Introduction
The VNS3 API provides a programmable interface on top of your network edge. This allows you to automate your network infrastructure deployment and reactive behavior to real time events.
Getting started
The fastest way to get started is by launching a free version of VNS3 in your cloud of choice. (Trying to run programmable SDN appliance on prem? We can run anywhere - Get in touch at support@cohesive.net)
We have free versions as well as bring-your-own-license images ready for any and all environments:
- AWS Marketplace
- Azure Marketplace
- Google Cloud - Send an email at support@cohesive.net or open a support request and we can share an image with your account.
SDKs and Clients
Currently we support a python SDK and ruby CLI.
- Python SDK - Use python3 to configure your network edge VNS3 controllers
- Ruby CLI
We have a zero-dependency CLI in the roadmap!
Topology starters
We provide some topology starters to get going with fully automating the build of your network here. https://github.com/cohesive/vns3-infra-templates.git. We'll be continually updating and revising this, with user input.
Don't see your use case there? Looking to use cloudformation or Azure Resource Templates? Get in touch. We'd be happy to help you get going with your automation of choice.
Some cloud quickstarts:
- AWS Quickstart with Cloudformation
- Azure Quickstart with Azure Resource Manager
# Spin up VNS3 controller mesh
module "vns3_mesh" {
source = "github.com/cohesive/vns3-infra-templates.git//modules/aws-vns3-public"
topology_name = "${var.topology_name}"
vns3_version = "${var.vns3_version}" # searches for latest AMI of version
vns3_license_type = "byol"
vns3_instance_type = "${var.vns3_instance_type}"
vns3_account_owner = "${var.vns3_account_owner}"
vpc_id = "${module.aws_vpc.vpc_id}"
vpc_route_table_id = "${module.aws_vpc.route_table_id}"
access_cidr = "${var.access_cidr}"
client_cidrs = ["${var.client_cidrs}"]
subnet_ids = "${length(module.aws_vpc.subnet_ids) == 0 ? [] : slice(module.aws_vpc.subnet_ids, 0, var.vns3_instance_count)}"
common_tags = "${var.common_tags}"
}
VNS3 Controller API v6.0.0
Cohesive networks VNS3 provides complete control of your network's addressing, routes, rules and edge enabling a secure, connected and reactive cloud network.
Base URLs:
Terms of service Email: Cohesive Networks Support team Web: Cohesive Networks Support team
Authentication
# Authenticate via cURL with user:password
curl -X GET -u api:myapipassword https://55.55.55.55:8000/api/config
from cohesivenet import VNS3Client, Configuration
vns3_client = VNS3Client(
configuration=Configuration(
host="55.55.55.55:8000",
username="api",
password="myapipassword",
verify_ssl=False, # if SSL Certs installed, set to True
)
)
- HTTP Authentication, scheme: basic
System Administration
Sysadmin functions for system status, device access and system actions
Get remote support
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/remote_support \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.sys_admin.get_remote_support_details()
print(api_response.json())
GET /remote_support
Get remote support configuration details
Example responses
200 Response
{
"enabled": true
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
RemoteSupportConfigResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| enabled | boolean | false | - | - |
Update remote support config
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/remote_support \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.sys_admin.put_update_remote_support(
enabled=enabled,
revoke_credential=revoke_credential)
print(api_response.json())
PUT /remote_support
Enables and disables remote support. Revokes the validity of current remote support keypair
Body parameter
{
"enabled": true,
"revoke_credential": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| enabled | body | boolean | false | True if remote support should be enabled |
| revoke_credential | body | boolean | false | True if remote support credential should be revoked |
Example responses
200 Response
{
"enabled": true,
"revoke_credential": false
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156347731532179638778333642624237974834407",
"message": "enabled is invalid"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
RemoteSupportStatusResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| enabled | boolean | false | - | - |
| revoke_credential | boolean | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Generate support keypair
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/remote_support/keypair \
-H 'Content-Type: text/plain' \
-H 'Accept: application/octet-stream'
from cohesivenet import VNS3Client
api_response = vns3_client.sys_admin.post_generate_support_keypair()
print(api_response.file_download) # path to downloaded file
POST /remote_support/keypair
Generating a remote support key which can be shared with Cohesive to provide access to the internal of the VNS3 Manager remotely as a "one time key". Once Cohesive has used the key it can be revoked and access terminated.
Body parameter
string
Example responses
201 Response
"string"
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156347797058992573673734848595852371200179",
"message": "Bad encrypted passphrase"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | SSH key .pem file | string |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get cloud details
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/cloud_data \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.sys_admin.get_cloud_data()
print(api_response.json())
GET /cloud_data
Returns cloud-specific data depending upon cloud type. Supports EC2 and GCE. More clouds coming soon.
