Documentação de APIs Server > IPSec > Conexões

Conexões

Esta é uma API de gerenciamento de conexões IPSec.

Listar conexões IPSec

API de listagem de conexões ipsec paginados. Ver documentação de paginação.

GET /api/ipsec/connections

GET /api/ipsec/connections?cursor=0&size=15

Exemplo de requisição

GET /api/ipsec/connections HTTP/1.1
Host: api.exemplo.com
Accept: application/json
Authorization: Bearer <Access-Token>

from itflex_sdk.ipsec.types import GetConnectionsPageRequest

request = GetConnectionsPageRequest(cursor=0, size=15)
pages = sdk.ipsec.get_connections_pages(request)

const pages = sdk.ipsec.getConnectionsPages();
const response = await pages.next();
console.log(response.payload);

Exemplo de resposta

HTTP/1.1 200 OK
Content-Type: application/json

{
  "cursor": {"current": 0, "next": null, "previous": null},
  "connections": [
    {
      "id": 1,
      "name": "scz_onco_es2",
      "description": "Túnel IPSEC",
      "auto": "add",
      "keying_tries": 0,
      "disable_arrival_check": false,
      "compress": false,
      "aggrmode": false,
      "cisco_unity": false,
      "mtu": 10,
      "psk": "iosdfa#@#24sadasdio34$#%$%%#2",
      "enabled": true,
      "dpd": {
        "enabled": true,
        "action": "restart",
        "delay": 10,
        "timeout": 20,
      },
      "phase1": {
        "ike_life_time": 3600,
        "encryption": "aes128",
        "authentication": "sha256",
        "dh_group": "modp1024",
      },
      "phase2": {
        "pfs": true,
        "key_life": 1800,
        "encryption": "aes128",
        "authentication": "sha256",
        "dh_group": "modp1024",
      },
      "network": {
        "local": "ipsec01.itflex.com.br",
        "local_subnets": [
          "10.41.0.0/16",
          "192.168.40.0/22",
          "192.168.196.0/22",
        ],
        "local_source_ip": "10.41.15.253",
        "local_id": "@10.41.15.253",
        "local_up_down": "ipsec _updown.netkey --route yes",
        "local_next_hop": "",
        "remote": "%any",
        "remote_subnets": [
          "10.9.0.0/16"
        ],
        "remote_source_ip": "10.9.0.1",
        "remote_id": "@10.9.0.1",
        "remote_next_hop": "",
      },
      "secret": {
        "custom_local": "",
        "custom_remote": "",
      },
      "vti": {
        "enabled": true,
        "mark": "12/0xffffff",
        "interface": "if000-wan0",
        "routing": true,
        "shared": false,
      },
      "created_at": "2017-10-05T12:20:02.932000+00:00",
      "updated_at": "2017-11-05T12:20:02.932000+00:00",
    },
  ],
}

page = pages.next()
page = pages.previous()

# retornar os itens de uma página
for ipsec in page.connections:
    print(ipsec)

# retornar os itens de todas as páginas
for page in pages:
    print(page)

[
  {
    id: 1,
    name: "scz_onco_es2",
    description: "Túnel IPSEC",
    auto: "add",
    keyingTries: 0,
    disableArrivalCheck: false,
    compress: false,
    aggrmode: false,
    ciscoUnity: false,
    mtu: 10,
    psk: "iosdfa#@#24sadasdio34$#%$%%#2",
    enabled: true,
    dpd: {
      enabled: true,
      action: "restart",
      delay: 10,
      timeout: 20
    },
    phase1: {
      ikeLifeTime: 3600,
      encryption: "aes128",
      authentication: "sha256",
      dhGroup: "modp1024"
    },
    phase2: {
      pfs: true,
      keyLife: 1800,
      encryption: "aes128",
      authentication: "sha256",
      dhGroup: "modp1024"
    },
    network: {
      local: "ipsec01.itflex.com.br",
      localSubnets: ["10.41.0.0/16", "192.168.40.0/22", "192.168.196.0/22"],
      localSourceIp: "10.41.15.253",
      localId: "@10.41.15.253",
      localUpDown: "ipsec _updown.netkey --route yes",
      localNextHop: "",
      remote: "%any",
      remoteSubnets: ["10.9.0.0/16"],
      remoteSourceIp: "10.9.0.1",
      remoteId: "@10.9.0.1",
      remoteNextHop: ""
    },
    secret: {
      customLeftId: "",
      customRightId: ""
    },
    vti: {
      enabled: true,
      mark: "12/0xffffff",
      interface: "if000-wan0",
      routing: true,
      shared: false
    },
    createdAt: "2017-10-05T12:20:02.932000+00:00",
    updatedAt: "2017-11-05T12:20:02.932000+00:00"
  }
];

