-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Network feature: Setting custom ipsec policy for Virtual Network Gateway P2S clients. #2341
Changes from 1 commit
fd1bb5f
ef9ffa4
c590908
8414f44
d6c9c0b
dd39735
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -675,7 +675,98 @@ | |
"x-ms-long-running-operation": true | ||
} | ||
}, | ||
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/connections/{virtualNetworkGatewayConnectionName}/vpndeviceconfigurationscript": { | ||
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/setvpnclientipsecparameters": { | ||
"post": { | ||
"tags": [ | ||
"VirtualNetworkGateways" | ||
], | ||
"operationId": "VirtualNetworkGateways_SetVpnclientIpsecParameters", | ||
"description": "The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.", | ||
"parameters": [ | ||
{ | ||
"name": "resourceGroupName", | ||
"in": "path", | ||
"required": true, | ||
"type": "string", | ||
"description": "The name of the resource group." | ||
}, | ||
{ | ||
"name": "virtualNetworkGatewayName", | ||
"in": "path", | ||
"required": true, | ||
"type": "string", | ||
"description": "The name of the virtual network gateway." | ||
}, | ||
{ | ||
"name": "vpnclientIpsecParams", | ||
"in": "body", | ||
"required": true, | ||
"schema": { | ||
"$ref": "#/definitions/VpnClientIPsecParameters" | ||
}, | ||
"description": "Parameters supplied to the Begin Set vpnclient ipsec parameters of Virtual Network Gateway P2S client operation through Network resource provider." | ||
}, | ||
{ | ||
"$ref": "#/parameters/ApiVersionParameter" | ||
}, | ||
{ | ||
"$ref": "#/parameters/SubscriptionIdParameter" | ||
} | ||
], | ||
"responses": { | ||
"202": { | ||
"description": "Accepted and the operation will complete asynchronously." | ||
}, | ||
"200": { | ||
"description": "Request successful. The operation sets the specificed vpnclient ipsec parameters for P2S client of the virtual network gateway.", | ||
"schema": { | ||
"$ref": "#/definitions/VpnClientIPsecParameters" | ||
} | ||
} | ||
}, | ||
"x-ms-long-running-operation": true | ||
} | ||
}, | ||
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/getvpnclientipsecparameters": { | ||
"post": { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You mean There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Or is this operation a Long Running get (expressed via POST)? if so annotate it accordingly There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, it’s a LRO POST. Annotated accordingly. |
||
"tags": [ | ||
"VirtualNetworkGateways" | ||
], | ||
"operationId": "VirtualNetworkGateways_GetVpnclientIpsecParameters", | ||
"description": "The Get VpnclientIpsecParameters operation retrieves information about the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.", | ||
"parameters": [ | ||
{ | ||
"name": "resourceGroupName", | ||
"in": "path", | ||
"required": true, | ||
"type": "string", | ||
"description": "The name of the resource group." | ||
}, | ||
{ | ||
"name": "virtualNetworkGatewayName", | ||
"in": "path", | ||
"required": true, | ||
"type": "string", | ||
"description": "The virtual network gateway name." | ||
}, | ||
{ | ||
"$ref": "#/parameters/ApiVersionParameter" | ||
}, | ||
{ | ||
"$ref": "#/parameters/SubscriptionIdParameter" | ||
} | ||
], | ||
"responses": { | ||
"200": { | ||
"description": "Request successful. The operation returns the set vpnclient ipsec parameters for P2S client of VirtualNetworkGateway resource.", | ||
"schema": { | ||
"$ref": "#/definitions/VpnClientIPsecParameters" | ||
} | ||
} | ||
} | ||
} | ||
}, | ||
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/connections/{virtualNetworkGatewayConnectionName}/vpndeviceconfigurationscript": { | ||
"post": { | ||
"tags": [ | ||
"VirtualNetworkGateways" | ||
|
@@ -1547,6 +1638,13 @@ | |
}, | ||
"description": "VpnClientProtocols for Virtual network gateway." | ||
}, | ||
"vpnClientIpsecPolicies": { | ||
"type": "array", | ||
"items": { | ||
"$ref": "#/definitions/IpsecPolicy" | ||
}, | ||
"description": "VpnClientIpsecPolicies for virtual network gateway P2S client." | ||
}, | ||
"radiusServerAddress": { | ||
"type": "string", | ||