Example responses
200 Response
{
"response": {
"cloud_type": "ec2",
"cloud_data": {
"accountId": "10801293012",
"availabilityZone": "us-east-1a",
"ramdiskId": null,
"kernelId": null,
"pendingTime": "2019-07-19T21:45:07Z",
"architecture": "x86_64",
"privateIp": "192.168.1.211",
"devpayProductCodes": null,
"marketplaceProductCodes": null,
"version": "2017-09-30",
"region": "us-east-1",
"imageId": "ami-8400209011nsd0111",
"billingProducts": null,
"instanceId": "i-123123asdf0t41211",
"instanceType": "t2.micro"
}
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
CloudInfoDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| cloud_type | string | false | - | ec2, gce, azure, hpcloud, centurylink |
| cloud_data | any | false | - | - |
oneOf
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | object | false | - | Metadata returned from AWS instance metadata call. |
| accountId | string | false | - | - |
| availabilityZone | string | false | - | - |
| ramdiskId | string¦null | false | - | - |
| kernelId | string¦null | false | - | - |
| pendingTime | string | false | - | - |
| architecture | string | false | - | - |
| privateIp | string | false | - | - |
| devpayProductCodes | string¦null | false | - | - |
| marketplaceProductCodes | string¦null | false | - | - |
| version | string | false | - | - |
| region | string | false | - | - |
| imageId | string | false | - | - |
| billingProducts | string¦null | false | - | - |
| instanceId | string | false | - | - |
| instanceType | string | false | - | - |
xor
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | object | false | - | Metadata returned from GCE metadata call. |
| projectId | string | false | - | - |
Take server action
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/server \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.sys_admin.put_server_action(
reboot=reboot)
print(api_response.json())
PUT /server
Server action for VNS3 controller. Currently only reboot supported.
Body parameter
{
"reboot": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| reboot | body | boolean | false | - |
Example responses
200 Response
{
"response": {
"status": "rebooting"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156348220177382578437853325229350053485636",
"message": "Nothing to do"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
SimpleStatusResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| status | string | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get runtime status
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/status \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.sys_admin.get_runtime_status()
print(api_response.json())
GET /status
Describe Runtime status details
Example responses
200 Response
{
"response": {
"connected_clients": {
"property1": {
"managerid": 1,
"overlay_ipaddress": "string",
"ipaddress": "string",
"tags": {
"property1": "string",
"property2": "string"
}
},
"property2": {
"managerid": 1,
"overlay_ipaddress": "string",
"ipaddress": "string",
"tags": {
"property1": "string",
"property2": "string"
}
}
},
"connected_subnets": [
[
"string"
]
],
"ipsec": {
"property1": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
},
"property2": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
}
}
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
RuntimeStatusDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| connected_clients | object | false | - | clients keyed by ip address |
| OverlayClient | object | false | - | - |
| managerid | integer | false | - | - |
| overlay_ipaddress | string | false | - | - |
| ipaddress | string | false | - | - |
| tags | object | false | - | Key, value object of tags |
| additionalProperties | string | false | - | - |
| connected_subnets | [array] | false | - | Array of arrays with each element of length 2 representing [network, subnet mask] |
| ipsec | object | false | - | IPSEC tunnels keyed by tunnel ID |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Get system status
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/status/system \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.sys_admin.get_system_status(
timestamp=timestamp)
print(api_response.json())
GET /status/system
Provides information about the underlying appliance; memory, cpu, disk space, etc.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| timestamp | query | integer | false | Unix timestamp |
Example responses
200 Response
{
"response": {
"timestamp": "string",
"timestamp_i": 0,
"vns3_version": "string",
"kernel_version": "string",
"uptime": 0,
"loadavg": [
"string"
],
"diskinfo": [
[
"string"
]
],
"meminfo": [
"string"
],
"swapinfo": [
"string"
],
"container_system": {
"container_system_running": true,
"images_limit": 0,
"images_stored": 0,
"containers_limit": 0,
"containers_active": 0,
"container_network": "string"
},
"data": {
"sysstat": [
[
"vnscubed",
"597",
"1564089901",
"all",
"%user",
"2.91"
],
[
"vnscubed",
"597",
"1564089901",
"all",
"%nice",
"0.02"
],
[
"vnscubed",
"597",
"1564089901",
"all",
"%system",
"1.49"
],
[
"vnscubed",
"597",
"1564089901",
"all",
"%iowait",
"0.51"
],
[
"vnscubed",
"597",
"1564089901",
"all",
"%steal",
"0.01"
]
]
}
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
SystemStatusDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| timestamp | string | false | - | - |
| timestamp_i | integer | false | - | - |
| vns3_version | string | false | - | - |
| kernel_version | string | false | - | - |
| uptime | integer | false | - | - |
| loadavg | [string] | false | - | - |
| diskinfo | [array] | false | - | - |
| meminfo | [string] | false | - | - |
| swapinfo | [string] | false | - | - |
| container_system | object | false | - | - |
| container_system_running | boolean | false | - | - |
| images_limit | integer | false | - | - |
| images_stored | integer | false | - | - |
| containers_limit | integer | false | - | - |
| containers_active | integer | false | - | - |
| container_network | string | false | - | - |
| data | object | false | - | - |
| sysstat | [array] | false | - | - |
Get task status
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/status/task \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.sys_admin.get_task_status(
