Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Network feature: Setting custom ipsec policy for Virtual Network Gateway P2S clients. #2521

Merged
merged 4 commits into from
Feb 21, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -1482,8 +1482,10 @@
"type": "string",
"description": "Express Route Circuit Connection State. Possible values are: 'Connected' and 'Disconnected'.",
"enum": [
"Unknown",
"Connected",
"Disconnected"
"Disconnected",
"Degraded"
],
"readOnly": true,
"x-ms-enum": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -675,6 +675,98 @@
"x-ms-long-running-operation": true
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/setvpnclientipsecparameters": {
"post": {
"tags": [
"VirtualNetworkGateways"
],
"operationId": "VirtualNetworkGateways_SetVpnclientIpsecParameters",
"description": "The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.",
"parameters": [
{
"name": "resourceGroupName",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the resource group."
},
{
"name": "virtualNetworkGatewayName",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the virtual network gateway."
},
{
"name": "vpnclientIpsecParams",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/VpnClientIPsecParameters"
},
"description": "Parameters supplied to the Begin Set vpnclient ipsec parameters of Virtual Network Gateway P2S client operation through Network resource provider."
},
{
"$ref": "#/parameters/ApiVersionParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
}
],
"responses": {
"202": {
"description": "Accepted and the operation will complete asynchronously."
},
"200": {
"description": "Request successful. The operation sets the specificed vpnclient ipsec parameters for P2S client of the virtual network gateway.",
"schema": {
"$ref": "#/definitions/VpnClientIPsecParameters"
}
}
},
"x-ms-long-running-operation": true
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/getvpnclientipsecparameters": {
"post": {
"tags": [
"VirtualNetworkGateways"
],
"operationId": "VirtualNetworkGateways_GetVpnclientIpsecParameters",
"description": "The Get VpnclientIpsecParameters operation retrieves information about the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.",
"parameters": [
{
"name": "resourceGroupName",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the resource group."
},
{
"name": "virtualNetworkGatewayName",
"in": "path",
"required": true,
"type": "string",
"description": "The virtual network gateway name."
},
{
"$ref": "#/parameters/ApiVersionParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
}
],
"responses": {
"200": {
"description": "Request successful. The operation returns the set vpnclient ipsec parameters for P2S client of VirtualNetworkGateway resource.",
"schema": {
"$ref": "#/definitions/VpnClientIPsecParameters"
}
}
},
"x-ms-long-running-operation": true
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/connections/{virtualNetworkGatewayConnectionName}/vpndeviceconfigurationscript": {
"post": {
"tags": [
Expand Down Expand Up @@ -1547,6 +1639,13 @@
},
"description": "VpnClientProtocols for Virtual network gateway."
},
"vpnClientIpsecPolicies": {
"type": "array",
"items": {
"$ref": "#/definitions/IpsecPolicy"
},
"description": "VpnClientIpsecPolicies for virtual network gateway P2S client."
},
"radiusServerAddress": {
"type": "string",
"description": "The radius server address property of the VirtualNetworkGateway resource for vpn client connection."
Expand Down Expand Up @@ -2099,7 +2198,9 @@
"DES3",
"AES128",
"AES192",
"AES256"
"AES256",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeEncryption",
Expand All @@ -2113,7 +2214,9 @@
"MD5",
"SHA1",
"SHA256",
"SHA384"
"SHA384",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeIntegrity",
Expand All @@ -2140,15 +2243,17 @@
},
"pfsGroup": {
"type": "string",
"description": "The DH Groups used in IKE Phase 2 for new child SA.",
"description": "The Pfs Groups used in IKE Phase 2 for new child SA.",
"enum": [
"None",
"PFS1",
"PFS2",
"PFS2048",
"ECP256",
"ECP384",
"PFS24"
"PFS24",
"PFS14",
"PFSMM"
],
"x-ms-enum": {
"name": "PfsGroup",
Expand All @@ -2168,6 +2273,136 @@
],
"description": "An IPSec Policy configuration for a virtual network gateway connection"
},
"VpnClientIPsecParameters": {
"properties": {
"saLifeTimeSeconds": {
"type": "integer",
"format": "int32",
"description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client."
},
"saDataSizeKilobytes": {
"type": "integer",
"format": "int32",
"description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client.."
