ASN. returned: on success sample: oracle_bgp_asn_example type: str oracle_interface_ip: description: - The IP address for the Oracle end of the inside tunnel interface. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is required and used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, this IP address is optional. You can set this IP address so you can troubleshoot or monitor the tunnel. - The value must be a /30 or /31. - 'Example: `10.0.0.4/31`' returned: on success sample: oracle_interface_ip_example type: str oracle_interface_ipv6: description: - The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - Only subnet masks from /64 up to /127 are allowed. - 'Example: `2001:db8::1/64`' returned: on success sample: oracle_interface_ipv6_example type: str description: - '' returned: on success type: complex compartment_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the tunnel. returned: on success sample: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx type: str cpe_ip: description: - The IP address of the CPE device's VPN headend. - 'Example: `203.0.113.22`' returned: on success sample: cpe_ip_example type: str display_name: description: - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. returned: on success sample: display_name_example type: str dpd_mode: description: - Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests. returned: on success sample: INITIATE_AND_RESPOND type: str dpd_timeout_in_sec: description: - DPD timeout in seconds. returned: on success sample: 56 type: int encryption_domain_config: contains: cpe_traffic_selector: description: - Lists IPv4 or IPv6-enabled subnets in your on-premises network. returned: on success sample: [] type: list oracle_traffic_selector: description: - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy. returned: on success sample: [] type: list description: - '' returned: on success type: complex id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the tunnel. returned: on success sample: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx type: str ike_version: description: - Internet Key Exchange protocol version. returned: on success sample: V1 type: str lifecycle_state: description: - The tunnel's lifecycle state. returned: on success sample: PROVISIONING type: str nat_translation_enabled: description: - By default (the `AUTO` setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T. - The `ENABLED` option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets. - The `DISABLED` option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use. - . returned: on success sample: ENABLED type: str oracle_can_initiate: description: - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device, or both respond to and initiate requests. returned: on success sample: INITIATOR_OR_RESPONDER type: str phase_one_details: contains: custom_authentication_algorithm: description: - The proposed custom authentication algorithm. returned: on success sample: custom_authentication_algorithm_example type: str custom_dh_group: description: - The proposed custom Diffie-Hellman group. returned: on success sample: custom_dh_group_example type: str custom_encryption_algorithm: description: - The proposed custom encryption algorithm. returned: on success sample: custom_encryption_algorithm_example type: str is_custom_phase_one_config: description: - Indicates whether custom phase one configuration is enabled. If this option is not enabled, default settings are proposed. returned: on success sample: true type: bool is_ike_established: description: - Indicates whether IKE phase one is established. returned: on success sample: true type: bool lifetime: description: - The total configured lifetime of the IKE security association. returned: on success sample: 56 type: int negotiated_authentication_algorithm: description: - The negotiated authentication algorithm. returned: on success sample: negotiated_authentication_algorithm_example type: str negotiated_dh_group: description: - The negotiated Diffie-Hellman group. returned: on success sample: negotiated_dh_group_example type: str negotiated_encryption_algorithm: description: - The negotiated encryption algorithm. returned: on success sample: negotiated_encryption_algorithm_example type: str remaining_lifetime: description: - The remaining lifetime before the key is refreshed. returned: on success sample: 56 type: int remaining_lifetime_last_retrieved: description: - The date and time we retrieved the remaining lifetime, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str description: - '' returned: on success type: complex phase_two_details: contains: custom_authentication_algorithm: description: - Phase two authentication algorithm proposed during tunnel