Buscar conexão IPSec

API de busca conexão IPSec.

GET /api/ipsec/connections/<id>

Exemplo de requisição

GET /api/ipsec/connections/1 HTTP/1.1
Host: api.exemplo.com
Accept: application/json
Authorization: Bearer <Access-Token>

from itflex_sdk.ipsec.types import GetConnectionRequest

request = GetConnectionRequest(id=1)
response = sdk.ipsec.get_connection(request)

const response = await sdk.ipsec.getConnection({ id: 1 });
console.log(response.payload);

Exemplo de resposta

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 1,
  "name": "scz_onco_es2",
  "description": "Túnel IPSEC",
  "auto": "add",
  "keying_tries": 0,
  "disable_arrival_check": false,
  "compress": false,
  "aggrmode": false,
  "cisco_unity": false,
  "mtu": 10,
  "psk": "iosdfa#@#24sadasdio34$#%$%%#2",
  "enabled": true,
  "dpd": {
    "enabled": true,
    "action": "restart",
    "delay": 10,
    "timeout": 20,
  },
  "phase1": {
    "ike_life_time": 3600,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "phase2": {
    "pfs": true,
    "key_life": 1800,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "network": {
    "local": "ipsec01.itflex.com.br",
    "local_subnets": [
      "10.41.0.0/16",
      "192.168.40.0/22",
      "192.168.196.0/22",
    ],
    "local_source_ip": "10.41.15.253",
    "local_id": "@10.41.15.253",
    "local_up_down": "ipsec _updown.netkey --route yes",
    "local_next_hop": "",
    "remote": "%any",
    "remote_subnets": [
      "10.9.0.0/16"
    ],
    "remote_source_ip": "10.9.0.1",
    "remote_id": "@10.9.0.1",
    "remote_next_hop": "",
  },
  "secret": {
    "custom_local": "",
    "custom_remote": "",
  },
  "vti": {
    "enabled": true,
    "mark": "12/0xffffff",
    "interface": "if000-wan0",
    "routing": true,
    "shared": false,
  },
  "created_at": "2017-10-05T12:20:02.932000+00:00",
  "updated_at": "2017-11-05T12:20:02.932000+00:00",
}

if response.success:
    return response.connection

{
  id: 1,
  name: "scz_onco_es2",
  description: "Túnel IPSEC",
  auto: "add",
  keyingTries: 0,
  disableArrivalCheck: false,
  compress: false,
  aggrmode: false,
  ciscoUnity: false,
  mtu: 10,
  psk: "iosdfa#@#24sadasdio34$#%$%%#2",
  enabled: true,
  dpd: {
    enabled: true,
    action: "restart",
    delay: 10,
    timeout: 20
  },
  phase1: {
    ikeLifeTime: 3600,
    encryption: "aes128",
    authentication: "sha256",
    dhGroup: "modp1024"
  },
  phase2: {
    pfs: true,
    keyLife: 1800,
    encryption: "aes128",
    authentication: "sha256",
    dhGroup: "modp1024"
  },
  network: {
    local: "ipsec01.itflex.com.br",
    localSubnets: ["10.41.0.0/16", "192.168.40.0/22", "192.168.196.0/22"],
    localSourceIp: "10.41.15.253",
    localId: "@10.41.15.253",
    localUpDown: "ipsec _updown.netkey --route yes",
    localNextHop: "",
    remote: "%any",
    remoteSubnets: ["10.9.0.0/16"],
    remoteSourceIp: "10.9.0.1",
    remoteId: "@10.9.0.1",
    remoteNextHop: ""
  },
  secret: {
    customLeftId: "",
    customRightId: ""
  },
  vti: {
    enabled: true,
    mark: "12/0xffffff",
    interface: "if000-wan0",
    routing: true,
    shared: false
  },
  createdAt: "2017-10-05T12:20:02.932000+00:00",
  updatedAt: "2017-11-05T12:20:02.932000+00:00"
}

Cadastrar conexão IPSEc

API de cadastro de IPSec.