},
"ipsecEncryption": {
"type": "string",
"description": "The IPSec encryption algorithm (IKE phase 1).",
"enum": [
"None",
"DES",
"DES3",
"AES128",
"AES192",
"AES256",
"GCMAES128",
"GCMAES192",
"GCMAES256"
],
"x-ms-enum": {
"name": "IpsecEncryption",
"modelAsString": true
}
},
"ipsecIntegrity": {
"type": "string",
"description": "The IPSec integrity algorithm (IKE phase 1).",
"enum": [
"MD5",
"SHA1",
"SHA256",
"GCMAES128",
"GCMAES192",
"GCMAES256"
],
"x-ms-enum": {
"name": "IpsecIntegrity",
"modelAsString": true
}
},
"ikeEncryption": {
"type": "string",
"description": "The IKE encryption algorithm (IKE phase 2).",
"enum": [
"DES",
"DES3",
"AES128",
"AES192",
"AES256",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeEncryption",
"modelAsString": true
}
},
"ikeIntegrity": {
"type": "string",
"description": "The IKE integrity algorithm (IKE phase 2).",
"enum": [
"MD5",
"SHA1",
"SHA256",
"SHA384",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeIntegrity",
"modelAsString": true
}
},
"dhGroup": {
"type": "string",
"description": "The DH Groups used in IKE Phase 1 for initial SA.",
"enum": [
"None",
"DHGroup1",
"DHGroup2",
"DHGroup14",
"DHGroup2048",
"ECP256",
"ECP384",
"DHGroup24"
],
"x-ms-enum": {
"name": "DhGroup",
"modelAsString": true
}
},
"pfsGroup": {
"type": "string",
"description": "The Pfs Groups used in IKE Phase 2 for new child SA.",
"enum": [
"None",
"PFS1",
"PFS2",
"PFS2048",
"ECP256",
"ECP384",
"PFS24",
"PFS14",
"PFSMM"
],
"x-ms-enum": {
"name": "PfsGroup",
"modelAsString": true
}
}
},
"required": [
"saLifeTimeSeconds",
"saDataSizeKilobytes",
"ipsecEncryption",
"ipsecIntegrity",
"ikeEncryption",
"ikeIntegrity",
"dhGroup",
"pfsGroup"
],
"description": "An IPSec parameters for a virtual network gateway P2S connection."
},
"LocalNetworkGatewayPropertiesFormat": {
"properties": {
"localNetworkAddressSpace": {
Expand Down
40 changes: 20 additions & 20 deletions specification/network/resource-manager/readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,26 +38,26 @@ These settings apply only when `--tag=package-2018-02` is specified on the comma
``` yaml $(tag) == 'package-2018-02'

input-file:
- Microsoft.Network/2018-02-01/applicationGateway.json
- Microsoft.Network/2018-02-01/applicationSecurityGroup.json
- Microsoft.Network/2018-02-01/checkDnsAvailability.json
- Microsoft.Network/2018-02-01/endpointService.json
- Microsoft.Network/2018-02-01/expressRouteCircuit.json
- Microsoft.Network/2018-02-01/loadBalancer.json
- Microsoft.Network/2018-02-01/network.json
- Microsoft.Network/2018-02-01/networkInterface.json
- Microsoft.Network/2018-02-01/networkSecurityGroup.json
- Microsoft.Network/2018-02-01/networkWatcher.json
- Microsoft.Network/2018-02-01/operation.json
- Microsoft.Network/2018-02-01/publicIpAddress.json
- Microsoft.Network/2018-02-01/routeFilter.json
- Microsoft.Network/2018-02-01/routeTable.json
- Microsoft.Network/2018-02-01/serviceCommunity.json
- Microsoft.Network/2018-02-01/usage.json
- Microsoft.Network/2018-02-01/virtualNetwork.json
- Microsoft.Network/2018-02-01/virtualNetworkGateway.json
- Microsoft.Network/2018-02-01/vmssNetworkInterface.json
- Microsoft.Network/2018-02-01/vmssPublicIpAddress.json
- Microsoft.Network/stable/2018-02-01/applicationGateway.json
- Microsoft.Network/stable/2018-02-01/applicationSecurityGroup.json
- Microsoft.Network/stable/2018-02-01/checkDnsAvailability.json
- Microsoft.Network/stable/2018-02-01/endpointService.json
- Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json
- Microsoft.Network/stable/2018-02-01/loadBalancer.json
- Microsoft.Network/stable/2018-02-01/network.json
- Microsoft.Network/stable/2018-02-01/networkInterface.json
- Microsoft.Network/stable/2018-02-01/networkSecurityGroup.json
- Microsoft.Network/stable/2018-02-01/networkWatcher.json
- Microsoft.Network/stable/2018-02-01/operation.json
- Microsoft.Network/stable/2018-02-01/publicIpAddress.json
- Microsoft.Network/stable/2018-02-01/routeFilter.json
- Microsoft.Network/stable/2018-02-01/routeTable.json
- Microsoft.Network/stable/2018-02-01/serviceCommunity.json
- Microsoft.Network/stable/2018-02-01/usage.json
- Microsoft.Network/stable/2018-02-01/virtualNetwork.json
- Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json
- Microsoft.Network/stable/2018-02-01/vmssNetworkInterface.json
- Microsoft.Network/stable/2018-02-01/vmssPublicIpAddress.json
```

### Tag: package-2018-01
Expand Down