Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network feature: Setting custom ipsec policy for Virtual Network Gateway P2S clients. #2341

Closed
wants to merge 6 commits into from
Closed

Network feature: Setting custom ipsec policy for Virtual Network Gateway P2S clients. #2341

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
fd1bb5f
#1443089: copied files from 2017-11-01
Nilambari Jan 26, 2018
ef9ffa4
#1443089: Update version to 2018-01-01 in the new folder
Nilambari Jan 26, 2018
c590908
#1443089: [Network-2018-01-01] Add new field vpnclientIpsecParameters…
Nilambari Jan 26, 2018
8414f44
#1443089: [Network-2018-01-01] Update version to 2018-01-01 in the re…
Nilambari Jan 26, 2018
d6c9c0b
#1443089: Incorporate code review comments
Nilambari Jan 26, 2018
dd39735
#1443089: Fix identation
Nilambari Jan 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
244 changes: 239 additions & 5 deletions ...n/network/resource-manager/Microsoft.Network/stable/2018-01-01/virtualNetworkGateway.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -675,7 +675,98 @@
"x-ms-long-running-operation": true
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/connections/{virtualNetworkGatewayConnectionName}/vpndeviceconfigurationscript": {
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/setvpnclientipsecparameters": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix indentation

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

"post": {
"tags": [
"VirtualNetworkGateways"
],
"operationId": "VirtualNetworkGateways_SetVpnclientIpsecParameters",
"description": "The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.",
"parameters": [
{
"name": "resourceGroupName",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the resource group."
},
{
"name": "virtualNetworkGatewayName",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the virtual network gateway."
},
{
"name": "vpnclientIpsecParams",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/VpnClientIPsecParameters"
},
"description": "Parameters supplied to the Begin Set vpnclient ipsec parameters of Virtual Network Gateway P2S client operation through Network resource provider."
},
{
"$ref": "#/parameters/ApiVersionParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
}
],
"responses": {
"202": {
"description": "Accepted and the operation will complete asynchronously."
},
"200": {
"description": "Request successful. The operation sets the specificed vpnclient ipsec parameters for P2S client of the virtual network gateway.",
"schema": {
"$ref": "#/definitions/VpnClientIPsecParameters"
}
}
},
"x-ms-long-running-operation": true
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/getvpnclientipsecparameters": {
"post": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You mean GET? please confirm..

Copy link
Member

@anuchandy anuchandy Jan 26, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or is this operation a Long Running get (expressed via POST)? if so annotate it accordingly

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it’s a LRO POST. Annotated accordingly.

"tags": [
"VirtualNetworkGateways"
],
"operationId": "VirtualNetworkGateways_GetVpnclientIpsecParameters",
"description": "The Get VpnclientIpsecParameters operation retrieves information about the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.",
"parameters": [
{
"name": "resourceGroupName",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the resource group."
},
{
"name": "virtualNetworkGatewayName",
"in": "path",
"required": true,
"type": "string",
"description": "The virtual network gateway name."
},
{
"$ref": "#/parameters/ApiVersionParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
}
],
"responses": {
"200": {
"description": "Request successful. The operation returns the set vpnclient ipsec parameters for P2S client of VirtualNetworkGateway resource.",
"schema": {
"$ref": "#/definitions/VpnClientIPsecParameters"
}
}
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/connections/{virtualNetworkGatewayConnectionName}/vpndeviceconfigurationscript": {
"post": {
"tags": [
"VirtualNetworkGateways"
Expand Down Expand Up @@ -1547,6 +1638,13 @@
},
"description": "VpnClientProtocols for Virtual network gateway."
},
"vpnClientIpsecPolicies": {
"type": "array",
"items": {
"$ref": "#/definitions/IpsecPolicy"
},
"description": "VpnClientIpsecPolicies for virtual network gateway P2S client."
},
"radiusServerAddress": {
"type": "string",
"description": "The radius server address property of the VirtualNetworkGateway resource for vpn client connection."
Expand Down Expand Up @@ -2099,7 +2197,9 @@
"DES3",
"AES128",
"AES192",
"AES256"
"AES256",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeEncryption",
Expand All @@ -2113,7 +2213,9 @@
"MD5",
"SHA1",
"SHA256",
"SHA384"
"SHA384",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeIntegrity",
Expand All @@ -2140,15 +2242,17 @@
},
"pfsGroup": {
"type": "string",
"description": "The DH Groups used in IKE Phase 2 for new child SA.",
"description": "The Pfs Groups used in IKE Phase 2 for new child SA.",
"enum": [
"None",
"PFS1",
"PFS2",
"PFS2048",
"ECP256",
"ECP384",
"PFS24"
"PFS24",
"PFS14",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix the indentation

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

"PFSMM"
],
"x-ms-enum": {
"name": "PfsGroup",
Expand All @@ -2168,6 +2272,136 @@
],
"description": "An IPSec Policy configuration for a virtual network gateway connection"
},
"VpnClientIPsecParameters": {
"properties": {
"saLifeTimeSeconds": {
"type": "integer",
"format": "int32",
"description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client."
},
"saDataSizeKilobytes": {
"type": "integer",
"format": "int32",
"description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client.."
},
"ipsecEncryption": {
"type": "string",
"description": "The IPSec encryption algorithm (IKE phase 1).",
"enum": [
"None",
"DES",
"DES3",
"AES128",
"AES192",
"AES256",
"GCMAES128",
"GCMAES192",
"GCMAES256"
],
"x-ms-enum": {
"name": "IpsecEncryption",
"modelAsString": true
}
},
"ipsecIntegrity": {
"type": "string",
"description": "The IPSec integrity algorithm (IKE phase 1).",
"enum": [
"MD5",
"SHA1",
"SHA256",
"GCMAES128",
"GCMAES192",
"GCMAES256"
],
"x-ms-enum": {
"name": "IpsecIntegrity",
"modelAsString": true
}
},
"ikeEncryption": {
"type": "string",
"description": "The IKE encryption algorithm (IKE phase 2).",
"enum": [
"DES",
"DES3",
"AES128",
"AES192",
"AES256",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeEncryption",
"modelAsString": true
}
},
"ikeIntegrity": {
"type": "string",
"description": "The IKE integrity algorithm (IKE phase 2).",
"enum": [
"MD5",
"SHA1",
"SHA256",
"SHA384",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeIntegrity",
"modelAsString": true
}
},
"dhGroup": {
"type": "string",
"description": "The DH Groups used in IKE Phase 1 for initial SA.",
"enum": [
"None",
"DHGroup1",
"DHGroup2",
"DHGroup14",
"DHGroup2048",
"ECP256",
"ECP384",
"DHGroup24"
],
"x-ms-enum": {
"name": "DhGroup",
"modelAsString": true
}
},
"pfsGroup": {
"type": "string",
"description": "The Pfs Groups used in IKE Phase 2 for new child SA.",
"enum": [
"None",
"PFS1",
"PFS2",
"PFS2048",
"ECP256",
"ECP384",
"PFS24",
"PFS14",
"PFSMM"
],
"x-ms-enum": {
"name": "PfsGroup",
"modelAsString": true
}
}
},
"required": [
"saLifeTimeSeconds",
"saDataSizeKilobytes",
"ipsecEncryption",
"ipsecIntegrity",
"ikeEncryption",
"ikeIntegrity",
"dhGroup",
"pfsGroup"
],
"description": "An IPSec parameters for a virtual network gateway P2S connection."
},
"LocalNetworkGatewayPropertiesFormat": {
"properties": {
"localNetworkAddressSpace": {
Expand Down