Try SpotterManage an IpSecConnectionTunnel resource in Oracle Cloud Infrastructure
| "added in version" 2.9.0 of oracle.oci"
Authors: Oracle (@oracle)
preview | supported by community
Install with ansible-galaxy collection install oracle.oci:==5.0.0
collections:
- name: oracle.oci
version: 5.0.0This module allows the user to update an IpSecConnectionTunnel resource in Oracle Cloud Infrastructure
- name: Update ip_sec_connection_tunnel
oci_network_ip_sec_connection_tunnel:
# required
ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx"
tunnel_id: "ocid1.tunnel.oc1..xxxxxxEXAMPLExxxxxx"
# optional
display_name: display_name_example
routing: BGP
ike_version: V1
bgp_session_config:
# optional
oracle_interface_ip: oracle_interface_ip_example
customer_interface_ip: customer_interface_ip_example
oracle_interface_ipv6: oracle_interface_ipv6_example
customer_interface_ipv6: customer_interface_ipv6_example
customer_bgp_asn: customer_bgp_asn_example
oracle_initiation: INITIATOR_OR_RESPONDER
nat_translation_enabled: ENABLED
phase_one_config:
# optional
is_custom_phase_one_config: true
authentication_algorithm: SHA2_384
encryption_algorithm: AES_256_CBC
diffie_helman_group: GROUP2
lifetime_in_seconds: 56
phase_two_config:
# optional
is_custom_phase_two_config: true
authentication_algorithm: HMAC_SHA2_256_128
encryption_algorithm: AES_256_GCM
lifetime_in_seconds: 56
is_pfs_enabled: true
pfs_dh_group: GROUP2
dpd_config:
# optional
dpd_mode: INITIATE_AND_RESPOND
dpd_timeout_in_sec: 56
encryption_domain_config:
# optional
oracle_traffic_selector: [ "oracle_traffic_selector_example" ]
cpe_traffic_selector: [ "cpe_traffic_selector_example" ]
- name: Update ip_sec_connection_tunnel using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set)
oci_network_ip_sec_connection_tunnel:
# required
ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx"
display_name: display_name_example
# optional
routing: BGP
ike_version: V1
bgp_session_config:
# optional
oracle_interface_ip: oracle_interface_ip_example
customer_interface_ip: customer_interface_ip_example
oracle_interface_ipv6: oracle_interface_ipv6_example
customer_interface_ipv6: customer_interface_ipv6_example
customer_bgp_asn: customer_bgp_asn_example
oracle_initiation: INITIATOR_OR_RESPONDER
nat_translation_enabled: ENABLED
phase_one_config:
# optional
is_custom_phase_one_config: true
authentication_algorithm: SHA2_384
encryption_algorithm: AES_256_CBC
diffie_helman_group: GROUP2
lifetime_in_seconds: 56
phase_two_config:
# optional
is_custom_phase_two_config: true
authentication_algorithm: HMAC_SHA2_256_128
encryption_algorithm: AES_256_GCM
lifetime_in_seconds: 56
is_pfs_enabled: true
pfs_dh_group: GROUP2
dpd_config:
# optional
dpd_mode: INITIATE_AND_RESPOND
dpd_timeout_in_sec: 56
encryption_domain_config:
# optional
oracle_traffic_selector: [ "oracle_traffic_selector_example" ]
cpe_traffic_selector: [ "cpe_traffic_selector_example" ]
wait:
default: true
description: Whether to wait for create or delete operation to complete.
type: bool
state:
choices:
- present
default: present
description:
- The state of the IpSecConnectionTunnel.
- Use I(state=present) to update an existing an IpSecConnectionTunnel.
required: false
type: str
region:
description:
- The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set,
then the value of the OCI_REGION variable, if any, is used. This option is required
if the region is not specified through a configuration file (See C(config_file_location)).
Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm)
for more information on OCI regions.
type: str
ipsc_id:
description:
- The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)
of the IPSec connection.
required: true
type: str
routing:
choices:
- BGP
- STATIC
- POLICY
description:
- The type of routing to use for this tunnel (BGP dynamic routing, static routing,
or policy-based routing).