token=token)
print(api_response.json())
GET /status/task
Describe task status details
Body parameter
{
"token": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| token | body | string | false | - |
Example responses
200 Response
{
"response": {
"task_status": "string"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "1564152929359289894296619951832390615371038",
"message": "token is missing"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
TaskStatusDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| task_status | string | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Access
Manage access to VNS3 with API tokens and admin access URLs
Get API access tokens
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/access/tokens \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.get_api_tokens()
print(api_response.json())
GET /access/tokens
Retrieve list of api tokens
Example responses
200 Response
{
"response": [
{
"id": 1,
"created_at": "2019-08-24T14:15:22Z",
"token": "string",
"name": "string",
"created_ip": "string",
"expires_at": "2019-08-24T14:15:22Z",
"lifetime": "string",
"refreshes": true,
"expired": true,
"last_accessed_at": "string",
"last_accessed_ip": "string"
}
]
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
AccessTokenListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | [object] | false | - | - |
| AccessToken | object | false | - | - |
| id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| token | string | false | - | - |
| name | string | false | - | - |
| created_ip | string | false | - | - |
| expires_at | string(date-time) | false | - | - |
| lifetime | string | false | - | - |
| refreshes | boolean | false | - | - |
| expired | boolean | false | - | - |
| last_accessed_at | string¦null | false | - | - |
| last_accessed_ip | string¦null | false | - | - |
Create API token
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/access/token \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.create_api_token(
expires=expires,
name=name,
token_name=token_name,
refreshes=refreshes)
print(api_response.json())
POST /access/token
Create api token
Body parameter
{
"expires": 3600,
"name": "string",
"token_name": "string",
"refreshes": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| expires | body | integer | false | Number of seconds before expiration |
| name | body | string | false | Optional name of token |
| token_name | body | string | false | Optional name of token (deprecated) |
| refreshes | body | boolean | false | Token lifetime refreshes when used |
Example responses
201 Response
{
"response": {
"id": 1,
"created_at": "2019-08-24T14:15:22Z",
"token": "string",
"name": "string",
"created_ip": "string",
"expires_at": "2019-08-24T14:15:22Z",
"lifetime": "string",
"refreshes": true,
"expired": true,
"last_accessed_at": "string",
"last_accessed_ip": "string"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156347797058992573673734848595852371200179",
"message": "expires range must be between 60 and 31,536,000"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Created | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 201
AccessTokenDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| token | string | false | - | - |
| name | string | false | - | - |
| created_ip | string | false | - | - |
| expires_at | string(date-time) | false | - | - |
| lifetime | string | false | - | - |
| refreshes | boolean | false | - | - |
| expired | boolean | false | - | - |
| last_accessed_at | string¦null | false | - | - |
| last_accessed_ip | string¦null | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get API access token
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/access/token/{token_id} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.get_api_token(token_id)
print(api_response.json())
GET /access/token/{token_id}
Retrieve details for specific access token (including expired ones)
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| token_id | path | integer | true | Token ID |
Example responses
200 Response
{
"response": {
"id": 1,
"created_at": "2019-08-24T14:15:22Z",
"token": "string",
"name": "string",
"created_ip": "string",
"expires_at": "2019-08-24T14:15:22Z",
"lifetime": "string",
"refreshes": true,
"expired": true,
"last_accessed_at": "string",
"last_accessed_ip": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Requested api token does not exist"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
AccessTokenDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| token | string | false | - | - |
| name | string | false | - | - |
| created_ip | string | false | - | - |
| expires_at | string(date-time) | false | - | - |
| lifetime | string | false | - | - |
| refreshes | boolean | false | - | - |
| expired | boolean | false | - | - |
| last_accessed_at | string¦null | false | - | - |
| last_accessed_ip | string¦null | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Expire API token
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/access/token/{token_id} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.put_expire_api_token(token_id,
expired=expired)
print(api_response.json())
PUT /access/token/{token_id}
Expire API token
Body parameter
{
"expired": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| token_id | path | integer | true | Token ID |
| expired | body | boolean | false | - |
Example responses
200 Response
{
"response": {
"id": 1,
"created_at": "2019-08-24T14:15:22Z",
"token": "string",
"name": "string",
"created_ip": "string",
"expires_at": "2019-08-24T14:15:22Z",
"lifetime": "string",
"refreshes": true,
"expired": true,
"last_accessed_at": "string",
"last_accessed_ip": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Requested api token does not exist"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
AccessTokenDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| token | string | false | - | - |
| name | string | false | - | - |
| created_ip | string | false | - | - |
| expires_at | string(date-time) | false | - | - |
| lifetime | string | false | - | - |
| refreshes | boolean | false | - | - |
| expired | boolean | false | - | - |
