...
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: sdewan.akraino.org/v1alpha1
kind: IPSecSite
metadata:
name: siteA
spec:
node: node1
gateway: 10.0.1.2
pre_shared_key: test123
authentication_method: psk
local_identifier: C=CH, O=strongSwan, CN=peer
remote_identifier: C=CH, O=strongSwan, CN=peerB
crypto_proposal: proposal1
force_crypto_proposal: true
connections:
- name: connA
type: tunnel/transport
mode: start
local_subnet: 192.168.1.1/24
local_nat:
local_sourceip: 10.0.1.1
local_updown:
local_firewall:
remote_subnet: 192.168.0.1/24
remote_sourceip: 10.0.1.2
remote_updown:
remote_firewall:
crypto_proposal: proposal2
proposals:
- name: proposal1:
encryption_algorithm: aes128
hash_algorithm: sha256
dh_group: modp3072
- name: proposal2:
encryption_algorithm: aes128
hash_algorithm: sha128
dh_group: modp3072 |
...
- Normal response codes: 200
Response Parameters
Name
In
Type
Description
proposals body array a dict of defined proposals Response Example
{
"proposals": [{
"name": "proposal1": {,
"encryption_algorithm": "aes128",
"hash_algorithm": "sha256",
"dh_group": "modp3072"
}
}]
}
GET /cgi-bin/luci/sdewan/ipsec/v1/proposal/{proposal}
...
- Normal response codes: 200
Response Parameters
Name
In
Type
Description
sites body array a list of defined sites Response Example
{
"sites": {["site1": { "nodename": "nodeAsite1",
"gateway":"10.0.1.2",
"authentication_method": "psk",
"crypto_proposal": "proposal1",
"connections": [
{
"name": "connA"
"type": "tunnel"
"local_subnet": "192.168.1.1/24",
"remote_subnet": "192.168.0.1/24",
"crypto_proposal": "proposal1"
}
]
}
}]
}
GET /cgi-bin/luci/sdewan/ipsec/v1/site/{site}
...
- Normal response codes: 200
- Error response code: 404
Response Parameters
nodeName
In
Type
Required Description
bodyname
identifier for CNFbody string Y Site name gateway body string authentication_method body string local_identifier body string remote_identifier body string crypto_proposal body string proposal names used for ike process force_crypto_proposal body boolean connection body list list of connectionArray connectionArray:
Name In Type Description name body string type body string "tunnel" or "transport" mode body string local_subnet body string local_nat body string local_sourceip body string local_updown body string local_firewall body string firewall rule? remote_subnet body string remote_sourceip body string remote_updown body string remote_firewall body string crypto_proposal body string Response Example
{
"node": "node1",
"gateway":"10.1.0.2",
"crypto_proposal": "proposal1"
"connections": [
{
"name": "site_to_site",
"type": "tunnel",
"local_subnet":
"remote_subnet":
"crypto_proposal": "proposal2"
}
]
}
POST /cgi-bin/luci/sdewan/ipsec/v1/site
create a new site
Request:
Request Parameters: same with GET's response request
Name
In
Type
Description
<site_name> body siteArray site info siteArray:
Name
In
Type
Description
node body string identifier for CNF gateway body string
certY The corresponding responder pre_shared_key body string N Optional, only if using the PSK authentication mode local_public_
stringcert body string N Optional, only if using the public key authentication mode. Public key used for auth. local_private_cert body string N Optional, only if using the public key authentication mode. Private key used for auth. shared_ca body string N Optional, only if using the public key authentication mode. CA information authentication_method body string Y Either 'psk' or 'pubkey' as the authentication method. local_identifier body string N The identifier for localhost remote_identifier body string N The identifier for remote counter party crypto_proposal body list string one/more crypto_proposals
one/more connectionArrayY Proposal names used for ike process force_crypto_proposal body boolean N The flag on forcing the proposal or not connection body list Y List of connectionArray connectionArray:
connectionName In Type Required Description name body string
stringY Connection name type body string Y Type of connection. Either "tunnel" or "transport" mode body string Y Mode used for connection. Either 'add', 'route' or 'start' local_subnet body string N Defines the local subnet. local_nat body string N Defines the local nat, if exists, replace the local_subnet local_sourceip body string N Defines the local source ip local_updown body string local_firewall body string
proposalN Defines the local iptable rules. local_firewall body string N Flag used to determine whether to enable the local firewall rules or not remote_subnet body string N Defines the subnet of the counter party remote_sourceip body string N Defines the source ip of the counter party remote_updown body string N Defines the iptable rules applied for the counter party remote_firewall body string N Flag used to determine whether to enable the remote firewall rules or not crypto_
bodyproposal body
stringstring
espN Crypto proposal used for ESP Request Response Example:
{ "siteA":
node{
"
node1name": "
site1",
"gateway":"10.1.0.2",
"crypto_proposal": "proposal1"
"connections": [
{
"name": "site_to_site",
"type": "tunnel",
"local_subnet":
"remote_subnet":
"crypto_proposal": "proposal2"
}
]
}
}
}
POST /cgi-bin/luci/sdewan/ipsec/v1/site
create a new site
Request:
Request Parameters: same with GET's response request
Response
- Normal response codes: 201
- Error response codes: 400, 401
...
Request Parameters:
Name
In
Type
Description
site path string remote site name other params body Same with Get's response - Request Example
{
"gateway": "10.1.0.2",
"nodename": "nodeAsite1",
"crypto_proposal": "proposal1"
"connections": [
{
"name": "site_to_site",
"type": "tunnel"
"local_subnet":
"remote_subnet":
"crypto_proposal": "proposal1"
}
}
...