- This parameter is updatable.
type: str
tenancy:
description:
- OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if
any, is used. This option is required if the tenancy OCID is not specified through
a configuration file (See C(config_file_location)). To get the tenancy OCID, please
refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm)
type: str
api_user:
description:
- The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the
value of the OCI_USER_ID environment variable, if any, is used. This option is required
if the user is not specified through a configuration file (See C(config_file_location)).
To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
auth_type:
choices:
- api_key
- instance_principal
- instance_obo_user
- resource_principal
- security_token
default: api_key
description:
- The type of authentication to use for making API requests. By default C(auth_type="api_key")
based authentication is performed and the API key (see I(api_user_key_file)) in
your config file will be used. If this 'auth_type' module option is not specified,
the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal")
to use instance principal based authentication when running ansible playbooks within
an OCI compute instance.
type: str
tunnel_id:
aliases:
- id
description:
- The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)
of the tunnel.
- Required for update using I(state=present) when environment variable C(OCI_USE_NAME_AS_IDENTIFIER)
is not set.
type: str
dpd_config:
description:
- ''
- This parameter is updatable.
suboptions:
dpd_mode:
choices:
- INITIATE_AND_RESPOND
- RESPOND_ONLY
description:
- This option defines whether DPD can be initiated from the Oracle side of the
connection.
- This parameter is updatable.
type: str
dpd_timeout_in_sec:
description:
- DPD timeout in seconds. This sets the longest interval between CPE device health
messages before the IPSec connection indicates it has lost contact with the
CPE. The default is 20 seconds.
- This parameter is updatable.
type: int
type: dict
cert_bundle:
description:
- The full path to a CA certificate bundle to be used for SSL verification. This will
override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE
variable, if any, is used.
type: str
ike_version:
choices:
- V1
- V2
description:
- Internet Key Exchange protocol version.
- This parameter is updatable.
type: str
auth_purpose:
choices:
- service_principal
description:
- The auth purpose which can be used in conjunction with 'auth_type=instance_principal'.
The default auth_purpose for instance_principal is None.
type: str
display_name:
aliases:
- name
description:
- A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering
confidential information.
- Required for update when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is set.
- This parameter is updatable when C(OCI_USE_NAME_AS_IDENTIFIER) is not set.
type: str
wait_timeout:
description: Time, in seconds, to wait when I(wait=yes). Defaults to 1200 for most
of the services but some services might have a longer wait timeout.
type: int
phase_one_config:
description:
- ''
- This parameter is updatable.
suboptions:
authentication_algorithm:
choices:
- SHA2_384
- SHA2_256
- SHA1_96
description:
- The custom authentication algorithm proposed during phase one tunnel negotiation.
- This parameter is updatable.
type: str
diffie_helman_group:
choices:
- GROUP2
- GROUP5
- GROUP14
- GROUP19
- GROUP20
- GROUP24
description:
- The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
- This parameter is updatable.
type: str
encryption_algorithm:
choices:
- AES_256_CBC
- AES_192_CBC
- AES_128_CBC
description:
- The custom encryption algorithm proposed during phase one tunnel negotiation.
- This parameter is updatable.
type: str
is_custom_phase_one_config:
description:
- Indicates whether custom configuration is enabled for phase one options.
- This parameter is updatable.
type: bool
lifetime_in_seconds:
description:
- Internet key association (IKE) session key lifetime in seconds for IPSec phase
one. The default is 28800 which is equivalent to 8 hours.
- This parameter is updatable.
type: int
type: dict
phase_two_config:
description:
- ''
- This parameter is updatable.
suboptions:
authentication_algorithm:
choices:
- HMAC_SHA2_256_128
- HMAC_SHA1_128
description:
- The authentication algorithm proposed during phase two tunnel negotiation.
- This parameter is updatable.
type: str
encryption_algorithm:
choices:
- AES_256_GCM
- AES_192_GCM
- AES_128_GCM
- AES_256_CBC
- AES_192_CBC
- AES_128_CBC
description:
- The encryption algorithm proposed during phase two tunnel negotiation.
- This parameter is updatable.
type: str
is_custom_phase_two_config:
description:
- Indicates whether custom configuration is enabled for phase two options.