| last_accessed_at | string¦null | false | - | - |
| last_accessed_ip | string¦null | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete API token
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/access/token/{token_id} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.delete_api_token(token_id)
print(api_response.json())
DELETE /access/token/{token_id}
Delete API token by ID
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| token_id | path | integer | true | Token ID |
Example responses
200 Response
{
"response": "Token deleted"
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Requested api token does not exist"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
SimpleStringResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | string | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get access URLs
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/access/urls \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.get_access_urls()
print(api_response.json())
GET /access/urls
Retrieve list of users' access urls, including expired ones
Example responses
200 Response
{
"response": [
{
"id": 1,
"url": "string",
"created_at": "2019-08-24T14:15:22Z",
"created_ip": "string",
"name": "string",
"expires_at": "2019-08-24T14:15:22Z",
"lifetime": "string",
"expired": true,
"last_accessed_at": "string",
"last_accessed_ip": "string",
"access": "rs"
}
]
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
AccessUrlListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | [object] | false | - | - |
| AccessUrl | object | false | - | - |
| id | integer | false | - | - |
| url | string | false | - | - |
| created_at | string(date-time) | false | - | - |
| created_ip | string | false | - | - |
| name | string | false | - | - |
| expires_at | string(date-time) | false | - | - |
| lifetime | string | false | - | - |
| expired | boolean | false | - | - |
| last_accessed_at | string¦null | false | - | - |
| last_accessed_ip | string¦null | false | - | - |
| access | string | false | - | Type of access, remote support (rs) or clientpack (cp:100_1_64_0) |
Create access URL
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/access/url \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.create_access_url(
expires=expires,
name=name,
description=description,
access=access)
print(api_response.json())
POST /access/url
Create access URL
Body parameter
{
"expires": 3600,
"name": "string",
"description": "string",
"access": "rs"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| expires | body | integer | false | Number of seconds before expiration |
| name | body | string | false | Optional name |
| description | body | string | false | Optional name (deprecated) |
| access | body | string | false | Type of access, remote support (rs) or clientpack (cp:100_1_64_0) |
Example responses
201 Response
{
"response": {
"id": 1,
"url": "string",
"created_at": "2019-08-24T14:15:22Z",
"created_ip": "string",
"name": "string",
"expires_at": "2019-08-24T14:15:22Z",
"lifetime": "string",
"expired": true,
"last_accessed_at": "string",
"last_accessed_ip": "string",
"access": "rs"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156347797058992573673734848595852371200179",
"message": "expires range must be between 60 and 259200"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Created | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 201
AccessUrlDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| url | string | false | - | - |
| created_at | string(date-time) | false | - | - |
| created_ip | string | false | - | - |
| name | string | false | - | - |
| expires_at | string(date-time) | false | - | - |
| lifetime | string | false | - | - |
| expired | boolean | false | - | - |
| last_accessed_at | string¦null | false | - | - |
| last_accessed_ip | string¦null | false | - | - |
| access | string | false | - | Type of access, remote support (rs) or clientpack (cp:100_1_64_0) |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Find and delete access URL
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/access/url \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.delete_access_url_by_search(
access_url_id=access_url_id)
print(api_response.json())
DELETE /access/url
Delete access URL by ID or URL
Body parameter
{
"access_url_id": 1,
"access_url": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| access_url_id | body | integer | false | ID of access URL |
| access_url | body | string | false | - |
One of the following param combinations are required:
access_url_id
access_url
Example responses
200 Response
{
"response": "Access url deleted"
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Invalid or missing access url"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
SimpleStringResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | string | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get access URL
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/access/url/{access_url_id} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.get_access_url(access_url_id)
print(api_response.json())
GET /access/url/{access_url_id}
Retrieve details for specific access url (including expired ones)
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| access_url_id | path | integer | true | Access URL ID |
Example responses
200 Response
{
"response": {
"id": 1,
"url": "string",
"created_at": "2019-08-24T14:15:22Z",
"created_ip": "string",
"name": "string",
"expires_at": "2019-08-24T14:15:22Z",
"lifetime": "string",
"expired": true,
"last_accessed_at": "string",
"last_accessed_ip": "string",
"access": "rs"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Invalid or missing access url"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
AccessUrlDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| url | string | false | - | - |
| created_at | string(date-time) | false | - | - |
| created_ip | string | false | - | - |
| name | string | false | - | - |
| expires_at | string(date-time) | false | - | - |
| lifetime | string | false | - | - |
| expired | boolean | false | - | - |
| last_accessed_at | string¦null | false | - | - |
| last_accessed_ip | string¦null | false | - | - |
