Neutron/VPNaaS/SSLVPN

= Overview = This page describes SSL-VPN extension feature in OpenStack Networking for the IceHouse release. Please also check how to use sslvpn extension features HowToUse

Commands
This section describes commands that will be introduced into python-neutronclient in order to support SSLVPN services

vpn-credential-create         Create an VPNCredential. vpn-credential-delete         Delete a given VPNCredential. vpn-credential-list           List VPNCredentials that belong to a given tenant. vpn-credential-show           Show information of a given VPNCredential. vpn-credential-update         Update a given VPNCredential.

ssl-vpn-connection-create     Create an SSLVPNConnection. ssl-vpn-connection-delete     Delete a given SSLVPNConnection. ssl-vpn-connection-list       List SSLVPNConnections that belong to a given tenant. ssl-vpn-connection-show       Show information of a given SSLVPNConnection. ssl-vpn-connection-update     Update a given SSLVPNConnection.

= Command Specification (TBD) =

vpn-credential-create
Create a new vpn credential

usage: neutron vpn-credential-create [-h] [-f {shell,table}] [-c COLUMN] [--variable VARIABLE] [--prefix PREFIX] [--request-format {json,xml}] [--tenant-id TENANT_ID] [--admin-state-down] [--name NAME] --ca CA --server_certificate SERVER_CERTIFICATE --server_key SERVER_KEY --dh DH --crl CRL

Sample

neutron vpn-credential-create --name test --ca ca.crt --server_certificate east-server.crt --server_key east-server.key --dh dh1024.pem

vpn-credential-list
Create a new vpn credential

usage: neutron vpn-credential-list

vpn-credential-list
Liste new vpn credentials

usage: neutron vpn-credential-list

vpn-credential-show
Show a new vpn credential

usage: neutron vpn-credential-show [-h] [-f {shell,table}] [-c COLUMN] [--variable VARIABLE] [--prefix PREFIX] [--request-format {json,xml}] [-D] [-F FIELD] VPN_CREDENTIAL

vpn-credential-delete
Delete a vpn credential

usage: neutron vpn-credential-delete [-h] [--request-format {json,xml}] VPN_CREDENTIAL

ssl-vpn-connection-create
usage: neutron ssl-vpn-connection-create [-h] [-f {shell,table}] [-c COLUMN] [--variable VARIABLE] [--prefix PREFIX] [--request-format {json,xml}] [--tenant-id TENANT_ID] [--admin-state-down] [--name NAME] [--client_address_pool_cidr CLIENT_ADDRESS_POOL_CIDR] VPNSERVICE VPNCREDENTIAL

ssl-vpn-connection-list
List ssl vpn connections

usage: neutron ssl-vpn-connection-list

ssl-vpn-connection-list
show a ssl vpn connections

usage: neutron ssl-vpn-connection-show [-h] [-f {shell,table}] [-c COLUMN] [--variable VARIABLE] [--prefix PREFIX] [--request-format {json,xml}] [-D] [-F FIELD] SSL_VPN_CONNECTION

ssl-vpn-connection-update
update a ssl vpn connections

usage: neutron ssl-vpn-connection-update [-h] [--request-format {json,xml}] SSL_VPN_CONNECTION

ssl-vpn-connection-delete
delete a ssl vpn connections

usage: neutron ssl-vpn-connection-delete [-h] [--request-format {json,xml}] SSL_VPN_CONNECTION

= REST API = CREATE VPN Credential: curl -X POST -H "X-Auth-Token: $auth_token" -H "Content-type:application/json" -d '{"vpn_credential": {"name": "cred1", "ca":"CA certificate in PEM format", "server_certificate":"server certificate in PEM format", "server_key":"server key in PEM format", "dh":"dh in PEM format", "crl":"crl in pem format"} }' $q_url/vpn/vpn-credentials

CREATE SSL VPN Connection: curl -X POST -H "X-Auth-Token: $auth_token" -H "Content-type:application/json" -d '{"ssl_vpn_connection":{"name":"conn1", "client_address_pool_cidr":"10.8.0.0/24", "credential_id": "434a9843-ecc0-4653-8f3a-e604d9d7aadc", "admin_state_up": "True", "vpnservice_id":"cc91b7af-8304-4aff-ad07-86bdbaae2e93"}}' $q_url/vpn/ssl-vpn-connections

LIST VPN Credentials: curl -X GET -H "X-Auth-Token: $auth_token" $q_url/vpn/vpn-credentials

LIST SSL VPN Connections: curl -X GET -H "X-Auth-Token: $auth_token" $q_url/vpn/ssl-vpn-connections

DELETE VPN Credential: curl -X DELETE -H "X-Auth-Token: $auth_token" $q_url/vpn/vpn-credentials/336fb70e-8ce1-469a-9f6f-04f696d030cf

DELETE SSL VPN Connection: curl -X DELETE -H "X-Auth-Token: $auth_token" $q_url/vpn/ssl-vpn-connections/336523b8-edd9-4c22-9f62-a45f7cd39f59

= High-Level Task Flow = The high-level task flow for using SSLVPN API to configure SSL VPN is as follows:


 * The tenant creates a VPNService, without any connections.
 * The tenant creates one or more VPNCredential.
 * The tenant creates one or more SSLVPnConnection and associates with the VPNService id, VPNCredential id

= Blueprints = https://blueprints.launchpad.net/neutron/+spec/neutron-ssl-vpn