negotiation. returned: on success sample: custom_authentication_algorithm_example type: str custom_encryption_algorithm: description: - The proposed custom phase two encryption algorithm. returned: on success sample: custom_encryption_algorithm_example type: str dh_group: description: - The proposed Diffie-Hellman group. returned: on success sample: dh_group_example type: str is_custom_phase_two_config: description: - Indicates whether custom phase two configuration is enabled. If this option is not enabled, default settings are proposed. returned: on success sample: true type: bool is_esp_established: description: - Indicates that ESP phase two is established. returned: on success sample: true type: bool is_pfs_enabled: description: - Indicates that PFS (perfect forward secrecy) is enabled. returned: on success sample: true type: bool lifetime: description: - The total configured lifetime of the IKE security association. returned: on success sample: 56 type: int negotiated_authentication_algorithm: description: - The negotiated phase two authentication algorithm. returned: on success sample: negotiated_authentication_algorithm_example type: str negotiated_dh_group: description: - The negotiated Diffie-Hellman group. returned: on success sample: negotiated_dh_group_example type: str negotiated_encryption_algorithm: description: - The negotiated encryption algorithm. returned: on success sample: negotiated_encryption_algorithm_example type: str remaining_lifetime: description: - The remaining lifetime before the key is refreshed. returned: on success sample: 56 type: int remaining_lifetime_last_retrieved: description: - The date and time the remaining lifetime was last retrieved, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str description: - '' returned: on success type: complex routing: description: - The type of routing used for this tunnel (BGP dynamic routing, static routing, or policy-based routing). returned: on success sample: BGP type: str status: description: - The status of the tunnel based on IPSec protocol characteristics. returned: on success sample: UP type: str time_created: description: - The date and time the IPSec tunnel was created, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str time_status_updated: description: - When the status of the IPSec tunnel last changed, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str vpn_ip: description: - The IP address of the Oracle VPN headend for the connection. - 'Example: `203.0.113.21`' returned: on success sample: vpn_ip_example type: str description: - Details of the IpSecConnectionTunnel resource acted upon by the current operation returned: on success sample: bgp_session_info: bgp_ipv6_state: UP bgp_state: UP customer_bgp_asn: customer_bgp_asn_example customer_interface_ip: customer_interface_ip_example customer_interface_ipv6: customer_interface_ipv6_example oracle_bgp_asn: oracle_bgp_asn_example oracle_interface_ip: oracle_interface_ip_example oracle_interface_ipv6: oracle_interface_ipv6_example compartment_id: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx cpe_ip: cpe_ip_example display_name: display_name_example dpd_mode: INITIATE_AND_RESPOND dpd_timeout_in_sec: 56 encryption_domain_config: cpe_traffic_selector: [] oracle_traffic_selector: [] id: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx ike_version: V1 lifecycle_state: PROVISIONING nat_translation_enabled: ENABLED oracle_can_initiate: INITIATOR_OR_RESPONDER phase_one_details: custom_authentication_algorithm: custom_authentication_algorithm_example custom_dh_group: custom_dh_group_example custom_encryption_algorithm: custom_encryption_algorithm_example is_custom_phase_one_config: true is_ike_established: true lifetime: 56 negotiated_authentication_algorithm: negotiated_authentication_algorithm_example negotiated_dh_group: negotiated_dh_group_example negotiated_encryption_algorithm: negotiated_encryption_algorithm_example remaining_lifetime: 56 remaining_lifetime_last_retrieved: '2013-10-20T19:20:30+01:00' phase_two_details: custom_authentication_algorithm: custom_authentication_algorithm_example custom_encryption_algorithm: custom_encryption_algorithm_example dh_group: dh_group_example is_custom_phase_two_config: true is_esp_established: true is_pfs_enabled: true lifetime: 56 negotiated_authentication_algorithm: negotiated_authentication_algorithm_example negotiated_dh_group: negotiated_dh_group_example negotiated_encryption_algorithm: negotiated_encryption_algorithm_example remaining_lifetime: 56 remaining_lifetime_last_retrieved: '2013-10-20T19:20:30+01:00' routing: BGP status: UP time_created: '2013-10-20T19:20:30+01:00' time_status_updated: '2013-10-20T19:20:30+01:00' vpn_ip: vpn_ip_example type: complex