POST /api/ipsec/connections

Exemplo de requisição

POST /api/ipsec/connections HTTP/1.1
Host: api.exemplo.com
Accept: application/json
Authorization: Bearer <Access-Token>

{
  "apply": true,
  "name": "scz_onco_es2",
  "description": "Túnel IPSEC",
  "auto": "add",
  "keying_tries": 0,
  "disable_arrival_check": false,
  "compress": false,
  "aggrmode": false,
  "cisco_unity": false,
  "mtu": 10,
  "psk": "iosdfa#@#24sadasdio34$#%$%%#2",
  "enabled": true,
  "dpd": {
    "enabled": true,
    "action": "restart",
    "delay": 10,
    "timeout": 20,
  },
  "phase1": {
    "ike_life_time": 3600,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "phase2": {
    "pfs": true,
    "key_life": 1800,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "network": {
    "local": "ipsec01.itflex.com.br",
    "local_subnets": [
      "10.41.0.0/16",
      "192.168.40.0/22",
      "192.168.196.0/22",
    ],
    "local_source_ip": "10.41.15.253",
    "local_id": "@10.41.15.253",
    "local_up_down": "ipsec _updown.netkey --route yes",
    "local_next_hop": "",
    "remote": "%any",
    "remote_subnets": [
      "10.9.0.0/16"
    ],
    "remote_source_ip": "10.9.0.1",
    "remote_id": "@10.9.0.1",
    "remote_next_hop": "",
  },
  "secret": {
    "custom_local": "",
    "custom_remote": "",
  },
  "vti": {
    "enabled": true,
    "mark": "12/0xffffff",
    "interface": "if000-wan0",
    "routing": true,
    "shared": false,
  },
}

from itflex_sdk.ipsec.types import CreateConnectionRequest

request = CreateConnectionRequest(
    apply=True,
    name="scz_onco_es2",
    description="Túnel IPSEC",
    auto="add",
    keying_tries=0,
    disable_arrival_check=False,
    compress=False,
    aggrmode=False,
    cisco_unity=False,
    mtu=10,
    psk="iosdfa#@#24sadasdio34$#%$%%#2",
    enabled=True,
    dpd=Dpd(
      enabled=True,
      action="restart",
      delay=10,
      timeout=20,
    ),
    phase1=Phase1(
      ike_life_time=3600,
      encryption="aes128",
      authentication="sha256",
      dh_group="modp1024",
    ),
    phase2=Phase2(
      pfs=True,
      key_life=1800,
      encryption="aes128",
      authentication="sha256",
      dh_group="modp1024",
    ),
    network=Network(
      local="ipsec01.itflex.com.br",
      local_subnets=[
        "10.41.0.0/16",
        "192.168.40.0/22",
        "192.168.196.0/22",
      ],
      local_source_ip="10.41.15.253",
      local_id="@10.41.15.253",
      local_up_down="ipsec _updown.netkey --route yes",
      local_next_hop="",
      remote="%any",
      remote_subnets=[
        "10.9.0.0/16"
      ],
      remote_source_ip="10.9.0.1",
      remote_id="@10.9.0.1",
      remote_next_hop="",
    },
    secret=Secret(
      custom_local="",
      custom_remote="",
    ),
    vti=Vti(
      enabled=True,
      mark="12/0xffffff",
      interface="if000-wan0",
      routing=True,
      shared=False,
    ),
)
response = sdk.ipsec.create_connection(request)

const connection = sdk.ipsec.types.Connection();