- This parameter is updatable.
type: bool
is_pfs_enabled:
description:
- Indicates whether perfect forward secrecy (PFS) is enabled.
- This parameter is updatable.
type: bool
lifetime_in_seconds:
description:
- Lifetime in seconds for the IPSec session key set in phase two. The default
is 3600 which is equivalent to 1 hour.
- This parameter is updatable.
type: int
pfs_dh_group:
choices:
- GROUP2
- GROUP5
- GROUP14
- GROUP19
- GROUP20
- GROUP24
description:
- The Diffie-Hellman group used for PFS, if PFS is enabled.
- This parameter is updatable.
type: str
type: dict
api_user_key_file:
description:
- Full path and filename of the private key (in PEM format). If not set, then the
value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required
if the private key is not specified through a configuration file (See C(config_file_location)).
If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option
must also be provided.
type: str
oracle_initiation:
choices:
- INITIATOR_OR_RESPONDER
- RESPONDER_ONLY
description:
- Indicates whether the Oracle end of the IPSec connection is able to initiate starting
up the IPSec tunnel.
- This parameter is updatable.
type: str
bgp_session_config:
description:
- ''
- This parameter is updatable.
suboptions:
customer_bgp_asn:
description:
- The BGP ASN of the network on the CPE end of the BGP session. Can be a 2-byte
or 4-byte ASN. Uses "asplain" format.
- If you are switching the tunnel from using BGP dynamic routing to static routing,
the `customerBgpAsn` must be null.
- 'Example: `12345` (2-byte) or `1587232876` (4-byte)'
- This parameter is updatable.
type: str
customer_interface_ip:
description:
- The IP address for the CPE end of the inside tunnel interface.
- If the tunnel's `routing` attribute is set to `BGP` (see L(UpdateIPSecConnectionTunnelDetails,https://docs.cloud.oracle.com/en-
us/iaas/api/#/en/iaas/latest/datatypes/UpdateIPSecConnectionTunnelDetails)),
this IP address is used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot
or monitor the tunnel.
- The value must be a /30 or /31.
- If you are switching the tunnel from using BGP dynamic routing to static routing
and want to remove the value for `customerInterfaceIp`, you can set the value
to an empty string.
- 'Example: `10.0.0.5/31`'
- This parameter is updatable.
type: str
customer_interface_ipv6:
description:
- The IPv6 address for the CPE end of the inside tunnel interface. This IP address
is optional.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot
or monitor the tunnel.
- Only subnet masks from /64 up to /127 are allowed.
- 'Example: `2001:db8::1/64`'
- This parameter is updatable.
type: str
oracle_interface_ip:
description:
- The IP address for the Oracle end of the inside tunnel interface.
- If the tunnel's `routing` attribute is set to `BGP` (see L(UpdateIPSecConnectionTunnelDetails,https://docs.cloud.oracle.com/en-
us/iaas/api/#/en/iaas/latest/datatypes/UpdateIPSecConnectionTunnelDetails)),
this IP address is used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot
or monitor the tunnel.
- The value must be a /30 or /31.
- If you are switching the tunnel from using BGP dynamic routing to static routing
and want to remove the value for `oracleInterfaceIp`, you can set the value
to an empty string.
- 'Example: `10.0.0.4/31`'
- This parameter is updatable.
type: str
oracle_interface_ipv6:
description:
- The IPv6 address for the Oracle end of the inside tunnel interface. This IP
address is optional.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, you can set this IP address to troubleshoot
or monitor the tunnel.
- Only subnet masks from /64 up to /127 are allowed.
- 'Example: `2001:db8::1/64`'
- This parameter is updatable.
type: str
type: dict
config_profile_name:
description:
- The profile to load from the config file referenced by C(config_file_location).
If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any,
is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location).
type: str
api_user_fingerprint:
description:
- Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT
environment variable, if any, is used. This option is required if the key fingerprint
is not specified through a configuration file (See C(config_file_location)). To
get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
config_file_location:
description:
- Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment
variable, if any, is used. Otherwise, defaults to ~/.oci/config.
type: str
nat_translation_enabled:
choices:
- ENABLED
- DISABLED
- AUTO
description:
- By default (the `AUTO` setting), IKE sends packets with a source and destination
port set to 500, and when it detects that the port used to forward packets has changed
(most likely because a NAT device is between the CPE device and the Oracle VPN headend)
it will try to negotiate the use of NAT-T.
