oracle / oracle.oci / 4.21.0 / module / oci_network_ip_sec_connection_tunnel_facts Fetches details about one or multiple IpSecConnectionTunnel resources in Oracle Cloud Infrastructure | "added in version" 2.9.0 of oracle.oci" Authors: Oracle (@oracle) preview | supported by communityoracle.oci.oci_network_ip_sec_connection_tunnel_facts (4.21.0) — module
Install with ansible-galaxy collection install oracle.oci:==4.21.0
collections: - name: oracle.oci version: 4.21.0
Fetches details about one or multiple IpSecConnectionTunnel resources in Oracle Cloud Infrastructure
Lists the tunnel information for the specified IPSec connection.
If I(tunnel_id) is specified, the details of a single IpSecConnectionTunnel will be returned.
- name: Get a specific ip_sec_connection_tunnel oci_network_ip_sec_connection_tunnel_facts: # required tunnel_id: "ocid1.tunnel.oc1..xxxxxxEXAMPLExxxxxx" ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx"
- name: List ip_sec_connection_tunnels oci_network_ip_sec_connection_tunnel_facts: # required ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx"
region: description: - The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See C(config_file_location)). Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm) for more information on OCI regions. type: str ipsc_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the IPSec connection. required: true type: str tenancy: description: - OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See C(config_file_location)). To get the tenancy OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm) type: str api_user: description: - The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See C(config_file_location)). To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str auth_type: choices: - api_key - instance_principal - instance_obo_user - resource_principal default: api_key description: - The type of authentication to use for making API requests. By default C(auth_type="api_key") based authentication is performed and the API key (see I(api_user_key_file)) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal") to use instance principal based authentication when running ansible playbooks within an OCI compute instance. type: str tunnel_id: aliases: - id description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the tunnel. - Required to get a specific ip_sec_connection_tunnel. type: str cert_bundle: description: - The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used. type: str auth_purpose: choices: - service_principal description: - The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None. type: str display_name: description: Use I(display_name) along with the other options to return only resources that match the given display name exactly. type: str api_user_key_file: description: - Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See C(config_file_location)). If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option must also be provided. type: str config_profile_name: description: - The profile to load from the config file referenced by C(config_file_location). If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location). type: str api_user_fingerprint: description: - Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See C(config_file_location)). To get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str config_file_location: description: - Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config. type: str api_user_key_pass_phrase: description: - Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See C(config_file_location)). type: str realm_specific_endpoint_template_enabled: description: - Enable/Disable realm specific endpoint template for service client. By Default, realm specific endpoint template is disabled. If not set, then the value of the OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used. type: bool
ip_sec_connection_tunnels: contains: bgp_session_info: contains: bgp_ipv6_state: description: - The state of the BGP IPv6 session. returned: on success sample: UP type: str bgp_state: description: - The state of the BGP session. returned: on success sample: UP type: str customer_bgp_asn: description: - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format. - If the tunnel uses static routing, the `customerBgpAsn` must be null. - 'Example: `12345` (2-byte) or `1587232876` (4-byte)' returned: on success sample: customer_bgp_asn_example type: str customer_interface_ip: description: - The IP address for the CPE end of the inside tunnel interface. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is required and used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, this IP address is optional. You can set this IP address so you can troubleshoot or monitor the tunnel. - The value must be a /30 or /31. - 'Example: `10.0.0.5/31`' returned: on success sample: customer_interface_ip_example type: str customer_interface_ipv6: description: - The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - Only subnet masks from /64 up to /127 are allowed. - 'Example: `2001:db8::1/64`' returned: on success sample: customer_interface_ipv6_example type: str oracle_bgp_asn: description: - The Oracle BGP ASN. returned: on success sample: oracle_bgp_asn_example type: str oracle_interface_ip: description: - The IP address for the Oracle end of the inside tunnel interface. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is required and used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, this IP address is optional. You can set this IP address so you can troubleshoot or monitor the tunnel. - The value must be a /30 or /31. - 'Example: `10.0.0.4/31`' returned: on success sample: oracle_interface_ip_example type: str oracle_interface_ipv6: description: - The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - Only subnet masks from /64 up to /127 are allowed. - 'Example: `2001:db8::1/64`' returned: on success sample: oracle_interface_ipv6_example type: str description: - '' returned: on success type: complex compartment_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the tunnel. returned: on success sample: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx type: str cpe_ip: description: - The IP address of the CPE device's VPN headend. - 'Example: `203.0.113.22`' returned: on success sample: cpe_ip_example type: str display_name: description: - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. returned: on success sample: display_name_example type: str dpd_mode: description: - Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests. returned: on success sample: INITIATE_AND_RESPOND type: str dpd_timeout_in_sec: description: - DPD timeout in seconds. returned: on success sample: 56 type: int encryption_domain_config: contains: cpe_traffic_selector: description: - Lists IPv4 or IPv6-enabled subnets in your on-premises network. returned: on success sample: [] type: list oracle_traffic_selector: description: - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy. returned: on success sample: [] type: list description: - '' returned: on success type: complex id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the tunnel. returned: on success sample: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx type: str ike_version: description: - Internet Key Exchange