connection.apply = true
connection.name = "scz_onco_es2"
connection.description = "Túnel IPSEC"
connection.auto = "add"
connection.keyingTries = 0
connection.disableArrivalCheck = false
connection.compress = false
connection.aggrmode = false
connection.ciscoUnity = false
connection.mtu = 10
connection.psk: "iosdfa#@#24sadasdio34$#%$%%#2",
connection.enabled: true,
connection.dpd={
  enabled: true,
  action: "restart",
  delay: 10,
  timeout: 20
}
connection.phase1 = {
  ikeLifeTime: 3600,
  encryption: "aes128",
  authentication: "sha256",
  dhGroup: "modp1024"
}
connection.phase2 = {
  pfs: true,
  keyLife: 1800,
  encryption: "aes128",
  authentication: "sha256",
  dhGroup: "modp1024"
}
connection.network = {
  local: "ipsec01.itflex.com.br",
  localSubnets: ["10.41.0.0/16", "192.168.40.0/22", "192.168.196.0/22"],
  localSourceIp: "10.41.15.253",
  localId: "@10.41.15.253",
  localUpDown: "ipsec _updown.netkey --route yes",
  localNextHop: "",
  remote: "%any",
  remoteSubnets: ["10.9.0.0/16"],
  remoteSourceIp: "10.9.0.1",
  remoteId: "@10.9.0.1",
  remoteNextHop: ""
}
connection.secret = {
  customLeftId: "",
  customRightId: ""
}
connection.vti = {
  enabled: true,
  mark: "12/0xffffff",
  interface: "if000-wan0",
  routing: true,
  shared: false
}
const response = await sdk.ipsec.createConnecion(connection);
console.log(response.payload);

Exemplo de resposta

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 1,
  "name": "scz_onco_es2",
  "description": "Túnel IPSEC",
  "auto": "add",
  "keying_tries": 0,
  "disable_arrival_check": false,
  "compress": false,
  "aggrmode": false,
  "cisco_unity": false,
  "mtu": 10,
  "psk": "iosdfa#@#24sadasdio34$#%$%%#2",
  "enabled": true,
  "dpd": {
    "enabled": true,
    "action": "restart",
    "delay": 10,
    "timeout": 20,
  },
  "phase1": {
    "ike_life_time": 3600,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "phase2": {
    "pfs": true,
    "key_life": 1800,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "network": {
    "local": "ipsec01.itflex.com.br",
    "local_subnets": [
      "10.41.0.0/16",
      "192.168.40.0/22",
      "192.168.196.0/22",
    ],
    "local_source_ip": "10.41.15.253",
    "local_id": "@10.41.15.253",
    "local_up_down": "ipsec _updown.netkey --route yes",
    "local_next_hop": "",
    "remote": "%any",
    "remote_subnets": [
      "10.9.0.0/16"
    ],
    "remote_source_ip": "10.9.0.1",
    "remote_id": "@10.9.0.1",
    "remote_next_hop": "",
  },
  "secret": {
    "custom_local": "",
    "custom_remote": "",
  },
  "vti": {
    "enabled": true,
    "mark": "12/0xffffff",
    "interface": "if000-wan0",
    "routing": true,
    "shared": false,
  },
  "created_at": "2017-10-05T12:20:02.932000+00:00",
  "updated_at": "2017-11-05T12:20:02.932000+00:00",
}

