From 16227a8bc4da68b1e52b45ca1c6c60218e427f5c Mon Sep 17 00:00:00 2001 From: Nilambari Date: Thu, 1 Feb 2018 11:59:18 -0800 Subject: [PATCH 1/4] 1443089: Network feature: Setting custom ipsec policy for Virtual Network Gateway P2S clients. --- .../2018-02-01/virtualNetworkGateway.json | 243 +++++++++++++++++- 1 file changed, 239 insertions(+), 4 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json index 35843ffd63c6..28b3e3300306 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json @@ -675,6 +675,98 @@ "x-ms-long-running-operation": true } }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/setvpnclientipsecparameters": { + "post": { + "tags": [ + "VirtualNetworkGateways" + ], + "operationId": "VirtualNetworkGateways_SetVpnclientIpsecParameters", + "description": "The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.", + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group." + }, + { + "name": "virtualNetworkGatewayName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the virtual network gateway." + }, + { + "name": "vpnclientIpsecParams", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/VpnClientIPsecParameters" + }, + "description": "Parameters supplied to the Begin Set vpnclient ipsec parameters of Virtual Network Gateway P2S client operation through Network resource provider." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "202": { + "description": "Accepted and the operation will complete asynchronously." + }, + "200": { + "description": "Request successful. The operation sets the specificed vpnclient ipsec parameters for P2S client of the virtual network gateway.", + "schema": { + "$ref": "#/definitions/VpnClientIPsecParameters" + } + } + }, + "x-ms-long-running-operation": true + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/getvpnclientipsecparameters": { + "post": { + "tags": [ + "VirtualNetworkGateways" + ], + "operationId": "VirtualNetworkGateways_GetVpnclientIpsecParameters", + "description": "The Get VpnclientIpsecParameters operation retrieves information about the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.", + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group." + }, + { + "name": "virtualNetworkGatewayName", + "in": "path", + "required": true, + "type": "string", + "description": "The virtual network gateway name." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Request successful. The operation returns the set vpnclient ipsec parameters for P2S client of VirtualNetworkGateway resource.", + "schema": { + "$ref": "#/definitions/VpnClientIPsecParameters" + } + } + }, + "x-ms-long-running-operation": true + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/connections/{virtualNetworkGatewayConnectionName}/vpndeviceconfigurationscript": { "post": { "tags": [ @@ -1547,6 +1639,13 @@ }, "description": "VpnClientProtocols for Virtual network gateway." }, + "vpnClientIpsecPolicies": { + "type": "array", + "items": { + "$ref": "#/definitions/IpsecPolicy" + }, + "description": "VpnClientIpsecPolicies for virtual network gateway P2S client." + }, "radiusServerAddress": { "type": "string", "description": "The radius server address property of the VirtualNetworkGateway resource for vpn client connection." @@ -2099,7 +2198,9 @@ "DES3", "AES128", "AES192", - "AES256" + "AES256", + "GCMAES256", + "GCMAES128" ], "x-ms-enum": { "name": "IkeEncryption", @@ -2113,7 +2214,9 @@ "MD5", "SHA1", "SHA256", - "SHA384" + "SHA384", + "GCMAES256", + "GCMAES128" ], "x-ms-enum": { "name": "IkeIntegrity", @@ -2140,7 +2243,7 @@ }, "pfsGroup": { "type": "string", - "description": "The DH Groups used in IKE Phase 2 for new child SA.", + "description": "The