protocol version. returned: on success sample: V1 type: str lifecycle_state: description: - The tunnel's lifecycle state. returned: on success sample: PROVISIONING type: str nat_translation_enabled: description: - By default (the `AUTO` setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T. - The `ENABLED` option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets. - The `DISABLED` option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use. - . returned: on success sample: ENABLED type: str oracle_can_initiate: description: - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device, or both respond to and initiate requests. returned: on success sample: INITIATOR_OR_RESPONDER type: str phase_one_details: contains: custom_authentication_algorithm: description: - The proposed custom authentication algorithm. returned: on success sample: custom_authentication_algorithm_example type: str custom_dh_group: description: - The proposed custom Diffie-Hellman group. returned: on success sample: custom_dh_group_example type: str custom_encryption_algorithm: description: - The proposed custom encryption algorithm. returned: on success sample: custom_encryption_algorithm_example type: str is_custom_phase_one_config: description: - Indicates whether custom phase one configuration is enabled. If this option is not enabled, default settings are proposed. returned: on success sample: true type: bool is_ike_established: description: - Indicates whether IKE phase one is established. returned: on success sample: true type: bool lifetime: description: - The total configured lifetime of the IKE security association. returned: on success sample: 56 type: int negotiated_authentication_algorithm: description: - The negotiated authentication algorithm. returned: on success sample: negotiated_authentication_algorithm_example type: str negotiated_dh_group: description: - The negotiated Diffie-Hellman group. returned: on success sample: negotiated_dh_group_example type: str negotiated_encryption_algorithm: description: - The negotiated encryption algorithm. returned: on success sample: negotiated_encryption_algorithm_example type: str remaining_lifetime: description: - The remaining lifetime before the key is refreshed. returned: on success sample: 56 type: int remaining_lifetime_last_retrieved: description: - The date and time we retrieved the remaining lifetime, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str description: - '' returned: on success type: complex phase_two_details: contains: custom_authentication_algorithm: description: - Phase two authentication algorithm proposed during tunnel negotiation. returned: on success sample: custom_authentication_algorithm_example type: str custom_encryption_algorithm: description: - The proposed custom phase two encryption algorithm. returned: on success sample: custom_encryption_algorithm_example type: str dh_group: description: - The proposed Diffie-Hellman group. returned: on success sample: dh_group_example type: str is_custom_phase_two_config: description: - Indicates whether custom phase two configuration is enabled. If this option is not enabled, default settings are proposed. returned: on success sample: true type: bool is_esp_established: description: - Indicates that ESP phase two is established. returned: on success sample: true type: bool is_pfs_enabled: description: - Indicates that PFS (perfect forward secrecy) is enabled. returned: on success sample: true type: bool lifetime: description: - The total configured lifetime of the IKE security association. returned: on success sample: 56 type: int negotiated_authentication_algorithm: description: - The negotiated phase two authentication algorithm. returned: on success sample: negotiated_authentication_algorithm_example type: str negotiated_dh_group: description: - The negotiated Diffie-Hellman group. returned: on success sample: negotiated_dh_group_example type: str negotiated_encryption_algorithm: description: - The negotiated encryption algorithm. returned: on success sample: negotiated_encryption_algorithm_example type: str remaining_lifetime: description: - The remaining lifetime before the key is refreshed. returned: on success sample: 56 type: int remaining_lifetime_last_retrieved: description: - The date and time the remaining lifetime was last retrieved, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str description: - '' returned: on success type: complex routing: description: - The type of routing used for this tunnel (BGP dynamic routing, static routing, or policy-based routing). returned: on success sample: BGP type: str status: description: - The status of the tunnel based on IPSec protocol characteristics. returned: on success sample: UP type: str time_created: description: - The date and time the IPSec tunnel was created, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str time_status_updated: description: - When the status of the IPSec tunnel last changed, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str vpn_ip: description: - The IP address of the Oracle VPN headend for the connection. - 'Example: `203.0.113.21`' returned: on success sample: vpn_ip_example type: str description: - List of IpSecConnectionTunnel resources returned: on success sample: - bgp_session_info: bgp_ipv6_state: UP bgp_state: UP customer_bgp_asn: customer_bgp_asn_example customer_interface_ip: customer_interface_ip_example customer_interface_ipv6: customer_interface_ipv6_example oracle_bgp_asn: oracle_bgp_asn_example oracle_interface_ip: oracle_interface_ip_example oracle_interface_ipv6: oracle_interface_ipv6_example compartment_id: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx cpe_ip: cpe_ip_example display_name: display_name_example dpd_mode: INITIATE_AND_RESPOND dpd_timeout_in_sec: 56 encryption_domain_config: cpe_traffic_selector: [] oracle_traffic_selector: [] id: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx ike_version: V1 lifecycle_state: PROVISIONING nat_translation_enabled: ENABLED oracle_can_initiate: INITIATOR_OR_RESPONDER phase_one_details: custom_authentication_algorithm: custom_authentication_algorithm_example custom_dh_group: custom_dh_group_example custom_encryption_algorithm: custom_encryption_algorithm_example is_custom_phase_one_config: true is_ike_established: true lifetime: 56 negotiated_authentication_algorithm: negotiated_authentication_algorithm_example negotiated_dh_group: negotiated_dh_group_example negotiated_encryption_algorithm: negotiated_encryption_algorithm_example remaining_lifetime: 56 remaining_lifetime_last_retrieved: '2013-10-20T19:20:30+01:00' phase_two_details: custom_authentication_algorithm: custom_authentication_algorithm_example custom_encryption_algorithm: custom_encryption_algorithm_example dh_group: dh_group_example is_custom_phase_two_config: true is_esp_established: true is_pfs_enabled: true lifetime: 56 negotiated_authentication_algorithm: negotiated_authentication_algorithm_example negotiated_dh_group: negotiated_dh_group_example negotiated_encryption_algorithm: negotiated_encryption_algorithm_example remaining_lifetime: 56 remaining_lifetime_last_retrieved: '2013-10-20T19:20:30+01:00' routing: BGP status: UP time_created: '2013-10-20T19:20:30+01:00' time_status_updated: '2013-10-20T19:20:30+01:00' vpn_ip: vpn_ip_example type: complex