Update a VPN Endpoint V2
/vpnendpoint/v2/{name}
Updates the values for psk
and reachable_routes
for the specified VPN connection. If you want to update values for any other parameter, you'll have to delete the VPN connection and then re-create with the new parameters using the POST /vpnendpoint/v2/ request. Although you can only update the values for psk
and reachable_routes
using this request, you must specify the current values for all the existing parameters in the request body.
Required Role: To complete this task, you must have the Compute_Operations
role. If this role isn't assigned to you or you're not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Request
- application/oracle-compute-v3+json
-
name: string
The three-part name of the object (
/Compute-identity_domain/user/object
).
-
Cookie: string
The Cookie: header must be included with every request to the service. It must be set to the value of the set-cookie header in the response received to the POST /authenticate/ call.
object
-
customer_vpn_gateway:
string
Specify the IP address of the VPN gateway in your data center through which you want to connect to the Oracle Cloud VPN gateway. Your gateway device must support policy-based VPN and IKE (Internet Key Exchange) configuration using pre-shared keys.
-
description(optional):
string
Description of the object.
-
ikeIdentifier(optional):
string
The Internet Key Exchange (IKE) ID. If you don't specify a value, the default value is the public IP address of the cloud gateway. You can specify either an alternative IP address, or any text string that you want to use as the IKE ID. If you specify a text string, you must prefix the string with @. For example, if you want to specify the text IKEID-for-VPN1, specify
@IKEID-for-VPN1
as the value in request body. If you specify an IP address, don't prefix it with @. The IKE ID is case sensitive and can contain a maximum of 255 ASCII alphanumeric characters including special characters, period (.), hyphen (-), and underscore (_). The IKE ID can't contain embedded space characters.Note: If you specify the IKE ID, ensure that you specify the Peer ID type as Domain Name on the third-party device in your data center. Other Peer ID types, such as email address, firewall identifier or key identifier, aren't supported.
-
ipNetwork:
string
Specify the three-part name of the IP network (
/Compute-identity_domain/user/object
) in which you want to create the cloud gateway. When you send a request to create a VPN connection, a cloud gateway is created and this is assigned an available IP address from the IP network that you specify. So, the cloud gateway is directly connected to the IP network that you specify.You can only specify a single IP network. All other IP networks which are connected to the specified IP network through an IP network exchange are discovered and added automatically to the VPN connection.
-
name:
string
The three-part name (
/Compute-identity_domain/user/object
) of the VPN connection. Object names can contain only alphanumeric, underscore (_), dash (-), and period (.) characters. Object names are case-sensitive. -
pfsFlag(optional):
boolean
This is enabled (set to
true
) by default. If your third-party device supports Perfect Forward Secrecy (PFS), set this parameter totrue
to require PFS. -
phase1Settings(optional):
object phase1Settings
Additional Properties Allowed: additionalPropertiesSettings for Phase 1 of protocol (IKE). See below for object members.
phase1Settings.encryption: Encryption options for IKE. Possible values are
aes128
,aes192
,aes256
. Default is combination of all possible values.phase1Settings.hash: Authentication options for IKE. Possible values are
sha1
,sha2_256
,md5
. Default is combination of all possible values.phase1Settings.dhGroup: Diffie-Hellman group for both IKE and ESP. It is applicable for ESP only if PFS is enabled. Possible values are
group2
,group5
,group14
,group22
,group23
,group24
. Default is combination of all possible values -
phase2Settings(optional):
object phase2Settings
Additional Properties Allowed: additionalPropertiesSettings for Phase 2 of protocol (IPSEC).See below for object members.
phase2Settings.encryption: Encryption options for IKE. Possible values are
aes128
,aes192
,aes256
. Default is combination of all possible values.phase2Settings.hash: Authentication options for IKE. Possible values are
sha1
,sha2_256
,md5
. Default is combination of all possible values. -
psk:
string
Pre-shared VPN key. Enter the pre-shared key. This secret key is shared between your network gateway and the Oracle Cloud network for authentication. Specify the full path and name of the text file that contains the pre-shared key. Ensure that the permission level of the text file is set to 400. The pre-shared VPN key must not exceed 256 characters.
-
reachable_routes:
array reachable_routes
Specify a list of customer subnets (CIDR prefixes) that are reachable through this VPN tunnel. You can specify a maximum of 20 IP subnet addresses. Specify IPv4 addresses in dot-decimal notation with or without mask.
-
tags(optional):
array tags
Tags associated with the object.
-
vnicSets(optional):
array vnicSets
Comma-separated list of vNIC sets. Traffic is allowed to and from these vNIC sets to the cloud gateway's vNIC set.
object
phase1Settings.encryption: Encryption options for IKE. Possible values are aes128
, aes192
, aes256
. Default is combination of all possible values.
phase1Settings.hash: Authentication options for IKE. Possible values are sha1
, sha2_256
, md5
. Default is combination of all possible values.
phase1Settings.dhGroup: Diffie-Hellman group for both IKE and ESP. It is applicable for ESP only if PFS is enabled. Possible values are group2
, group5
, group14
, group22
, group23
, group24
. Default is combination of all possible values
object
phase2Settings.encryption: Encryption options for IKE. Possible values are aes128
, aes192
, aes256
. Default is combination of all possible values.
phase2Settings.hash: Authentication options for IKE. Possible values are sha1
, sha2_256
, md5
. Default is combination of all possible values.
array
array
object
object
Response
- application/oracle-compute-v3+json
200 Response
-
set-cookie: string
The cookie value is returned if the session is extended
object
-
customer_vpn_gateway(optional):
string
IP address of the VPN gateway in your data center through which you want to connect to the Oracle Cloud VPN gateway.