| access | string | false | - | Type of access, remote support (rs) or clientpack (cp:100_1_64_0) |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Expire access URL
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/access/url/{access_url_id} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.put_expire_access_url(access_url_id,
expired=expired)
print(api_response.json())
PUT /access/url/{access_url_id}
Expire access URL
Body parameter
{
"expired": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| access_url_id | path | integer | true | Access URL ID |
| expired | body | boolean | false | - |
Example responses
200 Response
{
"response": {
"id": 1,
"url": "string",
"created_at": "2019-08-24T14:15:22Z",
"created_ip": "string",
"name": "string",
"expires_at": "2019-08-24T14:15:22Z",
"lifetime": "string",
"expired": true,
"last_accessed_at": "string",
"last_accessed_ip": "string",
"access": "rs"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Invalid or missing access url"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
AccessUrlDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| url | string | false | - | - |
| created_at | string(date-time) | false | - | - |
| created_ip | string | false | - | - |
| name | string | false | - | - |
| expires_at | string(date-time) | false | - | - |
| lifetime | string | false | - | - |
| expired | boolean | false | - | - |
| last_accessed_at | string¦null | false | - | - |
| last_accessed_ip | string¦null | false | - | - |
| access | string | false | - | Type of access, remote support (rs) or clientpack (cp:100_1_64_0) |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete access URL
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/access/url/{access_url_id} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.delete_access_url(access_url_id)
print(api_response.json())
DELETE /access/url/{access_url_id}
Delete access URL by ID
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| access_url_id | path | integer | true | Access URL ID |
Example responses
200 Response
{
"response": "Access url deleted"
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Invalid or missing access url"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
SimpleStringResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | string | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Update VPN Identity settings
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/identity/vpn \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.put_identity_v_p_n_settings()
print(api_response.json())
PUT /identity/vpn
Put VPN Identity settings
Body parameter
{
"host": "string",
"port": 0,
"encrypt": true,
"encrypt_ldaps": true,
"encrypt_auth": true,
"encrypt_auth_key": true,
"encrypt_auth_cert": true,
"encrypt_verify_ca": true,
"encrypt_ca_cert": true,
"binddn": "string",
"bindpw": "string",
"encrypt_auth_cert_data": "string",
"encrypt_auth_cert_filename": "tls.cert",
"encrypt_auth_key_data": "string",
"encrypt_auth_key_filename": "tls.key",
"encrypt_ca_cert_data": "string",
"encrypt_ca_cert_filename": "ca.pem",
"user_base": "string",
"user_id_attribute": "string",
"user_list_filter": "string",
"group_base": "string",
"group_id_attribute": "string",
"group_list_filter": "string",
"group_member_attribute": "string",
"group_member_attr_format": "string",
"group_search_scope": "string",
"otp": true,
"otp_url": "string",
"provider": "string",
"enabled": true
}
Example responses
200 Response
{
"response": {
"host": "string",
"port": 0,
"encrypt": true,
"encrypt_ldaps": true,
"encrypt_auth": true,
"encrypt_auth_key": true,
"encrypt_auth_cert": true,
"encrypt_verify_ca": true,
"encrypt_ca_cert": true,
"binddn": "string",
"bindpw": "string",
"encrypt_auth_cert_data": "string",
"encrypt_auth_cert_filename": "tls.cert",
"encrypt_auth_key_data": "string",
"encrypt_auth_key_filename": "tls.key",
"encrypt_ca_cert_data": "string",
"encrypt_ca_cert_filename": "ca.pem",
"user_base": "string",
"user_id_attribute": "string",
"user_list_filter": "string",
"group_base": "string",
"group_id_attribute": "string",
"group_list_filter": "string",
"group_member_attribute": "string",
"group_member_attr_format": "string",
"group_search_scope": "string",
"otp": true,
"otp_url": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IdentitySettingsResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | any | false | - | - |
oneOf
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | object | false | - | - |
| host | string | false | - | IP address or resolvable hostname |
| port | integer | false | - | - |
| encrypt | boolean | false | - | Use SSL |
| encrypt_ldaps | boolean | false | - | Use LDAPS or start TLS |
| encrypt_auth | boolean | false | - | Use certificates to authenticate via encrypted connection |
| encrypt_auth_key | boolean | false | - | - |
| encrypt_auth_cert | boolean | false | - | - |
| encrypt_verify_ca | boolean | false | - | Verify certicate using authority |
| encrypt_ca_cert | boolean | false | - | - |
| binddn | string | false | - | Bind username |
| bindpw | string | false | - | Bind password |
| encrypt_auth_cert_data | string | false | - | Authentication certificate text content to use, empty to delete |
| encrypt_auth_cert_filename | string | false | - | Authentication certificate filename |
| encrypt_auth_key_data | string | false | - | Authentication key text content to use, empty to delete |
| encrypt_auth_key_filename | string | false | - | Authentication key filename |
| encrypt_ca_cert_data | string | false | - | CA certificate text content to use, empty to delete |
| encrypt_ca_cert_filename | string | false | - | CA certificate filename |
| user_base | string | false | - | Base DN from which to search for Users |
| user_id_attribute | string | false | - | Attribute type for the Users |
| user_list_filter | string | false | - | Search filter for Users |
| group_base | string | false | - | Base DN from which to search for Groups |
| group_id_attribute | string | false | - | Attribute type for the Groups |
| group_list_filter | string | false | - | Search filter for Groups |
| group_member_attribute | string | false | - | Attribute used to search for a user within the Group |