- The `ENABLED` option sets the IKE protocol to use port 4500 instead of 500 and forces
encapsulating traffic with the ESP protocol inside UDP packets.
- The `DISABLED` option directs IKE to completely refuse to negotiate NAT-T even if
it senses there may be a NAT device in use.
- This parameter is updatable.
type: str
api_user_key_pass_phrase:
description:
- Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted.
If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is
used. This option is required if the key passphrase is not specified through a configuration
file (See C(config_file_location)).
type: str
encryption_domain_config:
description:
- ''
- This parameter is updatable.
suboptions:
cpe_traffic_selector:
description:
- Lists IPv4 or IPv6-enabled subnets in your on-premises network.
- This parameter is updatable.
elements: str
type: list
oracle_traffic_selector:
description:
- Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
- This parameter is updatable.
elements: str
type: list
type: dict
realm_specific_endpoint_template_enabled:
description:
- Enable/Disable realm specific endpoint template for service client. By Default,
realm specific endpoint template is disabled. If not set, then the value of the
OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
type: bool
ip_sec_connection_tunnel:
contains:
bgp_session_info:
contains:
bgp_ipv6_state:
description:
- The state of the BGP IPv6 session.
returned: on success
sample: UP
type: str
bgp_state:
description:
- The state of the BGP session.
returned: on success
sample: UP
type: str
customer_bgp_asn:
description:
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this ASN is required and used for the tunnel's BGP session. This is the
ASN of the network on the CPE end of the BGP session. Can be a 2-byte
or 4-byte ASN. Uses "asplain" format.
- If the tunnel uses static routing, the `customerBgpAsn` must be null.
- 'Example: `12345` (2-byte) or `1587232876` (4-byte)'
returned: on success
sample: customer_bgp_asn_example
type: str
customer_interface_ip:
description:
- The IP address for the CPE end of the inside tunnel interface.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is required and used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, this IP address is optional.
You can set this IP address so you can troubleshoot or monitor the tunnel.
- The value must be a /30 or /31.
- 'Example: `10.0.0.5/31`'
returned: on success
sample: customer_interface_ip_example
type: str
customer_interface_ipv6:
description:
- The IPv6 address for the CPE end of the inside tunnel interface. This
IP address is optional.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, you can set this IP address to
troubleshoot or monitor the tunnel.
- Only subnet masks from /64 up to /127 are allowed.
- 'Example: `2001:db8::1/64`'
returned: on success
sample: customer_interface_ipv6_example
type: str
oracle_bgp_asn:
description:
- The Oracle BGP ASN.
returned: on success
sample: oracle_bgp_asn_example
type: str
oracle_interface_ip:
description:
- The IP address for the Oracle end of the inside tunnel interface.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is required and used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, this IP address is optional.
You can set this IP address so you can troubleshoot or monitor the tunnel.
- The value must be a /30 or /31.
- 'Example: `10.0.0.4/31`'
returned: on success
sample: oracle_interface_ip_example
type: str
oracle_interface_ipv6:
description:
- The IPv6 address for the Oracle end of the inside tunnel interface. This
IP address is optional.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, you can set this IP address to
troubleshoot or monitor the tunnel.
- Only subnet masks from /64 up to /127 are allowed.
- 'Example: `2001:db8::1/64`'
returned: on success
sample: oracle_interface_ipv6_example
type: str
description:
- ''
returned: on success
type: complex
compartment_id:
description:
- The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)
of the compartment containing the tunnel.
returned: on success
sample: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
type: str
cpe_ip:
description:
- The IP address of the CPE device's VPN headend.
