Update a VPN Endpoint V2

put

/vpnendpoint/v2/{name}

This endpoint is not available on Oracle Cloud Machine.

Updates the values for psk and reachable_routes for the specified VPN connection. If you want to update values for any other parameter, you'll have to delete the VPN connection and then re-create with the new parameters using the POST /vpnendpoint/v2/ request. Although you can only update the values for psk and reachable_routes using this request, you must specify the current values for all the existing parameters in the request body.

Required Role: To complete this task, you must have the Compute_Operations role. If this role isn't assigned to you or you're not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Request

Supported Media Types
Path Parameters
  • The three-part name of the object (/Compute-identity_domain/user/object).
Header Parameters
Body ()
The request body contains details of the VPN endpoint v2 that you want to update.
Root Schema : VPNConnection-put-request
Type: object
The request body contains details of the VPN endpoint v2 that you want to update.
Show Source
  • Specify the IP address of the VPN gateway in your data center through which you want to connect to the Oracle Cloud VPN gateway. Your gateway device must support policy-based VPN and IKE (Internet Key Exchange) configuration using pre-shared keys.
  • Description of the object.
  • The Internet Key Exchange (IKE) ID. If you don't specify a value, the default value is the public IP address of the cloud gateway. You can specify either an alternative IP address, or any text string that you want to use as the IKE ID. If you specify a text string, you must prefix the string with @. For example, if you want to specify the text IKEID-for-VPN1, specify @IKEID-for-VPN1 as the value in request body. If you specify an IP address, don't prefix it with @. The IKE ID is case sensitive and can contain a maximum of 255 ASCII alphanumeric characters including special characters, period (.), hyphen (-), and underscore (_). The IKE ID can't contain embedded space characters.

    Note: If you specify the IKE ID, ensure that you specify the Peer ID type as Domain Name on the third-party device in your data center. Other Peer ID types, such as email address, firewall identifier or key identifier, aren't supported.

  • Specify the three-part name of the IP network (/Compute-identity_domain/user/object) in which you want to create the cloud gateway. When you send a request to create a VPN connection, a cloud gateway is created and this is assigned an available IP address from the IP network that you specify. So, the cloud gateway is directly connected to the IP network that you specify.

    You can only specify a single IP network. All other IP networks which are connected to the specified IP network through an IP network exchange are discovered and added automatically to the VPN connection.

  • The three-part name (/Compute-identity_domain/user/object) of the VPN connection. Object names can contain only alphanumeric, underscore (_), dash (-), and period (.) characters. Object names are case-sensitive.
  • This is enabled (set to true) by default. If your third-party device supports Perfect Forward Secrecy (PFS), set this parameter to true to require PFS.
  • phase1Settings
    Additional Properties Allowed: additionalProperties
    Settings for Phase 1 of protocol (IKE). See below for object members.

    phase1Settings.encryption: Encryption options for IKE. Possible values are aes128, aes192, aes256. Default is combination of all possible values.

    phase1Settings.hash: Authentication options for IKE. Possible values are sha1, sha2_256, md5. Default is combination of all possible values.

    phase1Settings.dhGroup: Diffie-Hellman group for both IKE and ESP. It is applicable for ESP only if PFS is enabled. Possible values are group2, group5, group14, group22, group23, group24. Default is combination of all possible values

  • phase2Settings
    Additional Properties Allowed: additionalProperties
    Settings for Phase 2 of protocol (IPSEC).See below for object members.

    phase2Settings.encryption: Encryption options for IKE. Possible values are aes128, aes192, aes256. Default is combination of all possible values.

    phase2Settings.hash: Authentication options for IKE. Possible values are sha1, sha2_256, md5. Default is combination of all possible values.

  • Pre-shared VPN key. Enter the pre-shared key. This secret key is shared between your network gateway and the Oracle Cloud network for authentication. Specify the full path and name of the text file that contains the pre-shared key. Ensure that the permission level of the text file is set to 400. The pre-shared VPN key must not exceed 256 characters.
  • reachable_routes
    Specify a list of customer subnets (CIDR prefixes) that are reachable through this VPN tunnel. You can specify a maximum of 20 IP subnet addresses. Specify IPv4 addresses in dot-decimal notation with or without mask.
  • tags
    Tags associated with the object.
  • vnicSets
    Comma-separated list of vNIC sets. Traffic is allowed to and from these vNIC sets to the cloud gateway's vNIC set.
Nested Schema : phase1Settings
Type: object
Additional Properties Allowed
Show Source
Settings for Phase 1 of protocol (IKE). See below for object members.

phase1Settings.encryption: Encryption options for IKE. Possible values are aes128, aes192, aes256. Default is combination of all possible values.

phase1Settings.hash: Authentication options for IKE. Possible values are sha1, sha2_256, md5. Default is combination of all possible values.

phase1Settings.dhGroup: Diffie-Hellman group for both IKE and ESP. It is applicable for ESP only if PFS is enabled. Possible values are group2, group5, group14, group22, group23, group24. Default is combination of all possible values

Nested Schema : phase2Settings
Type: object
Additional Properties Allowed
Show Source
Settings for Phase 2 of protocol (IPSEC).See below for object members.

phase2Settings.encryption: Encryption options for IKE. Possible values are aes128, aes192, aes256. Default is combination of all possible values.

phase2Settings.hash: Authentication options for IKE. Possible values are sha1, sha2_256, md5. Default is combination of all possible values.

