Skip to content

Commit

Permalink
Network feature: Setting custom ipsec policy for Virtual Network Gate…
Browse files Browse the repository at this point in the history 
…way P2S clients. (#2521)

* 1443089: Network feature: Setting custom ipsec policy for Virtual Network Gateway P2S clients.

* 1443089:Fix network ReadMe file.

* 1443089:Fix network ReadMe file.

* Temporary bug fix
  • Loading branch information
@Nilambari @anuchandy
Nilambari authored and anuchandy committed Feb 21, 2018
1 parent d966adb commit c6dc7f6
Show file tree
Hide file tree
Showing 3 changed files with 262 additions and 25 deletions.
4 changes: 3 additions & 1 deletion ...ion/network/resource-manager/Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1482,8 +1482,10 @@
"type": "string",
"description": "Express Route Circuit Connection State. Possible values are: 'Connected' and 'Disconnected'.",
"enum": [
"Unknown",
"Connected",
"Disconnected"
"Disconnected",
"Degraded"
],
"readOnly": true,
"x-ms-enum": {
Expand Down
243 changes: 239 additions & 4 deletions ...n/network/resource-manager/Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -675,6 +675,98 @@
"x-ms-long-running-operation": true
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/setvpnclientipsecparameters": {
"post": {
"tags": [
"VirtualNetworkGateways"
],
"operationId": "VirtualNetworkGateways_SetVpnclientIpsecParameters",
"description": "The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.",
"parameters": [
{
"name": "resourceGroupName",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the resource group."
},
{
"name": "virtualNetworkGatewayName",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the virtual network gateway."
},
{
"name": "vpnclientIpsecParams",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/VpnClientIPsecParameters"
},
"description": "Parameters supplied to the Begin Set vpnclient ipsec parameters of Virtual Network Gateway P2S client operation through Network resource provider."
},
{
"$ref": "#/parameters/ApiVersionParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
}
],
"responses": {
"202": {
"description": "Accepted and the operation will complete asynchronously."
},
"200": {
"description": "Request successful. The operation sets the specificed vpnclient ipsec parameters for P2S client of the virtual network gateway.",
"schema": {
"$ref": "#/definitions/VpnClientIPsecParameters"
}
}
},
"x-ms-long-running-operation": true
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/getvpnclientipsecparameters": {
"post": {
"tags": [
"VirtualNetworkGateways"
],
"operationId": "VirtualNetworkGateways_GetVpnclientIpsecParameters",
"description": "The Get VpnclientIpsecParameters operation retrieves information about the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.",
"parameters": [
{
"name": "resourceGroupName",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the resource group."
},
{
"name": "virtualNetworkGatewayName",
"in": "path",
"required": true,
"type": "string",
"description": "The virtual network gateway name."
},
{
"$ref": "#/parameters/ApiVersionParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
}
],
"responses": {
"200": {
"description": "Request successful. The operation returns the set vpnclient ipsec parameters for P2S client of VirtualNetworkGateway resource.",
"schema": {
"$ref": "#/definitions/VpnClientIPsecParameters"
}
}
},
"x-ms-long-running-operation": true
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/connections/{virtualNetworkGatewayConnectionName}/vpndeviceconfigurationscript": {
"post": {
"tags": [
Expand Down Expand Up @@ -1547,6 +1639,13 @@
},
"description": "VpnClientProtocols for Virtual network gateway."
},
"vpnClientIpsecPolicies": {
"type": "array",
"items": {
"$ref": "#/definitions/IpsecPolicy"
},
"description": "VpnClientIpsecPolicies for virtual network gateway P2S client."
},
"radiusServerAddress": {
"type": "string",
"description": "The radius server address property of the VirtualNetworkGateway resource for vpn client connection."
Expand Down Expand Up @@ -2099,7 +2198,9 @@
"DES3",
"AES128",
"AES192",
"AES256"
"AES256",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeEncryption",
Expand All @@ -2113,7 +2214,9 @@
"MD5",
"SHA1",
"SHA256",
"SHA384"
"SHA384",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeIntegrity",
Expand All @@ -2140,15 +2243,17 @@
},
"pfsGroup": {
"type": "string",
"description": "The DH Groups used in IKE Phase 2 for new child SA.",
"description": "The Pfs Groups used in IKE Phase 2 for new child SA.",
"enum": [
"None",
"PFS1",
"PFS2",
"PFS2048",
"ECP256",
"ECP384",
"PFS24"
"PFS24",
"PFS14",
"PFSMM"
],
"x-ms-enum": {
"name": "PfsGroup",
Expand All @@ -2168,6 +2273,136 @@
],
"description": "An IPSec Policy configuration for a virtual network gateway connection"