- 'Example: `203.0.113.22`'
returned: on success
sample: cpe_ip_example
type: str
display_name:
description:
- A user-friendly name. Does not have to be unique, and it's changeable. Avoid
entering confidential information.
returned: on success
sample: display_name_example
type: str
dpd_mode:
description:
- Dead peer detection (DPD) mode set on the Oracle side of the connection. This
mode sets whether Oracle can only respond to a request from the CPE device
to start DPD, or both respond to and initiate requests.
returned: on success
sample: INITIATE_AND_RESPOND
type: str
dpd_timeout_in_sec:
description:
- DPD timeout in seconds.
returned: on success
sample: 56
type: int
encryption_domain_config:
contains:
cpe_traffic_selector:
description:
- Lists IPv4 or IPv6-enabled subnets in your on-premises network.
returned: on success
sample: []
type: list
oracle_traffic_selector:
description:
- Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
returned: on success
sample: []
type: list
description:
- ''
returned: on success
type: complex
id:
description:
- The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)
of the tunnel.
returned: on success
sample: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
type: str
ike_version:
description:
- Internet Key Exchange protocol version.
returned: on success
sample: V1
type: str
lifecycle_state:
description:
- The tunnel's lifecycle state.
returned: on success
sample: PROVISIONING
type: str
nat_translation_enabled:
description:
- By default (the `AUTO` setting), IKE sends packets with a source and destination
port set to 500, and when it detects that the port used to forward packets
has changed (most likely because a NAT device is between the CPE device and
the Oracle VPN headend) it will try to negotiate the use of NAT-T.
- The `ENABLED` option sets the IKE protocol to use port 4500 instead of 500
and forces encapsulating traffic with the ESP protocol inside UDP packets.
- The `DISABLED` option directs IKE to completely refuse to negotiate NAT-T
even if it senses there may be a NAT device in use.
- .
returned: on success
sample: ENABLED
type: str
oracle_can_initiate:
description:
- Indicates whether Oracle can only respond to a request to start an IPSec tunnel
from the CPE device, or both respond to and initiate requests.
returned: on success
sample: INITIATOR_OR_RESPONDER
type: str
phase_one_details:
contains:
custom_authentication_algorithm:
description:
- The proposed custom authentication algorithm.
returned: on success
sample: custom_authentication_algorithm_example
type: str
custom_dh_group:
description:
- The proposed custom Diffie-Hellman group.
returned: on success
sample: custom_dh_group_example
type: str
custom_encryption_algorithm:
description:
- The proposed custom encryption algorithm.
returned: on success
sample: custom_encryption_algorithm_example
type: str
is_custom_phase_one_config:
description:
- Indicates whether custom phase one configuration is enabled. If this option
is not enabled, default settings are proposed.
returned: on success
sample: true
type: bool
is_ike_established:
description:
- Indicates whether IKE phase one is established.
returned: on success
sample: true
type: bool
lifetime:
description:
- The total configured lifetime of the IKE security association.
returned: on success
sample: 56
type: int
negotiated_authentication_algorithm:
description:
- The negotiated authentication algorithm.
returned: on success
sample: negotiated_authentication_algorithm_example
type: str
negotiated_dh_group:
description:
- The negotiated Diffie-Hellman group.
returned: on success
sample: negotiated_dh_group_example
type: str
negotiated_encryption_algorithm:
description:
- The negotiated encryption algorithm.
returned: on success
sample: negotiated_encryption_algorithm_example
type: str
remaining_lifetime:
description:
- The remaining lifetime before the key is refreshed.
returned: on success
sample: 56
type: int
remaining_lifetime_last_retrieved:
description:
- The date and time we retrieved the remaining lifetime, in the format defined
by L(RFC3339,https://tools.ietf.org/html/rfc3339).
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
description:
- ''
returned: on success
type: complex
phase_two_details:
contains:
custom_authentication_algorithm:
description:
- Phase two authentication algorithm proposed during tunnel negotiation.
returned: on success
sample: custom_authentication_algorithm_example
type: str
custom_encryption_algorithm:
description:
- The proposed custom phase two encryption algorithm.
returned: on success
sample: custom_encryption_algorithm_example
type: str
dh_group:
description:
- The proposed Diffie-Hellman group.
returned: on success
sample: dh_group_example
type: str
is_custom_phase_two_config:
description:
- Indicates whether custom phase two configuration is enabled. If this option
is not enabled, default settings are proposed.
returned: on success
sample: true
type: bool
is_esp_established:
description:
- Indicates that ESP phase two is established.