| group_member_attr_format | string | false | - | UserID or UserDN |
| group_search_scope | string | false | - | base, single or subtree |
| otp | boolean | false | - | Use OTP code |
| otp_url | string | false | - | - |
xor
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | object | false | - | - |
| enabled | boolean | false | - | - |
| provider | string | false | - | - |
| identifier | string | false | - | - |
| secret | string | false | - | - |
| redirect_hostname | string | false | - | - |
| authorization_endpoint | string | false | - | - |
| token_endpoint | string | false | - | - |
| userinfo_endpoint | string | false | - | - |
| jwks_uri | string | false | - | - |
| otp_url | string | false | - | - |
| issuer | string | false | - | - |
| keys | object | false | - | - |
| keys | [object] | false | - | - |
| keys_date | string(date-time) | false | - | - |
xor
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | object | false | - | - |
| server | string | false | - | IP address or resolvable hostname |
| auth_port | integer | false | - | Authentication port |
| accounting_port | integer | false | - | - |
| pass | string | false | - | Shared password |
Get identity Settings for VPN Users
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/identity/controller \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.get_identity_controller_settings()
print(api_response.json())
GET /identity/controller
get Identity VPN settings
Example responses
200 Response
{
"response": {
"host": "string",
"port": 0,
"encrypt": true,
"encrypt_ldaps": true,
"encrypt_auth": true,
"encrypt_auth_key": true,
"encrypt_auth_cert": true,
"encrypt_verify_ca": true,
"encrypt_ca_cert": true,
"binddn": "string",
"bindpw": "string",
"encrypt_auth_cert_data": "string",
"encrypt_auth_cert_filename": "tls.cert",
"encrypt_auth_key_data": "string",
"encrypt_auth_key_filename": "tls.key",
"encrypt_ca_cert_data": "string",
"encrypt_ca_cert_filename": "ca.pem",
"user_base": "string",
"user_id_attribute": "string",
"user_list_filter": "string",
"group_base": "string",
"group_id_attribute": "string",
"group_list_filter": "string",
"group_member_attribute": "string",
"group_member_attr_format": "string",
"group_search_scope": "string",
"otp": true,
"otp_url": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IdentitySettingsResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | any | false | - | - |
oneOf
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | object | false | - | - |
| host | string | false | - | IP address or resolvable hostname |
| port | integer | false | - | - |
| encrypt | boolean | false | - | Use SSL |
| encrypt_ldaps | boolean | false | - | Use LDAPS or start TLS |
| encrypt_auth | boolean | false | - | Use certificates to authenticate via encrypted connection |
| encrypt_auth_key | boolean | false | - | - |
| encrypt_auth_cert | boolean | false | - | - |
| encrypt_verify_ca | boolean | false | - | Verify certicate using authority |
| encrypt_ca_cert | boolean | false | - | - |
| binddn | string | false | - | Bind username |
| bindpw | string | false | - | Bind password |
| encrypt_auth_cert_data | string | false | - | Authentication certificate text content to use, empty to delete |
| encrypt_auth_cert_filename | string | false | - | Authentication certificate filename |
| encrypt_auth_key_data | string | false | - | Authentication key text content to use, empty to delete |
| encrypt_auth_key_filename | string | false | - | Authentication key filename |
| encrypt_ca_cert_data | string | false | - | CA certificate text content to use, empty to delete |
| encrypt_ca_cert_filename | string | false | - | CA certificate filename |
| user_base | string | false | - | Base DN from which to search for Users |
| user_id_attribute | string | false | - | Attribute type for the Users |
| user_list_filter | string | false | - | Search filter for Users |
| group_base | string | false | - | Base DN from which to search for Groups |
| group_id_attribute | string | false | - | Attribute type for the Groups |
| group_list_filter | string | false | - | Search filter for Groups |
| group_member_attribute | string | false | - | Attribute used to search for a user within the Group |
| group_member_attr_format | string | false | - | UserID or UserDN |
| group_search_scope | string | false | - | base, single or subtree |
| otp | boolean | false | - | Use OTP code |
| otp_url | string | false | - | - |
xor
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | object | false | - | - |
| enabled | boolean | false | - | - |
| provider | string | false | - | - |
| identifier | string | false | - | - |
| secret | string | false | - | - |
| redirect_hostname | string | false | - | - |
| authorization_endpoint | string | false | - | - |
| token_endpoint | string | false | - | - |
| userinfo_endpoint | string | false | - | - |
| jwks_uri | string | false | - | - |
| otp_url | string | false | - | - |
| issuer | string | false | - | - |
| keys | object | false | - | - |
| keys | [object] | false | - | - |
| keys_date | string(date-time) | false | - | - |
Test VPN Identity Settings
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/identity/vpn/test \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.post_test_identity_v_p_n_settings(
provider=provider,
host=host,
port=port,
encrypt=encrypt,
encrypt_ldaps=encrypt_ldaps,
encrypt_auth=encrypt_auth,
encrypt_verify_ca=encrypt_verify_ca,
binddn=binddn,
bindpw=bindpw,
auth_cert=auth_cert,
auth_cert_current=auth_cert_current,
auth_key=auth_key,
auth_key_current=auth_key_current,
ca_cert=ca_cert,
ca_cert_current=ca_cert_current)
print(api_response.json())
POST /identity/vpn/test
Test VPN Identity settings
Body parameter
{
"provider": "string",
"host": "string",
"port": 389,
"encrypt": false,
"encrypt_ldaps": true,
"encrypt_auth": false,
"encrypt_verify_ca": false,
"binddn": "string",
"bindpw": "string",
"auth_cert": "string",
"auth_cert_current": false,
"auth_key": "string",
"auth_key_current": false,
"ca_cert": "string",
"ca_cert_current": false
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| provider | body | string | true | Currently only ldap is supported for testing |