if response.success:
    return response.connection

{
  id: 1,
  name: "scz_onco_es2",
  description: "Túnel IPSEC",
  auto: "add",
  keyingTries: 0,
  disableArrivalCheck: false,
  compress: false,
  aggrmode: false,
  ciscoUnity: false,
  mtu: 10,
  psk: "iosdfa#@#24sadasdio34$#%$%%#2",
  enabled: true,
  dpd: {
    enabled: true,
    action: "restart",
    delay: 10,
    timeout: 20
  },
  phase1: {
    ikeLifeTime: 3600,
    encryption: "aes128",
    authentication: "sha256",
    dhGroup: "modp1024"
  },
  phase2: {
    pfs: true,
    keyLife: 1800,
    encryption: "aes128",
    authentication: "sha256",
    dhGroup: "modp1024"
  },
  network: {
    local: "ipsec01.itflex.com.br",
    localSubnets: ["10.41.0.0/16", "192.168.40.0/22", "192.168.196.0/22"],
    localSourceIp: "10.41.15.253",
    localId: "@10.41.15.253",
    localUpDown: "ipsec _updown.netkey --route yes",
    localNextHop: "",
    remote: "%any",
    remoteSubnets: ["10.9.0.0/16"],
    remoteSourceIp: "10.9.0.1",
    remoteId: "@10.9.0.1",
    remoteNextHop: ""
  },
  secret: {
    customLeftId: "",
    customRightId: ""
  },
  vti: {
    enabled: true,
    mark: "12/0xffffff",
    interface: "if000-wan0",
    routing: true,
    shared: false
  },
  createdAt: "2017-10-05T12:20:02.932000+00:00",
  updatedAt: "2017-11-05T12:20:02.932000+00:00"
}

Editar conexão IPSec

API de edição de conexão IPSec existente.

PUT /api/ipsec/connections/<id>

Exemplo de requisição

PUT /api/ipsec/connections/1 HTTP/1.1
Host: api.exemplo.com
Accept: application/json
Authorization: Bearer <Access-Token>

{
  "aaply": true,
  "description": "Túnel IPSEC",
  "auto": "add",
  "keying_tries": 0,
  "disable_arrival_check": false,
  "compress": false,
  "aggrmode": false,
  "cisco_unity": false,
  "mtu": 10,
  "psk": "iosdfa#@#24sadasdio34$#%$%%#2",
  "enabled": true,
  "dpd": {
    "enabled": true,
    "action": "restart",
    "delay": 10,
    "timeout": 20,
  },
  "phase1": {
    "ike_life_time": 3600,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "phase2": {
    "pfs": true,
    "key_life": 1800,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "network": {
    "local": "ipsec01.itflex.com.br",
    "local_subnets": [
      "10.41.0.0/16",
      "192.168.40.0/22",
      "192.168.196.0/22",
    ],
    "local_source_ip": "10.41.15.253",
    "local_id": "@10.41.15.253",
    "local_up_down": "ipsec _updown.netkey --route yes",
    "local_next_hop": "",
    "remote": "%any",
    "remote_subnets": [
      "10.9.0.0/16"
    ],
    "remote_source_ip": "10.9.0.1",
    "remote_id": "@10.9.0.1",
    "remote_next_hop": "",
  },
  "secret": {
    "custom_local": "",
    "custom_remote": "",
  },
  "vti": {
    "enabled": true,
    "mark": "12/0xffffff",
    "interface": "if000-wan0",
    "routing": true,
    "shared": false,
  },
}

from itflex_sdk.ipsec.types import UpdateConnectionRequest

request = UpdateConnectionRequest(
    id=1,
    apply=True,
    description="Túnel IPSEC",
    auto="add",
    keying_tries=0,
    disable_arrival_check=False,
    compress=False,
    aggrmode=False,
    cisco_unity=False,
    mtu=10,
    psk="iosdfa#@#24sadasdio34$#%$%%#2",
    enabled=True,
    dpd=Dpd(
      enabled=True,
      action="restart",
      delay=10,
      timeout=20,
    ),
    phase1=Phase1(
      ike_life_time=3600,
      encryption="aes128",
      authentication="sha256",
      dh_group="modp1024",
    ),
    phase2=Phase2(
      pfs=True,
      key_life=1800,
      encryption="aes128",
      authentication="sha256",
      dh_group="modp1024",
    ),
    network=Network(
      local="ipsec01.itflex.com.br",
      local_subnets=[
        "10.41.0.0/16",
        "192.168.40.0/22",
        "192.168.196.0/22",
      ],
      local_source_ip="10.41.15.253",
      local_id="@10.41.15.253",
      local_up_down="ipsec _updown.netkey --route yes",
      local_next_hop="",
      remote="%any",
      remote_subnets=[
        "10.9.0.0/16"
      ],
      remote_source_ip="10.9.0.1",
      remote_id="@10.9.0.1",
      remote_next_hop="",
    },
    secret=Secret(
      custom_local="",
      custom_remote="",
    ),
    vti=Vti(
      enabled=True,
      mark="12/0xffffff",
      interface="if000-wan0",
      routing=True,
      shared=False,
    ),
)
response = sdk.ipsec.update_connection(request)