returned: on success
sample: true
type: bool
is_pfs_enabled:
description:
- Indicates that PFS (perfect forward secrecy) is enabled.
returned: on success
sample: true
type: bool
lifetime:
description:
- The total configured lifetime of the IKE security association.
returned: on success
sample: 56
type: int
negotiated_authentication_algorithm:
description:
- The negotiated phase two authentication algorithm.
returned: on success
sample: negotiated_authentication_algorithm_example
type: str
negotiated_dh_group:
description:
- The negotiated Diffie-Hellman group.
returned: on success
sample: negotiated_dh_group_example
type: str
negotiated_encryption_algorithm:
description:
- The negotiated encryption algorithm.
returned: on success
sample: negotiated_encryption_algorithm_example
type: str
remaining_lifetime:
description:
- The remaining lifetime before the key is refreshed.
returned: on success
sample: 56
type: int
remaining_lifetime_last_retrieved:
description:
- The date and time the remaining lifetime was last retrieved, in the format
defined by L(RFC3339,https://tools.ietf.org/html/rfc3339).
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
description:
- ''
returned: on success
type: complex
routing:
description:
- The type of routing used for this tunnel (BGP dynamic routing, static routing,
or policy-based routing).
returned: on success
sample: BGP
type: str
status:
description:
- The status of the tunnel based on IPSec protocol characteristics.
returned: on success
sample: UP
type: str
time_created:
description:
- The date and time the IPSec tunnel was created, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339).
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
time_status_updated:
description:
- When the status of the IPSec tunnel last changed, in the format defined by
L(RFC3339,https://tools.ietf.org/html/rfc3339).
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
vpn_ip:
description:
- The IP address of the Oracle VPN headend for the connection.
- 'Example: `203.0.113.21`'
returned: on success
sample: vpn_ip_example
type: str
description:
- Details of the IpSecConnectionTunnel resource acted upon by the current operation
returned: on success
sample:
bgp_session_info:
bgp_ipv6_state: UP
bgp_state: UP
customer_bgp_asn: customer_bgp_asn_example
customer_interface_ip: customer_interface_ip_example
customer_interface_ipv6: customer_interface_ipv6_example
oracle_bgp_asn: oracle_bgp_asn_example
oracle_interface_ip: oracle_interface_ip_example
oracle_interface_ipv6: oracle_interface_ipv6_example
compartment_id: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
cpe_ip: cpe_ip_example
display_name: display_name_example
dpd_mode: INITIATE_AND_RESPOND
dpd_timeout_in_sec: 56
encryption_domain_config:
cpe_traffic_selector: []
oracle_traffic_selector: []
id: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
ike_version: V1
lifecycle_state: PROVISIONING
nat_translation_enabled: ENABLED
oracle_can_initiate: INITIATOR_OR_RESPONDER
phase_one_details:
custom_authentication_algorithm: custom_authentication_algorithm_example
custom_dh_group: custom_dh_group_example
custom_encryption_algorithm: custom_encryption_algorithm_example
is_custom_phase_one_config: true
is_ike_established: true
lifetime: 56
negotiated_authentication_algorithm: negotiated_authentication_algorithm_example
negotiated_dh_group: negotiated_dh_group_example
negotiated_encryption_algorithm: negotiated_encryption_algorithm_example
remaining_lifetime: 56
remaining_lifetime_last_retrieved: '2013-10-20T19:20:30+01:00'
phase_two_details:
custom_authentication_algorithm: custom_authentication_algorithm_example
custom_encryption_algorithm: custom_encryption_algorithm_example
dh_group: dh_group_example
is_custom_phase_two_config: true
is_esp_established: true
is_pfs_enabled: true
lifetime: 56
negotiated_authentication_algorithm: negotiated_authentication_algorithm_example
negotiated_dh_group: negotiated_dh_group_example
negotiated_encryption_algorithm: negotiated_encryption_algorithm_example
remaining_lifetime: 56
remaining_lifetime_last_retrieved: '2013-10-20T19:20:30+01:00'
routing: BGP
status: UP
time_created: '2013-10-20T19:20:30+01:00'
time_status_updated: '2013-10-20T19:20:30+01:00'
vpn_ip: vpn_ip_example
type: complex