Nested Schema : reachable_routes
Type: array
Specify a list of customer subnets (CIDR prefixes) that are reachable through this VPN tunnel. You can specify a maximum of 20 IP subnet addresses. Specify IPv4 addresses in dot-decimal notation with or without mask.
Show Source
Nested Schema : tags
Type: array
Tags associated with the object.
Show Source
Nested Schema : vnicSets
Type: array
Comma-separated list of vNIC sets. Traffic is allowed to and from these vNIC sets to the cloud gateway's vNIC set.
Show Source
Nested Schema : additionalProperties
Type: object
Nested Schema : additionalProperties
Type: object

Response

Supported Media Types

200 Response

OK. See Status Codes for information about other possible HTTP status codes.
Headers
Body ()
Root Schema : VPNConnection-response
Type: object
Show Source
Nested Schema : phase1Settings
Type: object
Additional Properties Allowed
Show Source
Settings for Phase 1 of protocol (IKE).
Nested Schema : phase2Settings
Type: object
Additional Properties Allowed
Show Source
Settings for Phase 2 of protocol (IPSEC).
Nested Schema : reachable_routes
Type: array
List of subnets (CIDR prefixes) that are reachable through this VPN tunnel.
Show Source
Nested Schema : tags
Type: array
Tags associated with the object.
Show Source
Nested Schema : vnicSets
Type: array
Comma-separated list of vNIC sets. Traffic is allowed to and from these vNIC sets to the cloud gateway's vNIC set.
Show Source
Nested Schema : additionalProperties
Type: object
Nested Schema : additionalProperties
Type: object

Examples

cURL Command

The following example shows how to update a VPN connection, /Compute-acme/jack.jones@example.com/vpnconnection1, by submitting a PUT request on the REST resource using cURL. For more information about cURL, see Use cURL.

Enter the command on a single line. Line breaks are used in this example for readability.

curl -i -X PUT
     -H "Cookie: $COMPUTE_COOKIE"
     -H "Content-Type: application/oracle-compute-v3+json"
     -H "Accept: application/oracle-compute-v3+json"
     -d "@vpnconnection.json"
        https://api-z999.compute.us0.oraclecloud.com/vpnendpoint/v2/Compute-acme/jack.jones@example.com/vpnconnection1
  • COMPUTE_COOKIE is the name of the variable in which you stored the authentication cookie earlier. For information about retrieving the authentication cookie and storing it in a variable, see Authentication.

  • api-z999.compute.us0.oraclecloud.com is an example REST endpoint URL. Change this value to the REST endpoint URL of your Compute Classic site. For information about finding out REST endpoint URL for your site, see Send Requests.

  • acme and jack.jones@example.com are example values. Replace acme with the identity domain ID of your Compute Classic account, and jack.jones@example.com with your user name.

  • After creating the request body JSON file, you should validate it. You can do this by using a third-party tool, such as JSONLint, or any other validation tool of your choice. If your JSON format isn???t valid, then an error message is displayed when you pass the request body.

Example of Request Body

The following shows an example of the request body content in the requestbody.json file to update the values for psk and reachable_routes. Although you can update only these two parameters, you have to specify the current values for all the existing parameters.

{
  "psk": "./updated_psk",
  "name": "/Compute-acme/jack.jones@example.com/vpnconnection1",
  "customer_vpn_gateway": "172.16.254.1",
  "ipNetwork": "/Compute-acme/jack.jones@example.com/ipnet1",
  "reachable_routes": [
    "10.2.3.0/24",
    "10.3.2.0/24"
  ],
  "pfsFlag": false,
  "phase1Settings": {
    "dhGroup": "group2",
    "encryption": "aes128",
    "hash": "sha1"
  },
  "phase2Settings": {
    "encryption": "aes256",
    "hash": "md5"
  },
  "vnicSets": [
    "/Compute-acme/jack.jones@example.com/vnicset1"
  ]
}

Example of Response Body

The following example shows the response body in JSON format when you update a VPN connection.

{
  "uri": "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/vpnendpoint/Compute-acme/jack.jones@example.com/vpnconnection1",
  "tunnelStatus": "UP",
  "psk": "*******",
  "name": "/Compute-acme/jack.jones@example.com/vpnconnection1",
  "reachable_routes": [
    "10.1.2.0/24",
    "10.1.3.0/24",
    "10.1.4.0/24"
  ],
  "pfsFlag": false,
  "phase1Settings": {
    "dhGroup": "group2",
    "encryption": "aes128",
    "hash": "sha1"
  },
  "phase2Settings": {
    "encryption": "aes256",
    "hash": "md5"
  },
  "vnicSets": [
    "/Compute-acme/jack.jones@example.com/vnicset1"
  ],
  "customer_vpn_gateway": "172.16.254.1",
  "ikeIdentifier": "10.14.15.16",
  "ipNetwork": "/Compute-acme/jack.jones@example.com/ipnet1"
}