» opc_compute_vpn_endpoint_v2
The opc_compute_vpn_endpoint_v2
resource creates and manages an VPN Endpoint V2 in an Oracle Cloud Infrastructure Compute Classic identity domain.
» Example Usage
resource "opc_compute_vnic_set" "vnicset1" {
name = "vpnaas-vnicset1"
}
resource "opc_compute_ip_network" "ipnetwork1" {
name = "ipnetwork1"
ip_address_prefix = "10.0.12.0/24"
}
resource "opc_compute_vpn_endpoint_v2" "vpnaas1" {
name = "vpnaas1"
customer_vpn_gateway = "${var.vpn_endpoint_public_ip}"
ip_network = "${opc_compute_ip_network.ipnetwork1.name}"
pre_shared_key = "${var.pre_shared_key}"
reachable_routes = ["172.16.4.0/24"]
vnic_sets = ["${opc_compute_vnic_set.vnicset1.name}"]
}
» Argument Reference
The following arguments are supported:
-
name
- (Required) The name of the VPN Endpoint V2. -
customer_vpn_gateway
- (Required) The ip address of the VPN gateway in your data center through which you want to connect to the Oracle Cloud VPN gateway. -
ip_network
- (Required) The name of the IP network on which the cloud gateway is created by VPNaaS. -
pre_shared_key
- (Required) The pre-shared VPN key -
reachable_routes
- (Required) A list of routes (CIDR prefixes) that are reachable through this VPN tunnel. -
vnic_sets
- (Required) A list of vnic sets that traffics is allowed to and from. -
description
- (Optional) A description of the VPN Endpoint V2. -
enabled
- (Optional) Enables or disables the VPN Endpoint V2. Set to true by default. -
ike_identifier
- (Optional) The Internet Key Exchange (IKE) ID. If you don't specify a value, the default value is the public IP address of the cloud gateway. -
require_perfect_forward_secrecy
- (Optional) Boolean specifying whether Perfect Forward Secrecy is enabled. Set to true by default. -
phase_one_settings
- (Optional) Settings for the phase one protocol (IKE). Phase One Settings are detailed below. -
phase_two_settings
- (Optional) Settings for the phase two protocol (IPSEC). Phase Two Settings are detailed below. -
tags
- (Optional) List of tags that may be applied to the VPN Endpoint V2.
Phase One Settings support the following:
-
encryption
- (Required) IKE Encryption.aes128
,aes192
oraes256
-
hash
- (Required) IKE Hash.sha1
,sha2_256
ormd5
-
dh_group
- (Required) Diffie-Hellman group for both IKE and ESP.group2
,group5
,group14
,group22
,group23
, orgroup24
-
lifetime
- (Optional) IKE Lifetime in seconds.
Phase Two Settings support the following:
-
encryption
- (Required) ESP Encryption.aes128
,aes192
oraes256
-
hash
- (Required) ESP Hash.sha1
,sha2_256
ormd5
-
lifetime
- (Optional) IPSEC Lifetime in seconds.
In addition to the above, the following values are exported:
-
local_gateway_ip_address
- Public IP Address of the Local Gateway. -
local_gateway_private_ip_address
- Private IP Address of the Local Gateway. -
uri
- The Uniform Resource Identifier for the VPN Endpoint V2.
» Import
VPN Endpoint V2's can be imported using the resource name
, e.g.
$ terraform import opc_compute_vpn_endpoint_v2.vpnaas1 /Compute-mydomain/user/example