A site-to-site VPN allows multiple sites to establish a secure connection over the public network. In our case, we are talking about a secure connection between your VPC and another network (e.g. VPC, offices).
curl -X GET \
-H "MC-Api-Key: your_api_key" \
"https://cloudmc_endpoint/api/v2/services/compute-on/test_area/sitetositevpns"The above command returns a JSON structured like this:
{
"data": [
{
"id": "d49b2922-0581-4587-94df-6fe719327d0f",
"name": "stargate",
"state": "Connected",
"vpcId": "3fe7d82a-f4c4-4552-ac3b-787fdafed4e7",
"gateway":"19.19.19.19",
"cidrList":"10.12.0.2/22,10.0.0.0/24",
"ipSecPsk": "WtOBS9GRux2XtJPtHY2TUvrv",
"ikeEncryptionAlgorithm": "aes256",
"ikeHashAlgorithm": "sha1",
"ikeDhGroup":"modp1536",
"ikeLifetime":86400,
"espEncryptionAlgorithm":"aes256",
"espHashAlgorithm":"sha1",
"espPerfectForwardSecrecy":"modp1536",
"espLifetime":3600,
"dpd": false,
"forceEncap": false
}
],
"metadata": {
"recordCount": 1
}
}GET /services/:service_code/:environment_name/sitetositevpns
Retrieve a list of all site-to-site VPNs in an environment.
| Attributes | |
|---|---|
idUUID |
The id of the site-to-site VPN |
namestring |
The name of the site-to-site VPN |
statestring |
The state of the site-to-site VPN. Can be Connected, Pending, Disconnected or Error. If disconnected, you can try to use the reset operation |
vpcIdUUID |
The VPC for which the site-to-site VPN was created. |
gatewaystring |
The gateway of the network you want to connect to. NOTE: you cannot use a gateway that has already been used by a site-to-site VPN in your environment |
cidrListstring |
Comma-separated list of CIDRs of the networks you want to connect to. |
ipSecPskstring |
IPSec pre-shared key. |
ikeEncryptionAlgorithmstring |
The Internet Key Exchange (IKE) policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. |
ikeHashAlgorithmstring |
The IKE hash for phase-1. The supported hash algorithms are SHA1 and MD5. |
ikeDhGroupstring |
A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The supported options are Group-5 (1536-bit) and Group-2 (1024-bit). |
ikeLifetimeinteger |
The phase-1 lifetime of the security association in seconds. |
espEncryptionAlgorithmstring |
Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. |
espHashAlgorithmstring |
Encapsulating Security Payload (ESP) hash for phase-2. Supported hash algorithms are SHA1 and MD5. |
espPerfectForwardSecrecystring |
Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised. The supported options are Group-5 (1536-bit) and Group-2 (1024-bit). |
espLifetimeinteger |
The phase-2 lifetime of the security association in seconds |
dpdboolean |
A method to detect an unavailable Internet Key Exchange (IKE) peer. |
forceEncapboolean |
Force encapsulation for NAT Traversal |
| Query Parameters | |
|---|---|
vpc_idUUID |
Filter the list to only retrieve the site-to-site VPNs of a VPC |
curl -X GET \
-H "MC-Api-Key: your_api_key" \
"https://cloudmc_endpoint/api/v2/services/compute-on/test_area/sitetositevpns/d49b2922-0581-4587-94df-6fe719327d0f"The above command returns a JSON structured like this:
{
"data": {
"id": "d49b2922-0581-4587-94df-6fe719327d0f",
"name": "stargate",
"state": "Connected",
"vpcId": "3fe7d82a-f4c4-4552-ac3b-787fdafed4e7",
"gateway":"19.19.19.19",
"cidrList":"10.12.0.2/22,10.0.0.0/24",
"ipSecPsk": "WtOBS9GRux2XtJPtHY2TUvrv",
"ikeEncryptionAlgorithm": "aes256",
"ikeHashAlgorithm": "sha1",
"ikeDhGroup":"modp1536",
"ikeLifetime":86400,
"espEncryptionAlgorithm":"aes256",
"espHashAlgorithm":"sha1",
"espPerfectForwardSecrecy":"modp1536",
"espLifetime":3600,
"dpd": false,
"forceEncap": false
}
}GET /services/:service_code/:environment_name/sitetositevpns/:id
Retrieve information about a site-to-site VPN.