| host | body | string | false | IP address or resolvable hostname of LDAP server |
| port | body | integer | false | Port for LDAP |
| encrypt | body | boolean | false | Use SSL |
| encrypt_ldaps | body | boolean | false | Use LDAPS or start TLS (default)? |
| encrypt_auth | body | boolean | false | Use certificates to authenticate via encrypted connection |
| encrypt_verify_ca | body | boolean | false | Verify certicate using authority |
| binddn | body | string | false | Bind Username |
| bindpw | body | string | false | Bind Password |
| auth_cert | body | string | false | Authentication certificate text content to use |
| auth_cert_current | body | boolean | false | Test with current uploaded authentication certificate? |
| auth_key | body | string | false | Authentication key text content to use |
| auth_key_current | body | boolean | false | Test with current uploaded authentication key? |
| ca_cert | body | string | false | CA certificate text content to use |
| ca_cert_current | body | boolean | false | Test with current uploaded CA certificate? |
Example responses
200 Response
{
"response": {
"connect_success": true,
"message": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| connect_success | boolean | false | - | - |
| message | string | false | - | - |
Update Controller Identity settings
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/identity/controller \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.put_identity_controller_settings()
print(api_response.json())
PUT /identity/controller
Put Controller Identity settings
Body parameter
{
"host": "string",
"port": 0,
"encrypt": true,
"encrypt_ldaps": true,
"encrypt_auth": true,
"encrypt_auth_key": true,
"encrypt_auth_cert": true,
"encrypt_verify_ca": true,
"encrypt_ca_cert": true,
"binddn": "string",
"bindpw": "string",
"encrypt_auth_cert_data": "string",
"encrypt_auth_cert_filename": "tls.cert",
"encrypt_auth_key_data": "string",
"encrypt_auth_key_filename": "tls.key",
"encrypt_ca_cert_data": "string",
"encrypt_ca_cert_filename": "ca.pem",
"user_base": "string",
"user_id_attribute": "string",
"user_list_filter": "string",
"group_base": "string",
"group_id_attribute": "string",
"group_list_filter": "string",
"group_member_attribute": "string",
"group_member_attr_format": "string",
"group_search_scope": "string",
"otp": true,
"otp_url": "string",
"provider": "string",
"enabled": true
}
Example responses
200 Response
{
"response": {
"host": "string",
"port": 0,
"encrypt": true,
"encrypt_ldaps": true,
"encrypt_auth": true,
"encrypt_auth_key": true,
"encrypt_auth_cert": true,
"encrypt_verify_ca": true,
"encrypt_ca_cert": true,
"binddn": "string",
"bindpw": "string",
"encrypt_auth_cert_data": "string",
"encrypt_auth_cert_filename": "tls.cert",
"encrypt_auth_key_data": "string",
"encrypt_auth_key_filename": "tls.key",
"encrypt_ca_cert_data": "string",
"encrypt_ca_cert_filename": "ca.pem",
"user_base": "string",
"user_id_attribute": "string",
"user_list_filter": "string",
"group_base": "string",
"group_id_attribute": "string",
"group_list_filter": "string",
"group_member_attribute": "string",
"group_member_attr_format": "string",
"group_search_scope": "string",
"otp": true,
"otp_url": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IdentitySettingsResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | any | false | - | - |
oneOf
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | object | false | - | - |
| host | string | false | - | IP address or resolvable hostname |
| port | integer | false | - | - |
| encrypt | boolean | false | - | Use SSL |
| encrypt_ldaps | boolean | false | - | Use LDAPS or start TLS |
| encrypt_auth | boolean | false | - | Use certificates to authenticate via encrypted connection |
| encrypt_auth_key | boolean | false | - | - |
| encrypt_auth_cert | boolean | false | - | - |
| encrypt_verify_ca | boolean | false | - | Verify certicate using authority |
| encrypt_ca_cert | boolean | false | - | - |
| binddn | string | false | - | Bind username |
| bindpw | string | false | - | Bind password |
| encrypt_auth_cert_data | string | false | - | Authentication certificate text content to use, empty to delete |
| encrypt_auth_cert_filename | string | false | - | Authentication certificate filename |
| encrypt_auth_key_data | string | false | - | Authentication key text content to use, empty to delete |
| encrypt_auth_key_filename | string | false | - | Authentication key filename |
| encrypt_ca_cert_data | string | false | - | CA certificate text content to use, empty to delete |
| encrypt_ca_cert_filename | string | false | - | CA certificate filename |
| user_base | string | false | - | Base DN from which to search for Users |
| user_id_attribute | string | false | - | Attribute type for the Users |
| user_list_filter | string | false | - | Search filter for Users |
| group_base | string | false | - | Base DN from which to search for Groups |
| group_id_attribute | string | false | - | Attribute type for the Groups |
| group_list_filter | string | false | - | Search filter for Groups |
| group_member_attribute | string | false | - | Attribute used to search for a user within the Group |
| group_member_attr_format | string | false | - | UserID or UserDN |
| group_search_scope | string | false | - | base, single or subtree |
| otp | boolean | false | - | Use OTP code |
| otp_url | string | false | - | - |
xor
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | object | false | - | - |
| enabled | boolean | false | - | - |
| provider | string | false | - | - |
| identifier | string | false | - | - |
| secret | string | false | - | - |
| redirect_hostname | string | false | - | - |
| authorization_endpoint | string | false | - | - |
| token_endpoint | string | false | - | - |
| userinfo_endpoint | string | false | - | - |
| jwks_uri | string | false | - | - |
| otp_url | string | false | - | - |
| issuer | string | false | - | - |
| keys | object | false | - | - |
| keys | [object] | false | - | - |
| keys_date | string(date-time) | false | - | - |
Test Controller Identity Settings. Currently only LDAP testing is supported.