const response = await sdk.ipsec.updateConnection({
  id: 1,
  apply: true,
  description: "Túnel IPSEC",
  auto: "add",
  keyingTries: 0,
  disableArrivalCheck: false,
  compress: false,
  aggrmode: false,
  ciscoUnity: false,
  mtu: 10,
  psk: "iosdfa#@#24sadasdio34$#%$%%#2",
  enabled: true,
  dpd: {
    enabled: true,
    action: "restart",
    delay: 10,
    timeout: 20
  },
  phase1: {
    ikeLifeTime: 3600,
    encryption: "aes128",
    authentication: "sha256",
    dhGroup: "modp1024"
  },
  phase2: {
    pfs: true,
    keyLife: 1800,
    encryption: "aes128",
    authentication: "sha256",
    dhGroup: "modp1024"
  },
  network: {
    local: "ipsec01.itflex.com.br",
    localSubnets: ["10.41.0.0/16", "192.168.40.0/22", "192.168.196.0/22"],
    localSourceIp: "10.41.15.253",
    localId: "@10.41.15.253",
    localUpDown: "ipsec _updown.netkey --route yes",
    localNextHop: "",
    remote: "%any",
    remoteSubnets: ["10.9.0.0/16"],
    remoteSourceIp: "10.9.0.1",
    remoteId: "@10.9.0.1",
    remoteNextHop: ""
  },
  secret: {
    customLeftId: "",
    customRightId: ""
  },
  vti: {
    enabled: true,
    mark: "12/0xffffff",
    interface: "if000-wan0",
    routing: true,
    shared: false
  }
});
console.log(response.payload);

Exemplo de resposta

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 1,
  "name": "scz_onco_es2",
  "description": "Túnel IPSEC",
  "auto": "add",
  "keying_tries": 0,
  "disable_arrival_check": false,
  "compress": false,
  "aggrmode": false,
  "cisco_unity": false,
  "mtu": 10,
  "psk": "iosdfa#@#24sadasdio34$#%$%%#2",
  "enabled": true,
  "dpd": {
    "enabled": true,
    "action": "restart",
    "delay": 10,
    "timeout": 20,
  },
  "phase1": {
    "ike_life_time": 3600,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "phase2": {
    "pfs": true,
    "key_life": 1800,
    "encryption": "aes128",
    "authentication": "sha256",
    "dh_group": "modp1024",
  },
  "network": {
    "local": "ipsec01.itflex.com.br",
    "local_subnets": [
      "10.41.0.0/16",
      "192.168.40.0/22",
      "192.168.196.0/22",
    ],
    "local_source_ip": "10.41.15.253",
    "local_id": "@10.41.15.253",
    "local_up_down": "ipsec _updown.netkey --route yes",
    "local_next_hop": "",
    "remote": "%any",
    "remote_subnets": [
      "10.9.0.0/16"
    ],
    "remote_source_ip": "10.9.0.1",
    "remote_id": "@10.9.0.1",
    "remote_next_hop": "",
  },
  "secret": {
    "custom_local": "",
    "custom_remote": "",
  },
  "vti": {
    "enabled": true,
    "mark": "12/0xffffff",
    "interface": "if000-wan0",
    "routing": true,
    "shared": false,
  },
  "created_at": "2017-10-05T12:20:02.932000+00:00",
  "updated_at": "2017-11-05T12:20:02.932000+00:00",
}