| Attributes | |
|---|---|
idUUID |
The id of the site-to-site VPN |
namestring |
The name of the site-to-site VPN |
statestring |
The state of the site-to-site VPN. Can be Connected, Pending, Disconnected or Error. If disconnected, you can try to use the reset operation |
vpcIdUUID |
The VPC for which the site-to-site VPN was created. |
gatewaystring |
The gateway of the network you want to connect to. NOTE: you cannot use a gateway that has already been used by a site-to-site VPN in your environment |
cidrListstring |
Comma-separated list of CIDRs of the networks you want to connect to. |
ipSecPskstring |
IPSec pre-shared key. |
ikeEncryptionAlgorithmstring |
The Internet Key Exchange (IKE) policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. |
ikeHashAlgorithmstring |
The IKE hash for phase-1. The supported hash algorithms are SHA1 and MD5. |
ikeDhGroupstring |
A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The supported options are Group-5 (1536-bit) and Group-2 (1024-bit). |
ikeLifetimeinteger |
The phase-1 lifetime of the security association in seconds. |
espEncryptionAlgorithmstring |
Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. |
espHashAlgorithmstring |
Encapsulating Security Payload (ESP) hash for phase-2. Supported hash algorithms are SHA1 and MD5. |
espPerfectForwardSecrecystring |
Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised. The supported options are Group-5 (1536-bit) and Group-2 (1024-bit). |
espLifetimeinteger |
The phase-2 lifetime of the security association in seconds |
dpdboolean |
A method to detect an unavailable Internet Key Exchange (IKE) peer. |
forceEncapboolean |
Force encapsulation for NAT Traversal |
# Here is the absolute minimum information required to create a new site-to-site VPN:
curl -X POST \
-H "Content-Type: application/json" \
-H "MC-Api-Key: your_api_key" \
-d "request_body" \
"https://cloudmc_endpoint/api/v2/services/compute-on/test_area/sitetositevpns"Request body example:
{
"name": "stargate",
"vpcId": "3fe7d82a-f4c4-4552-ac3b-787fdafed4e7",
"gateway":"19.19.19.19",
"cidrList":"10.12.0.2/22,10.0.0.0/24",
"ipSecPsk": "WtOBS9GRux2XtJPtHY2TUvrv",
"ikeEncryptionAlgorithm": "aes256",
"ikeHashAlgorithm": "sha1",
"ikeDhGroup":"modp1536",
"ikeLifetime":86400,
"espEncryptionAlgorithm":"aes256",
"espHashAlgorithm":"sha1",
"espPerfectForwardSecrecy":"modp1536",
"espLifetime":3600,
"dpd": false,
"forceEncap": false
}POST /services/:service_code/:environment_name/sitetositevpns
Create a site-to-site VPN.
