oracle / oracle.oci / 4.43.0 / module / oci_network_ip_sec_connection Manage an IpSecConnection resource in Oracle Cloud Infrastructure | "added in version" 2.9.0 of oracle.oci" Authors: Oracle (@oracle) preview | supported by communityoracle.oci.oci_network_ip_sec_connection (4.43.0) — module
Install with ansible-galaxy collection install oracle.oci:==4.43.0
collections: - name: oracle.oci version: 4.43.0
This module allows the user to create, update and delete an IpSecConnection resource in Oracle Cloud Infrastructure
For I(state=present), creates a new IPSec connection between the specified DRG and CPE. For more information, see L(Site-to-Site VPN Overview,https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/overviewIPsec.htm).
If you configure at least one tunnel to use static routing, then in the request you must provide at least one valid static route (you're allowed a maximum of 10). For example: 10.0.0.0/16. If you configure both tunnels to use BGP dynamic routing, you can provide an empty list for the static routes. For more information, see the important note in L(IPSecConnection,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnection/).
For the purposes of access control, you must provide the L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment where you want the IPSec connection to reside. Notice that the IPSec connection doesn't have to be in the same compartment as the DRG, CPE, or other Networking Service components. If you're not sure which compartment to use, put the IPSec connection in the same compartment as the DRG. For more information about compartments and access control, see L(Overview of the IAM Service,https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/overview.htm).
You may optionally specify a *display name* for the IPSec connection, otherwise a default is provided. It does not have to be unique, and you can change it. Avoid entering confidential information.
After creating the IPSec connection, you need to configure your on-premises router with tunnel-specific information. For tunnel status and the required configuration information, see:
* L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/) * L(IPSecConnectionTunnelSharedSecret,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnelSharedSecret/)
For each tunnel, you need the IP address of Oracle's VPN headend and the shared secret (that is, the pre-shared key). For more information, see L(CPE Configuration,https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/configuringCPE.htm).
This resource has the following action operations in the M(oracle.oci.oci_network_ip_sec_connection_actions) module: change_compartment.
- name: Create ip_sec_connection oci_network_ip_sec_connection: # required compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx" cpe_id: "ocid1.cpe.oc1..xxxxxxEXAMPLExxxxxx" drg_id: "ocid1.drg.oc1..xxxxxxEXAMPLExxxxxx" static_routes: [ "static_routes_example" ] # optional tunnel_configuration: - # optional display_name: display_name_example routing: BGP ike_version: V1 shared_secret: shared_secret_example bgp_session_config: # optional oracle_interface_ip: oracle_interface_ip_example customer_interface_ip: customer_interface_ip_example oracle_interface_ipv6: oracle_interface_ipv6_example customer_interface_ipv6: customer_interface_ipv6_example customer_bgp_asn: customer_bgp_asn_example oracle_initiation: INITIATOR_OR_RESPONDER nat_translation_enabled: ENABLED phase_one_config: # optional is_custom_phase_one_config: true authentication_algorithm: SHA2_384 encryption_algorithm: AES_256_CBC diffie_helman_group: GROUP2 lifetime_in_seconds: 56 phase_two_config: # optional is_custom_phase_two_config: true authentication_algorithm: HMAC_SHA2_256_128 encryption_algorithm: AES_256_GCM lifetime_in_seconds: 56 is_pfs_enabled: true pfs_dh_group: GROUP2 dpd_config: # optional dpd_mode: INITIATE_AND_RESPOND dpd_timeout_in_sec: 56 encryption_domain_config: # optional oracle_traffic_selector: [ "oracle_traffic_selector_example" ] cpe_traffic_selector: [ "cpe_traffic_selector_example" ] defined_tags: {'Operations': {'CostCenter': 'US'}} display_name: display_name_example freeform_tags: {'Department': 'Finance'} cpe_local_identifier: cpe_local_identifier_example cpe_local_identifier_type: IP_ADDRESS
- name: Update ip_sec_connection oci_network_ip_sec_connection: # required ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx" # optional defined_tags: {'Operations': {'CostCenter': 'US'}} display_name: display_name_example freeform_tags: {'Department': 'Finance'} cpe_local_identifier: cpe_local_identifier_example cpe_local_identifier_type: IP_ADDRESS static_routes: [ "static_routes_example" ]
- name: Update ip_sec_connection using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set) oci_network_ip_sec_connection: # required compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx" display_name: display_name_example # optional defined_tags: {'Operations': {'CostCenter': 'US'}} freeform_tags: {'Department': 'Finance'} cpe_local_identifier: cpe_local_identifier_example cpe_local_identifier_type: IP_ADDRESS static_routes: [ "static_routes_example" ]
- name: Delete ip_sec_connection oci_network_ip_sec_connection: # required ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx" state: absent
- name: Delete ip_sec_connection using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set) oci_network_ip_sec_connection: # required compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx" display_name: display_name_example state: absent