"description": "The radius server address property of the VirtualNetworkGateway resource for vpn client connection." | ||
|
@@ -2099,7 +2197,9 @@ | |
"DES3", | ||
"AES128", | ||
"AES192", | ||
"AES256" | ||
"AES256", | ||
"GCMAES256", | ||
"GCMAES128" | ||
], | ||
"x-ms-enum": { | ||
"name": "IkeEncryption", | ||
|
@@ -2113,7 +2213,9 @@ | |
"MD5", | ||
"SHA1", | ||
"SHA256", | ||
"SHA384" | ||
"SHA384", | ||
"GCMAES256", | ||
"GCMAES128" | ||
], | ||
"x-ms-enum": { | ||
"name": "IkeIntegrity", | ||
|
@@ -2140,15 +2242,17 @@ | |
}, | ||
"pfsGroup": { | ||
"type": "string", | ||
"description": "The DH Groups used in IKE Phase 2 for new child SA.", | ||
"description": "The Pfs Groups used in IKE Phase 2 for new child SA.", | ||
"enum": [ | ||
"None", | ||
"PFS1", | ||
"PFS2", | ||
"PFS2048", | ||
"ECP256", | ||
"ECP384", | ||
"PFS24" | ||
"PFS24", | ||
"PFS14", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fix the indentation There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. |
||
"PFSMM" | ||
], | ||
"x-ms-enum": { | ||
"name": "PfsGroup", | ||
|
@@ -2168,6 +2272,136 @@ | |
], | ||
"description": "An IPSec Policy configuration for a virtual network gateway connection" | ||
}, | ||
"VpnClientIPsecParameters": { | ||
"properties": { | ||
"saLifeTimeSeconds": { | ||
"type": "integer", | ||
"format": "int32", | ||
"description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client." | ||
}, | ||
"saDataSizeKilobytes": { | ||
"type": "integer", | ||
"format": "int32", | ||
"description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client.." | ||
}, | ||
"ipsecEncryption": { | ||
"type": "string", | ||
"description": "The IPSec encryption algorithm (IKE phase 1).", | ||
"enum": [ | ||
"None", | ||
"DES", | ||
"DES3", | ||
"AES128", | ||
"AES192", | ||
"AES256", | ||
"GCMAES128", | ||
"GCMAES192", | ||
"GCMAES256" | ||
], | ||
"x-ms-enum": { | ||
"name": "IpsecEncryption", | ||
"modelAsString": true | ||
} | ||
}, | ||
"ipsecIntegrity": { | ||
"type": "string", | ||
"description": "The IPSec integrity algorithm (IKE phase 1).", | ||
"enum": [ | ||
"MD5", | ||
"SHA1", | ||
"SHA256", | ||
"GCMAES128", | ||
"GCMAES192", | ||
"GCMAES256" | ||
], | ||
"x-ms-enum": { | ||
"name": "IpsecIntegrity", | ||
"modelAsString": true | ||
} | ||
}, | ||
"ikeEncryption": { | ||
"type": "string", | ||
"description": "The IKE encryption algorithm (IKE phase 2).", | ||
"enum": [ | ||
"DES", | ||
"DES3", | ||
"AES128", | ||
"AES192", | ||
"AES256", | ||
"GCMAES256", | ||
"GCMAES128" | ||
], | ||
"x-ms-enum": { | ||
"name": "IkeEncryption", | ||
"modelAsString": true | ||
} | ||
}, | ||
"ikeIntegrity": { | ||
"type": "string", | ||
"description": "The IKE integrity algorithm (IKE phase 2).", | ||
"enum": [ | ||
"MD5", | ||
"SHA1", | ||
"SHA256", | ||
"SHA384", | ||
"GCMAES256", | ||
"GCMAES128" | ||
], | ||
"x-ms-enum": { | ||
"name": "IkeIntegrity", | ||
"modelAsString": true | ||
} | ||
}, | ||
"dhGroup": { | ||
"type": "string", | ||
"description": "The DH Groups used in IKE Phase 1 for initial SA.", | ||
"enum": [ | ||
"None", | ||
"DHGroup1", | ||
"DHGroup2", | ||
"DHGroup14", | ||
"DHGroup2048", | ||
"ECP256", | ||
"ECP384", | ||
"DHGroup24" | ||
], | ||
"x-ms-enum": { | ||
"name": "DhGroup", | ||
"modelAsString": true | ||
} | ||
}, | ||
"pfsGroup": { | ||
"type": "string", | ||
"description": "The Pfs Groups used in IKE Phase 2 for new child SA.", | ||
"enum": [ | ||
"None", | ||
"PFS1", | ||
"PFS2", | ||
"PFS2048", | ||
"ECP256", | ||
"ECP384", | ||
"PFS24", | ||
"PFS14", | ||
"PFSMM" | ||
], | ||
"x-ms-enum": { | ||
"name": "PfsGroup", | ||
"modelAsString": true | ||
} | ||
} | ||
}, | ||
"required": [ | ||
"saLifeTimeSeconds", | ||
"saDataSizeKilobytes", | ||
"ipsecEncryption", | ||
"ipsecIntegrity", | ||
"ikeEncryption", | ||
"ikeIntegrity", | ||
"dhGroup", | ||
"pfsGroup" | ||
], | ||
"description": "An IPSec parameters for a virtual network gateway P2S connection." | ||
}, | ||
"LocalNetworkGatewayPropertiesFormat": { | ||
"properties": { | ||
"localNetworkAddressSpace": { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix indentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.