if response.success:
    return response.connection

{
  id: 1,
  name: "scz_onco_es2",
  description: "Túnel IPSEC",
  auto: "add",
  keyingTries: 0,
  disableArrivalCheck: false,
  compress: false,
  aggrmode: false,
  ciscoUnity: false,
  mtu: 10,
  psk: "iosdfa#@#24sadasdio34$#%$%%#2",
  enabled: true,
  dpd: {
    enabled: true,
    action: "restart",
    delay: 10,
    timeout: 20
  },
  phase1: {
    ikeLifeTime: 3600,
    encryption: "aes128",
    authentication: "sha256",
    dhGroup: "modp1024"
  },
  phase2: {
    pfs: true,
    keyLife: 1800,
    encryption: "aes128",
    authentication: "sha256",
    dhGroup: "modp1024"
  },
  network: {
    local: "ipsec01.itflex.com.br",
    localSubnets: ["10.41.0.0/16", "192.168.40.0/22", "192.168.196.0/22"],
    localSourceIp: "10.41.15.253",
    localId: "@10.41.15.253",
    localUpDown: "ipsec _updown.netkey --route yes",
    localNextHop: "",
    remote: "%any",
    remoteSubnets: ["10.9.0.0/16"],
    remoteSourceIp: "10.9.0.1",
    remoteId: "@10.9.0.1",
    remoteNextHop: ""
  },
  secret: {
    customLeftId: "",
    customRightId: ""
  },
  vti: {
    enabled: true,
    mark: "12/0xffffff",
    interface: "if000-wan0",
    routing: true,
    shared: false
  },
  createdAt: "2017-10-05T12:20:02.932000+00:00",
  updatedAt: "2017-11-05T12:20:02.932000+00:00"
}

Apagar conexão IPSec

API de apagar conexão IPSec.

DELETE /api/ipsec/connections/<id>

Exemplo de requisição

DELETE /api/ipsec/connections/1 HTTP/1.1
Host: api.exemplo.com
Accept: application/json
Authorization: Bearer <Access-Token>

from itflex_sdk.ipsec.types import DeleteConnectionRequest

request = DeleteConnectionRequest(id=1)
response = sdk.ipsec.delete_connection(request)

const response = sdk.ipsec.deleteConnection({ id: 1 });
console.log(response);

Exemplo de resposta

HTTP/1.1 200 OK
Content-Type: application/json

return response.success

Aplicar conexões IPSEC

API para aplicar as conexões IPSEC

POST /api/ipsec/connections/apply

Exemplo de requisição

POST /api/ipsec/connections/apply HTTP/1.1
Host: api.exemplo.com
Accept: application/json
Authorization: Bearer <Access-Token>

response = sdk.ipsec.apply()

const response = await sdk.ipsec.apply();

Exemplo de resposta

HTTP/1.1 200 OK
Content-Type: application/json

Aplicar uma conexão IPSEC

API para aplicar uma conexão IPSEC

POST /api/ipsec/connections/<id>/apply

Exemplo de requisição

POST /api/ipsec/connections/1/apply HTTP/1.1
Host: api.exemplo.com
Accept: application/json
Authorization: Bearer <Access-Token>

response = sdk.ipsec.apply_connection(id=1)

const response = await sdk.ipsec.applyConnection({ id: 1 });