wait: default: true description: Whether to wait for create or delete operation to complete. type: bool state: choices: - present - absent default: present description: - The state of the IpSecConnection. - Use I(state=present) to create or update an IpSecConnection. - Use I(state=absent) to delete an IpSecConnection. required: false type: str cpe_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the L(Cpe,https://docs.cloud.oracle.com/en- us/iaas/api/#/en/iaas/latest/Cpe/) object. - Required for create using I(state=present). type: str drg_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the DRG. - Required for create using I(state=present). type: str key_by: description: The list of attributes of this resource which should be used to uniquely identify an instance of the resource. By default, all the attributes of a resource are used to uniquely identify a resource. elements: str type: list region: description: - The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See C(config_file_location)). Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm) for more information on OCI regions. type: str ipsc_id: aliases: - id description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the IPSec connection. - Required for update using I(state=present) when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is not set. - Required for delete using I(state=absent) when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is not set. type: str tenancy: description: - OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See C(config_file_location)). To get the tenancy OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm) type: str api_user: description: - The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See C(config_file_location)). To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str auth_type: choices: - api_key - instance_principal - instance_obo_user - resource_principal - security_token default: api_key description: - The type of authentication to use for making API requests. By default C(auth_type="api_key") based authentication is performed and the API key (see I(api_user_key_file)) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal") to use instance principal based authentication when running ansible playbooks within an OCI compute instance. type: str cert_bundle: description: - The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used. type: str auth_purpose: choices: - service_principal description: - The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None. type: str defined_tags: description: - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see L(Resource Tags,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). - 'Example: `{"Operations": {"CostCenter": "42"}}`' - This parameter is updatable. type: dict display_name: aliases: - name description: - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. - Required for create, update, delete when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is set. - This parameter is updatable when C(OCI_USE_NAME_AS_IDENTIFIER) is not set. type: str force_create: default: false description: Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, and doesn't create the resource if it already exists. Setting this option to true, forcefully creates a copy of the resource, even if it already exists.This option is mutually exclusive with I(key_by). type: bool wait_timeout: description: Time, in seconds, to wait when I(wait=yes). Defaults to 1200 for most of the services but some services might have a longer wait timeout. type: int freeform_tags: description: - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see L(Resource Tags,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). - 'Example: `{"Department": "Finance"}`' - This parameter is updatable. type: dict static_routes: description: - Static routes to the CPE. A static route's CIDR must not be a multicast address or class E address. - Used for routing a given IPSec tunnel's traffic only if the tunnel is using static routing. If you configure at least one tunnel to use static routing, then you must provide at least one valid static route. If you configure both tunnels to use BGP dynamic routing, you can provide an empty list for the static routes. For more information, see the important note in L(IPSecConnection,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnection/). - The CIDR can be either IPv4 or IPv6. IPv6 addressing is supported for all commercial and government regions. See L(IPv6 Addresses,https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/ipv6.htm). - 'Example: `10.0.1.0/24`' - 'Example: `2001:db8::/32`' - Required for create using I(state=present). - This parameter is updatable. elements: str type: list compartment_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment to contain the IPSec connection. - Required for create using I(state=present). - Required for update when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is set. - Required for delete when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is set. type: str api_user_key_file: description: - Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See C(config_file_location)). If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option must also be provided. type: str config_profile_name: description: - The profile to load from the config file referenced by C(config_file_location). If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location). type: str api_user_fingerprint: description: - Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See C(config_file_location)). To