Pfs Groups used in IKE Phase 2 for new child SA.", "enum": [ "None", "PFS1", @@ -2148,7 +2251,9 @@ "PFS2048", "ECP256", "ECP384", - "PFS24" + "PFS24", + "PFS14", + "PFSMM" ], "x-ms-enum": { "name": "PfsGroup", @@ -2168,6 +2273,136 @@ ], "description": "An IPSec Policy configuration for a virtual network gateway connection" }, + "VpnClientIPsecParameters": { + "properties": { + "saLifeTimeSeconds": { + "type": "integer", + "format": "int32", + "description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client." + }, + "saDataSizeKilobytes": { + "type": "integer", + "format": "int32", + "description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client.." + }, + "ipsecEncryption": { + "type": "string", + "description": "The IPSec encryption algorithm (IKE phase 1).", + "enum": [ + "None", + "DES", + "DES3", + "AES128", + "AES192", + "AES256", + "GCMAES128", + "GCMAES192", + "GCMAES256" + ], + "x-ms-enum": { + "name": "IpsecEncryption", + "modelAsString": true + } + }, + "ipsecIntegrity": { + "type": "string", + "description": "The IPSec integrity algorithm (IKE phase 1).", + "enum": [ + "MD5", + "SHA1", + "SHA256", + "GCMAES128", + "GCMAES192", + "GCMAES256" + ], + "x-ms-enum": { + "name": "IpsecIntegrity", + "modelAsString": true + } + }, + "ikeEncryption": { + "type": "string", + "description": "The IKE encryption algorithm (IKE phase 2).", + "enum": [ + "DES", + "DES3", + "AES128", + "AES192", + "AES256", + "GCMAES256", + "GCMAES128" + ], + "x-ms-enum": { + "name": "IkeEncryption", + "modelAsString": true + } + }, + "ikeIntegrity": { + "type": "string", + "description": "The IKE integrity algorithm (IKE phase 2).", + "enum": [ + "MD5", + "SHA1", + "SHA256", + "SHA384", + "GCMAES256", + "GCMAES128" + ], + "x-ms-enum": { + "name": "IkeIntegrity", + "modelAsString": true + } + }, + "dhGroup": { + "type": "string", + "description": "The DH Groups used in IKE Phase 1 for initial SA.", + "enum": [ + "None", + "DHGroup1", + "DHGroup2", + "DHGroup14", + "DHGroup2048", + "ECP256", + "ECP384", + "DHGroup24" + ], + "x-ms-enum": { + "name": "DhGroup", + "modelAsString": true + } + }, + "pfsGroup": { + "type": "string", + "description": "The Pfs Groups used in IKE Phase 2 for new child SA.", + "enum": [ + "None", + "PFS1", + "PFS2", + "PFS2048", + "ECP256", + "ECP384", + "PFS24", + "PFS14", + "PFSMM" + ], + "x-ms-enum": { + "name": "PfsGroup", + "modelAsString": true + } + } + }, + "required": [ + "saLifeTimeSeconds", + "saDataSizeKilobytes", + "ipsecEncryption", + "ipsecIntegrity", + "ikeEncryption", + "ikeIntegrity", + "dhGroup", + "pfsGroup" + ], + "description": "An IPSec parameters for a virtual network gateway P2S connection." + }, "LocalNetworkGatewayPropertiesFormat": { "properties": { "localNetworkAddressSpace": { From c8f70f465bbecfb640f462ef119af5be92796a2e Mon Sep 17 00:00:00 2001 From: Nilambari Date: Thu, 1 Feb 2018 12:20:06 -0800 Subject: [PATCH 2/4] 1443089:Fix network ReadMe file. --- .../network/resource-manager/readme.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/specification/network/resource-manager/readme.md b/specification/network/resource-manager/readme.md index 1ab2cee02764..c4b117b5f630 100644 --- a/specification/network/resource-manager/readme.md +++ b/specification/network/resource-manager/readme.md @@ -40,24 +40,24 @@ These settings apply only when `--tag=package-2018-02` is specified on the comma input-file: - Microsoft.Network/2018-02-01/applicationGateway.json - Microsoft.Network/2018-02-01/applicationSecurityGroup.json -- Microsoft.Network/2018-02-01/checkDnsAvailability.json -- Microsoft.Network/2018-02-01/endpointService.json -- Microsoft.Network/2018-02-01/expressRouteCircuit.json -- Microsoft.Network/2018-02-01/loadBalancer.json -- Microsoft.Network/2018-02-01/network.json -- Microsoft.Network/2018-02-01/networkInterface.json -- Microsoft.Network/2018-02-01/networkSecurityGroup.json -- Microsoft.Network/2018-02-01/networkWatcher.json -- Microsoft.Network/2018-02-01/operation.json -- Microsoft.Network/2018-02-01/publicIpAddress.json -- Microsoft.Network/2018-02-01/routeFilter.json -- Microsoft.Network/2018-02-01/routeTable.json -- Microsoft.Network/2018-02-01/serviceCommunity.json -- Microsoft.Network/2018-02-01/usage.json -- Microsoft.Network/2018-02-01/virtualNetwork.json -- Microsoft.Network/2018-02-01/virtualNetworkGateway.json -- Microsoft.Network/2018-02-01/vmssNetworkInterface.json -- Microsoft.Network/2018-02-01/vmssPublicIpAddress.json +- Microsoft.Network/stable/2018-02-01/checkDnsAvailability.json +- Microsoft.Network/stable/2018-02-01/endpointService.json +- Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json +- Microsoft.Network/stable/2018-02-01/loadBalancer.json +- Microsoft.Network/stable/2018-02-01/network.json +- Microsoft.Network/stable/2018-02-01/networkInterface.json +- Microsoft.Network/stable/2018-02-01/networkSecurityGroup.json +- Microsoft.Network/stable/2018-02-01/networkWatcher.json +- Microsoft.Network/stable/2018-02-01/operation.json +- Microsoft.Network/stable/2018-02-01/publicIpAddress.json +- Microsoft.Network/stable/2018-02-01/routeFilter.json +- Microsoft.Network/stable/2018-02-01/routeTable.json +- Microsoft.Network/stable/2018-02-01/serviceCommunity.json +- Microsoft.Network/stable/2018-02-01/usage.json +- Microsoft.Network/stable/2018-02-01/virtualNetwork.json +- Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json +- Microsoft.Network/stable/2018-02-01/vmssNetworkInterface.json +- Microsoft.Network/stable/2018-02-01/vmssPublicIpAddress.json ``` ### Tag: package-2018-01 From 2e5bc0a598a031701ee6b276c198f2ad4499af81 Mon Sep 17 00:00:00 2001 From: Nilambari Date: Thu, 1 Feb 2018 12:23:01 -0800 Subject: [PATCH 3/4] 1443089:Fix network ReadMe file. --- specification/network/resource-manager/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/network/resource-manager/readme.md b/specification/network/resource-manager/readme.md index c4b117b5f630..756f65f15292 100644 --- a/specification/network/resource-manager/readme.md +++ b/specification/network/resource-manager/readme.md @@ -38,8 +38,8 @@ These settings apply only when `--tag=package-2018-02` is specified on the comma ``` yaml $(tag) == 'package-2018-02' input-file: -- Microsoft.Network/2018-02-01/applicationGateway.json -- Microsoft.Network/2018-02-01/applicationSecurityGroup.json +- Microsoft.Network/stable/2018-02-01/applicationGateway.json +- Microsoft.Network/stable/2018-02-01/applicationSecurityGroup.json - Microsoft.Network/stable/2018-02-01/checkDnsAvailability.json - Microsoft.Network/stable/2018-02-01/endpointService.json - Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json From 310a05f865eb292eb3f567088cc1fe7378c502cd Mon Sep 17 00:00:00 2001 From: Nilambari Date: Thu, 1 Feb 2018 13:52:54 -0800 Subject: [PATCH 4/4] Temporary bug fix --- .../stable/2018-02-01/expressRouteCircuit.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json b/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json index a939a68c6d08..4cfe0d70afd4 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json @@ -1482,8 +1482,10 @@ "type": "string", "description": "Express Route Circuit Connection State. Possible values are: 'Connected' and 'Disconnected'.", "enum": [ + "Unknown", "Connected", - "Disconnected" + "Disconnected", + "Degraded" ], "readOnly": true, "x-ms-enum": {