Exemplo de resposta

HTTP/1.1 200 OK
Content-Type: application/json

Formato dos dados

Requisição

Parâmetro	Tipo	Valor Default	Descrição
apply	bool	`False`	Flag para aplicar o provisionamento das conexões IPSEC
name	string `requerido`		Nome do túnel. Caracteres permitidos: `A-Z a-z 0-9 - .` Tamanho máximo: 30
description	string		Descrição do túnel
auto	string		Ação do túnel
keying_tries	int		Quantidade de tentativas de troca de senhas
disable_arrival_check	boolean		Habilitado para permitir que pacotes com qualquer origem e destino sejam aceitos
compress	boolean		Habilita compressão do túnel
aggrmode	boolean		Habilita Agressive Mode
cisco_unity	boolean		Habilitado se o appliance do outro lado for cisco
mtu	int		Tamanho do pacote
psk	string		Senha do túnel
enabled	boolean		Túnel habilitado
dpd.enabled	boolean		Habilitado adiciona no conf os parâmetros do dpd
dpd.action	string		Ação quando o peer estiver inacessível
dpd.delay	int		Intervalo entre teste de conexão
dpd.timeout	int		Timeout do teste de conexão
phase1.ike_life_time	int		Tempo de expiração da chave (Fase 1)
phase1.encryption	string		Criptografica (Fase 1)
phase1.authentication	string		Autenticação (Fase 1)
phase1.dh_group	string		DH group (Fase 1)
phase2.pfs	boolean		Habilita Perfect Forward Secret
phase2.key_life	int		Tempo de expiração da chave (Fase 2)
phase2.encryption	string		Criptografica (Fase 2)
phase2.authentication	string		Autenticação (Fase 2)
phase2.dh_group	string		DH group (Fase 2)
network.local	string		Endereço de conexão
network.local_subnets	List[String]		Lista de redes negociadas
network.local_source_ip	string		IP de origem
network.local_id	string		Id da conexão
network.local_up_down	string		Script executado no UP e DOWN do túnel
network.local_next_hop	string		Ip do próximo salto local
network.remote	string		Endereço de conexão
network.remote_subnets	List[String]		Lista de redes negociadas
network.remote_source_ip	string		IP de origem
network.remote_id	string		Id da conexão
network.remote_next_hop	string		Ip do próximo salto remoto
secret.custom_local	string		Utiliza ID da rede local customizada no .secrets
secret.custom_remote	string		Utiliza ID da rede remota customizado no .secrets
vti.enabled	boolean		Habilita configuração do VTI
vti.mark	string		Marcação utilizada pela interface de rede
vti.interface	string		Nome da interface de rede
vti.routing	boolean		Habilita criação das rotas na interface
vti.shared	boolean		Define se a interface é utilizada por mais de um túnel

Resposta

Parâmetro	Tipo	Descrição
id	integer	Identificador do túnel IPSec
description	string	Descrição do túnel
auto	string	Ação do túnel
keying_tries	int	Quantidade de tentativas de troca de senhas
disable_arrival_check	boolean	Habilitado para permitir que pacotes com qualquer origem e destino sejam aceitos
compress	boolean	Habilita compressão do túnel
aggrmode	boolean	Habilita Agressive Mode
cisco_unity	boolean	Habilitado se o appliance do outro lado for cisco
mtu	int	Tamanho do pacote
psk	string	Senha do túnel
enabled	boolean	Túnel habilitado
dpd.enabled	boolean	Habilitado adiciona no conf os parâmetros do dpd
dpd.action	string	Ação quando o peer estiver inacessível
dpd.delay	int	Intervalo entre teste de conexão
dpd.timeout	int	Timeout do teste de conexão
phase1.ike_life_time	int	Tempo de expiração da chave (Fase 1)
phase1.encryption	string	Criptografica (Fase 1)
phase1.authentication	string	Autenticação (Fase 1)
phase1.dh_group	string	DH group (Fase 1)
phase2.pfs	boolean	Habilita Perfect Forward Secret
phase2.key_life	int	Tempo de expiração da chave (Fase 2)
phase2.encryption	string	Criptografica (Fase 2)
phase2.authentication	string	Autenticação (Fase 2)
phase2.dh_group	string	DH group (Fase 2)
network.local	string	Endereço de conexão
network.local_subnets	List[String]	Lista de redes negociadas
network.local_source_ip	string	IP de origem
network.local_id	string	Id da conexão
network.local_up_down	string	Script executado no UP e DOWN do túnel
network.local_next_hop	string	Ip do próximo salto local
network.remote	string	Endereço de conexão
network.remote_subnets	List[String]	Lista de redes negociadas
network.remote_source_ip	string	IP de origem
network.remote_id	string	Id da conexão
network.remote_next_hop	string	Ip do próximo salto remoto
secret.custom_local	string	Utiliza ID da rede local customizada no .secrets
secret.custom_remote	string	Utiliza ID da rede remota customizado no .secrets
vti.enabled	boolean	Habilita configuração do VTI
vti.mark	string	Marcação utilizada pela interface de rede
vti.interface	string	Nome da interface de rede
vti.routing	boolean	Habilita criação das rotas na interface
vti.shared	boolean	Define se a interface é utilizada por mais de um túnel
created_at	datetime	Data de criação
updated_at	datetime	Data de edição