-
description(optional):
string
Description of the object.
-
ikeIdentifier(optional):
string
The Internet Key Exchange (IKE) ID that you have specified. If you don't specify a value, the default value is the public IP address of the cloud gateway.
-
ipNetwork(optional):
string
The name of the IP network on which the cloud gateway is created by VPNaaS.
-
localGatewayAddress(optional):
string
IP address of your cloud gateway. An IP address that is available in the IP network you specify is assigned to the cloud gateway.
-
name(optional):
string
Name that you have specified for this VPN connection.
-
pfsFlag(optional):
boolean
True
indicates that Perfect Forward Secrecy (PFS) is required and your third-party device supports PFS. -
phase1Settings(optional):
object phase1Settings
Additional Properties Allowed: additionalPropertiesSettings for Phase 1 of protocol (IKE).
-
phase2Settings(optional):
object phase2Settings
Additional Properties Allowed: additionalPropertiesSettings for Phase 2 of protocol (IPSEC).
-
psk(optional):
string
The pre-shared VPN key.
-
reachable_routes(optional):
array reachable_routes
List of subnets (CIDR prefixes) that are reachable through this VPN tunnel.
-
tags(optional):
array tags
Tags associated with the object.
-
tunnelStatus(optional):
string
Current status of the tunnel. The tunnel can be in one of the following states:
* PENDING: indicates that your VPN connection is being set up.
* UP: indicates that your VPN connection is established.
* DOWN: indicates that your VPN connection is down.
* ERROR: indicates that your VPN connection is in the error state.
-
uri(optional):
string
Uniform Resource Identifier.
-
vnicSets(optional):
array vnicSets
Comma-separated list of vNIC sets. Traffic is allowed to and from these vNIC sets to the cloud gateway's vNIC set.
object
object
array
array
object
object
Examples
cURL Command
The following example shows how to update a VPN connection, /Compute-acme/jack.jones@example.com/vpnconnection1
, by submitting a PUT request on the REST resource using cURL. For more information about cURL, see Use cURL.
Enter the command on a single line. Line breaks are used in this example for readability.
curl -i -X PUT -H "Cookie: $COMPUTE_COOKIE" -H "Content-Type: application/oracle-compute-v3+json" -H "Accept: application/oracle-compute-v3+json" -d "@vpnconnection.json" https://api-z999.compute.us0.oraclecloud.com/vpnendpoint/v2/Compute-acme/jack.jones@example.com/vpnconnection1
-
COMPUTE_COOKIE
is the name of the variable in which you stored the authentication cookie earlier. For information about retrieving the authentication cookie and storing it in a variable, see Authentication. -
api-z999.compute.us0.oraclecloud.com
is an example REST endpoint URL. Change this value to the REST endpoint URL of your Compute Classic site. For information about finding out REST endpoint URL for your site, see Send Requests. -
acme
andjack.jones@example.com
are example values. Replaceacme
with the identity domain ID of your Compute Classic account, andjack.jones@example.com
with your user name. -
After creating the request body JSON file, you should validate it. You can do this by using a third-party tool, such as JSONLint, or any other validation tool of your choice. If your JSON format isn???t valid, then an error message is displayed when you pass the request body.
Example of Request Body
The following shows an example of the request body content in the requestbody.json
file to update the values for psk
and reachable_routes
. Although you can update only these two parameters, you have to specify the current values for all the existing parameters.
{ "psk": "./updated_psk", "name": "/Compute-acme/jack.jones@example.com/vpnconnection1", "customer_vpn_gateway": "172.16.254.1", "ipNetwork": "/Compute-acme/jack.jones@example.com/ipnet1", "reachable_routes": [ "10.2.3.0/24", "10.3.2.0/24" ], "pfsFlag": false, "phase1Settings": { "dhGroup": "group2", "encryption": "aes128", "hash": "sha1" }, "phase2Settings": { "encryption": "aes256", "hash": "md5" }, "vnicSets": [ "/Compute-acme/jack.jones@example.com/vnicset1" ] }
Example of Response Body
The following example shows the response body in JSON format when you update a VPN connection.
{ "uri": "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/vpnendpoint/Compute-acme/jack.jones@example.com/vpnconnection1", "tunnelStatus": "UP", "psk": "*******", "name": "/Compute-acme/jack.jones@example.com/vpnconnection1", "reachable_routes": [ "10.1.2.0/24", "10.1.3.0/24", "10.1.4.0/24" ], "pfsFlag": false, "phase1Settings": { "dhGroup": "group2", "encryption": "aes128", "hash": "sha1" }, "phase2Settings": { "encryption": "aes256", "hash": "md5" }, "vnicSets": [ "/Compute-acme/jack.jones@example.com/vnicset1" ], "customer_vpn_gateway": "172.16.254.1", "ikeIdentifier": "10.14.15.16", "ipNetwork": "/Compute-acme/jack.jones@example.com/ipnet1" }