| Required | |
|---|---|
namestring |
The name of the site-to-site VPN. Must be unique in the environment. |
vpcIdUUID |
The VPC for which the site-to-site VPN was created. |
gatewaystring |
The gateway of the network you want to connect to. NOTE: you cannot use a gateway that has already been used by a site-to-site VPN in your environment |
cidrListstring |
Comma-separated list of CIDRs of the networks you want to connect to. |
ipSecPskstring |
IPSec pre-shared key. |
ikeEncryptionAlgorithmstring |
The Internet Key Exchange (IKE) policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. |
ikeHashAlgorithmstring |
The IKE hash for phase-1. The supported hash algorithms are SHA1 and MD5. |
ikeDhGroupstring |
A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The supported options are Group-5 (1536-bit) and Group-2 (1024-bit). |
ikeLifetimeinteger |
The phase-1 lifetime of the security association in seconds. |
espEncryptionAlgorithmstring |
Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. |
espHashAlgorithmstring |
Encapsulating Security Payload (ESP) hash for phase-2. Supported hash algorithms are SHA1 and MD5. |
espPerfectForwardSecrecystring |
Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised. The supported options are Group-5 (1536-bit) and Group-2 (1024-bit). |
espLifetimeinteger |
The phase-2 lifetime of the security association in seconds |
| Optional |
|---|
dpd
boolean | A method to detect an unavailable Internet Key Exchange (IKE) peer. Defaults to false
forceEncap
boolean | Force encapsulation for NAT Traversal. Defaults to false
# Here is the absolute minimum information required to update a site-to-site VPN:
curl -X PUT \
-H "Content-Type: application/json" \
-H "MC-Api-Key: your_api_key" \
-d "request_body" \
"https://cloudmc_endpoint/api/v2/services/compute-on/test_area/sitetositevpns/d49b2922-0581-4587-94df-6fe719327d0f"Request body example:
{
"name": "stargate",
"gateway":"19.19.19.19",
"cidrList":"10.12.0.2/22,10.0.0.0/24",
"ipSecPsk": "WtOBS9GRux2XtJPtHY2TUvrv",
"ikeEncryptionAlgorithm": "aes256",
"ikeHashAlgorithm": "sha1",
"ikeDhGroup":"modp1536",
"ikeLifetime":86400,
"espEncryptionAlgorithm":"aes256",
"espHashAlgorithm":"sha1",
"espPerfectForwardSecrecy":"modp1536",
"espLifetime":3600,
"dpd": false,
"forceEncap": false
}POST /services/:service_code/:environment_name/sitetositevpns/:id
Update a site-to-site VPN.
| Optional | |
|---|---|
namestring |
The name of the site-to-site VPN. Must be unique in the environment. |
gatewaystring |
The gateway of the network you want to connect to. NOTE: you cannot use a gateway that has already been used by a site-to-site VPN in your environment |
cidrListstring |
Comma-separated list of CIDRs of the networks you want to connect to. |
ipSecPskstring |
IPSec pre-shared key. |
ikeEncryptionAlgorithmstring |
The Internet Key Exchange (IKE) policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. |
ikeHashAlgorithmstring |
The IKE hash for phase-1. The supported hash algorithms are SHA1 and MD5. |
ikeDhGroupstring |
A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The supported options are Group-5 (1536-bit) and Group-2 (1024-bit). |
ikeLifetimeinteger |
The phase-1 lifetime of the security association in seconds. |
espEncryptionAlgorithmstring |
Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. |
espHashAlgorithmstring |
Encapsulating Security Payload (ESP) hash for phase-2. Supported hash algorithms are SHA1 and MD5. |
espPerfectForwardSecrecystring |
Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised. The supported options are Group-5 (1536-bit) and Group-2 (1024-bit). |
espLifetimeinteger |
The phase-2 lifetime of the security association in seconds |
dpdboolean |
A method to detect an unavailable Internet Key Exchange (IKE) peer. Defaults to false |
forceEncapboolean |
Force encapsulation for NAT Traversal. Defaults to false |
curl -X DELETE \
-H "MC-Api-Key: your_api_key" \
"https://cloudmc_endpoint/api/v2/services/compute-on/test_area/sitetositevpns/d49b2922-0581-4587-94df-6fe719327d0f"DELETE /services/:service_code/:environment_name/sitetositevpns/:id
Delete an existing site-to-site VPN.
curl -X POST \
-H "Content-Type: application/json" \
-H "MC-Api-Key: your_api_key" \
"https://cloudmc_endpoint/api/v2/services/compute-on/test_area/sitetositevpns/ca86b14f-20db-463d-b58a-9d3fa5959af2?operation=reset"POST /services/:service_code/:environment_name/sitetositevpns/:id?operation=reset
Reset a site-to-site VPN.