get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str config_file_location: description: - Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config. type: str cpe_local_identifier: description: - Your identifier for your CPE device. Can be either an IP address or a hostname (specifically, the fully qualified domain name (FQDN)). The type of identifier you provide here must correspond to the value for `cpeLocalIdentifierType`. - If you don't provide a value, the `ipAddress` attribute for the L(Cpe,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/Cpe/) object specified by `cpeId` is used as the `cpeLocalIdentifier`. - For information about why you'd provide this value, see L(If Your CPE Is Behind a NAT Device,https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/overviewIPsec.htm#nat). - 'Example IP address: `10.0.3.3`' - 'Example hostname: `cpe.example.com`' - This parameter is updatable. type: str tunnel_configuration: description: - Information for creating the individual tunnels in the IPSec connection. You can provide a maximum of 2 `tunnelConfiguration` objects in the array (one for each of the two tunnels). elements: dict suboptions: bgp_session_config: description: - '' suboptions: customer_bgp_asn: description: - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format. - If the tunnel's `routing` attribute is set to `STATIC`, the `customerBgpAsn` must be null. - 'Example: `12345` (2-byte) or `1587232876` (4-byte)' type: str customer_interface_ip: description: - The IP address for the CPE end of the inside tunnel interface. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is required and used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel. - The value must be a /30 or /31. - 'Example: `10.0.0.5/31`' type: str customer_interface_ipv6: description: - The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - Only subnet masks from /64 up to /127 are allowed. - 'Example: `2001:db8::1/64`' type: str oracle_interface_ip: description: - The IP address for the Oracle end of the inside tunnel interface. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is required and used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel. - The value must be a /30 or /31. - 'Example: `10.0.0.4/31`' type: str oracle_interface_ipv6: description: - The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional. - If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)), this IP address is used for the tunnel's BGP session. - If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot or monitor the tunnel. - Only subnet masks from /64 up to /127 are allowed. - 'Example: `2001:db8::1/64`' type: str type: dict display_name: aliases: - name description: - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. type: str dpd_config: description: - '' suboptions: dpd_mode: choices: - INITIATE_AND_RESPOND - RESPOND_ONLY description: - This option defines whether DPD can be initiated from the Oracle side of the connection. type: str dpd_timeout_in_sec: description: - DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds. type: int type: dict encryption_domain_config: description: - '' suboptions: cpe_traffic_selector: description: - Lists IPv4 or IPv6-enabled subnets in your on-premises network. elements: str type: list oracle_traffic_selector: description: - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy. elements: str type: list type: dict ike_version: choices: - V1 - V2 description: - Internet Key Exchange protocol version. type: str nat_translation_enabled: choices: - ENABLED - DISABLED - AUTO description: - By default (the `AUTO` setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T. - The `ENABLED` option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets. - The `DISABLED` option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use. type: str oracle_initiation: choices: - INITIATOR_OR_RESPONDER - RESPONDER_ONLY description: - Indicates whether the Oracle end of the IPSec connection is able to initiate starting up the IPSec tunnel. type: str phase_one_config: description: - '' suboptions: authentication_algorithm: choices: - SHA2_384 - SHA2_256 - SHA1_96 description: - The custom authentication algorithm proposed during phase one tunnel negotiation. type: str diffie_helman_group: choices: - GROUP2 - GROUP5 - GROUP14 - GROUP19 - GROUP20 - GROUP24 description: - The custom Diffie-Hellman group proposed during phase one tunnel negotiation. type: str encryption_algorithm: choices: - AES_256_CBC - AES_192_CBC - AES_128_CBC description: - The custom encryption algorithm proposed during phase one tunnel negotiation. type: str is_custom_phase_one_config: description: - Indicates whether custom configuration is enabled for phase one options. type: bool lifetime_in_seconds: description: - Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours. type: int type: dict phase_two_config: description: - '' suboptions: authentication_algorithm: choices: - HMAC_SHA2_256_128 - HMAC_SHA1_128 description: - The authentication algorithm proposed during phase two tunnel negotiation. type: str encryption_algorithm: choices: - AES_256_GCM - AES_192_GCM - AES_128_GCM - AES_256_CBC - AES_192_CBC - AES_128_CBC description: - The encryption algorithm proposed during phase two tunnel negotiation. type: str is_custom_phase_two_config: description: - Indicates whether custom configuration is enabled for phase two options. type: bool is_pfs_enabled: description: - Indicates whether perfect forward secrecy (PFS) is enabled. type: bool lifetime_in_seconds: description: - Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour. type: int pfs_dh_group: choices: - GROUP2 - GROUP5 - GROUP14 - GROUP19 - GROUP20 - GROUP24 description: - The Diffie-Hellman group used for PFS, if PFS is enabled. type: str type: dict routing: choices: - BGP - STATIC - POLICY description: - The type of routing to use for this tunnel (BGP dynamic routing, static routing, or policy-based routing). type: str shared_secret: description: - The shared secret (pre-shared key) to use for the IPSec tunnel. Only numbers, letters, and spaces are allowed. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with L(UpdateIPSecConnectionTunnelSharedSecret,https://docs.cloud.oracle.com/en- us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnelSharedSecret/UpdateIPSecConnectionTunnelSharedSecret). type: str type: list api_user_key_pass_phrase: description: - Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See C(config_file_location)). type: str cpe_local_identifier_type: choices: - IP_ADDRESS - HOSTNAME description: - The type of identifier for your CPE device. The value you provide here must correspond to the value for `cpeLocalIdentifier`. - This parameter is updatable. type: str realm_specific_endpoint_template_enabled: description: - Enable/Disable realm specific endpoint template for service client. By Default, realm specific endpoint template is disabled. If not set, then the value of the OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used. type: bool
ip_sec_connection: contains: compartment_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the IPSec connection. returned: on success sample: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx type: str cpe_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the L(Cpe,https://docs.cloud.oracle.com/en- us/iaas/api/#/en/iaas/latest/Cpe/) object. returned: on success sample: ocid1.cpe.oc1..xxxxxxEXAMPLExxxxxx type: str cpe_local_identifier: description: - Your identifier for your CPE device. Can be either an IP address or a hostname (specifically, the fully qualified domain name (FQDN)). The type of identifier here must correspond to the value for `cpeLocalIdentifierType`. - If you don't provide a value when creating the IPSec connection, the `ipAddress` attribute for the L(Cpe,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/Cpe/) object specified by `cpeId` is used as the `cpeLocalIdentifier`. - For information about why you'd provide this value, see L(If Your CPE Is Behind a NAT Device,https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/overviewIPsec.htm#nat). - 'Example IP address: `10.0.3.3`' - 'Example hostname: `cpe.example.com`' returned: on success sample: cpe_local_identifier_example type: str cpe_local_identifier_type: description: - The type of identifier for your CPE device. The value here must correspond to the value for `cpeLocalIdentifier`. returned: on success sample: IP_ADDRESS type: str defined_tags: description: - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see L(Resource Tags,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). - 'Example: `{"Operations": {"CostCenter": "42"}}`' returned: on success sample: Operations: CostCenter: US type: dict display_name: description: - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. returned: on success sample: display_name_example type: str drg_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the DRG. returned: on success sample: ocid1.drg.oc1..xxxxxxEXAMPLExxxxxx type: str freeform_tags: description: - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see L(Resource Tags,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). - 'Example: `{"Department": "Finance"}`' returned: on success sample: Department: Finance type: dict id: description: - The IPSec connection's Oracle ID (L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)). returned: on success sample: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx type: str lifecycle_state: description: - The IPSec connection's current state. returned: on success sample: PROVISIONING type: str static_routes: description: - Static routes to the CPE. The CIDR must not be a multicast address or class E address. - Used for routing a given IPSec tunnel's traffic only if the tunnel is using static routing. If you configure at least one tunnel to use static routing, then you must provide at least one valid static route. If you configure both tunnels to use BGP dynamic routing, you can provide an empty list for the static routes. - The CIDR can be either IPv4 or IPv6. IPv6 addressing is supported for all commercial and government regions. See L(IPv6 Addresses,https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/ipv6.htm). - 'Example: `10.0.1.0/24`' - 'Example: `2001:db8::/32`' returned: on success sample: [] type: list time_created: description: - The date and time the IPSec connection was created, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str description: - Details of the IpSecConnection resource acted upon by the current operation returned: on success sample: compartment_id: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx cpe_id: ocid1.cpe.oc1..xxxxxxEXAMPLExxxxxx cpe_local_identifier: cpe_local_identifier_example cpe_local_identifier_type: IP_ADDRESS defined_tags: Operations: CostCenter: US display_name: display_name_example drg_id: ocid1.drg.oc1..xxxxxxEXAMPLExxxxxx freeform_tags: Department: Finance id: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx lifecycle_state: PROVISIONING static_routes: [] time_created: '2013-10-20T19:20:30+01:00' type: complex