},
"VpnClientIPsecParameters": {
"properties": {
"saLifeTimeSeconds": {
"type": "integer",
"format": "int32",
"description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client."
},
"saDataSizeKilobytes": {
"type": "integer",
"format": "int32",
"description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client.."
},
"ipsecEncryption": {
"type": "string",
"description": "The IPSec encryption algorithm (IKE phase 1).",
"enum": [
"None",
"DES",
"DES3",
"AES128",
"AES192",
"AES256",
"GCMAES128",
"GCMAES192",
"GCMAES256"
],
"x-ms-enum": {
"name": "IpsecEncryption",
"modelAsString": true
}
},
"ipsecIntegrity": {
"type": "string",
"description": "The IPSec integrity algorithm (IKE phase 1).",
"enum": [
"MD5",
"SHA1",
"SHA256",
"GCMAES128",
"GCMAES192",
"GCMAES256"
],
"x-ms-enum": {
"name": "IpsecIntegrity",
"modelAsString": true
}
},
"ikeEncryption": {
"type": "string",
"description": "The IKE encryption algorithm (IKE phase 2).",
"enum": [
"DES",
"DES3",
"AES128",
"AES192",
"AES256",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeEncryption",
"modelAsString": true
}
},
"ikeIntegrity": {
"type": "string",
"description": "The IKE integrity algorithm (IKE phase 2).",
"enum": [
"MD5",
"SHA1",
"SHA256",
"SHA384",
"GCMAES256",
"GCMAES128"
],
"x-ms-enum": {
"name": "IkeIntegrity",
"modelAsString": true
}
},
"dhGroup": {
"type": "string",
"description": "The DH Groups used in IKE Phase 1 for initial SA.",
"enum": [
"None",
"DHGroup1",
"DHGroup2",
"DHGroup14",
"DHGroup2048",
"ECP256",
"ECP384",
"DHGroup24"
],
"x-ms-enum": {
"name": "DhGroup",
"modelAsString": true
}
},
"pfsGroup": {
"type": "string",
"description": "The Pfs Groups used in IKE Phase 2 for new child SA.",
"enum": [
"None",
"PFS1",
"PFS2",
"PFS2048",
"ECP256",
"ECP384",
"PFS24",
"PFS14",
"PFSMM"
],
"x-ms-enum": {
"name": "PfsGroup",
"modelAsString": true
}
}
},
"required": [
"saLifeTimeSeconds",
"saDataSizeKilobytes",
"ipsecEncryption",
"ipsecIntegrity",
"ikeEncryption",
"ikeIntegrity",
"dhGroup",
"pfsGroup"
],
"description": "An IPSec parameters for a virtual network gateway P2S connection."
},
"LocalNetworkGatewayPropertiesFormat": {
"properties": {
"localNetworkAddressSpace": {
Expand Down
40 changes: 20 additions & 20 deletions specification/network/resource-manager/readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,26 +38,26 @@ These settings apply only when `--tag=package-2018-02` is specified on the comma
``` yaml $(tag) == 'package-2018-02'
input-file:
- Microsoft.Network/2018-02-01/applicationGateway.json
- Microsoft.Network/2018-02-01/applicationSecurityGroup.json
- Microsoft.Network/2018-02-01/checkDnsAvailability.json
- Microsoft.Network/2018-02-01/endpointService.json
- Microsoft.Network/2018-02-01/expressRouteCircuit.json
- Microsoft.Network/2018-02-01/loadBalancer.json
- Microsoft.Network/2018-02-01/network.json
- Microsoft.Network/2018-02-01/networkInterface.json
- Microsoft.Network/2018-02-01/networkSecurityGroup.json
- Microsoft.Network/2018-02-01/networkWatcher.json
- Microsoft.Network/2018-02-01/operation.json
- Microsoft.Network/2018-02-01/publicIpAddress.json
- Microsoft.Network/2018-02-01/routeFilter.json
- Microsoft.Network/2018-02-01/routeTable.json
- Microsoft.Network/2018-02-01/serviceCommunity.json
- Microsoft.Network/2018-02-01/usage.json
- Microsoft.Network/2018-02-01/virtualNetwork.json
- Microsoft.Network/2018-02-01/virtualNetworkGateway.json
- Microsoft.Network/2018-02-01/vmssNetworkInterface.json
- Microsoft.Network/2018-02-01/vmssPublicIpAddress.json
- Microsoft.Network/stable/2018-02-01/applicationGateway.json
- Microsoft.Network/stable/2018-02-01/applicationSecurityGroup.json
- Microsoft.Network/stable/2018-02-01/checkDnsAvailability.json
- Microsoft.Network/stable/2018-02-01/endpointService.json
- Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json
- Microsoft.Network/stable/2018-02-01/loadBalancer.json
- Microsoft.Network/stable/2018-02-01/network.json
- Microsoft.Network/stable/2018-02-01/networkInterface.json
- Microsoft.Network/stable/2018-02-01/networkSecurityGroup.json
- Microsoft.Network/stable/2018-02-01/networkWatcher.json
- Microsoft.Network/stable/2018-02-01/operation.json
- Microsoft.Network/stable/2018-02-01/publicIpAddress.json
- Microsoft.Network/stable/2018-02-01/routeFilter.json
- Microsoft.Network/stable/2018-02-01/routeTable.json
- Microsoft.Network/stable/2018-02-01/serviceCommunity.json
- Microsoft.Network/stable/2018-02-01/usage.json
- Microsoft.Network/stable/2018-02-01/virtualNetwork.json
- Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json
- Microsoft.Network/stable/2018-02-01/vmssNetworkInterface.json
- Microsoft.Network/stable/2018-02-01/vmssPublicIpAddress.json
```

### Tag: package-2018-01
Expand Down

0 comments on commit c6dc7f6

Please sign in to comment.