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/identity/controller/test \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.access.post_test_identity_controller_settings(
provider=provider,
host=host,
port=port,
encrypt=encrypt,
encrypt_ldaps=encrypt_ldaps,
encrypt_auth=encrypt_auth,
encrypt_verify_ca=encrypt_verify_ca,
binddn=binddn,
bindpw=bindpw,
auth_cert=auth_cert,
auth_cert_current=auth_cert_current,
auth_key=auth_key,
auth_key_current=auth_key_current,
ca_cert=ca_cert,
ca_cert_current=ca_cert_current)
print(api_response.json())
POST /identity/controller/test
Test Controller Identity settings
Body parameter
{
"provider": "string",
"host": "string",
"port": 389,
"encrypt": false,
"encrypt_ldaps": true,
"encrypt_auth": false,
"encrypt_verify_ca": false,
"binddn": "string",
"bindpw": "string",
"auth_cert": "string",
"auth_cert_current": false,
"auth_key": "string",
"auth_key_current": false,
"ca_cert": "string",
"ca_cert_current": false
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| provider | body | string | true | Currently only ldap is supported for testing |
| host | body | string | false | IP address or resolvable hostname of LDAP server |
| port | body | integer | false | Port for LDAP |
| encrypt | body | boolean | false | Use SSL |
| encrypt_ldaps | body | boolean | false | Use LDAPS or start TLS (default)? |
| encrypt_auth | body | boolean | false | Use certificates to authenticate via encrypted connection |
| encrypt_verify_ca | body | boolean | false | Verify certicate using authority |
| binddn | body | string | false | Bind Username |
| bindpw | body | string | false | Bind Password |
| auth_cert | body | string | false | Authentication certificate text content to use |
| auth_cert_current | body | boolean | false | Test with current uploaded authentication certificate? |
| auth_key | body | string | false | Authentication key text content to use |
| auth_key_current | body | boolean | false | Test with current uploaded authentication key? |
| ca_cert | body | string | false | CA certificate text content to use |
| ca_cert_current | body | boolean | false | Test with current uploaded CA certificate? |
Example responses
200 Response
{
"response": {
"connect_success": true,
"message": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| connect_success | boolean | false | - | - |
| message | string | false | - | - |
Configuration
VNS3 configuration such as licensing, VNS3:Management System, SSL certs and keyset generation
Update UI Settings
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/admin_ui \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.put_update_admin_ui(
enabled=enabled,
admin_username=admin_username,
admin_password=admin_password)
print(api_response.json())
PUT /admin_ui
Update Admin UI settings. Enable/Disable and set credentials.
Body parameter
{
"enabled": true,
"admin_username": "string",
"admin_password": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| enabled | body | boolean | false | - |
| admin_username | body | string | false | - |
| admin_password | body | string | false | - |
Example responses
200 Response
{
"response": {
"enabled": true,
"username": "vnscubed_user"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156348220177382578437853325229350053485636",
"message": "admin_username is invalid"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
AdminUISettingsDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| enabled | boolean | false | - | - |
| username | string | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Update API password
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/api_password \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.put_update_api_password(
password=password)
print(api_response.json())
PUT /api_password
Allows you to change the API password/secret key. To change the Web UI password (or username) use PUT admin_ui.
Body parameter
{
"password": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| password | body | string | false | - |
Example responses
200 Response
{
"response": {
"password_reset": "ok"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156348220177382578437853325229350053485636",
"message": "Invalid password"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
PasswordResetResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| password_reset | string | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get Runtime Config
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/config \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.get_config()
print(api_response.json())
GET /config
Describe Runtime Configuration for VNS3 Controller
Example responses
200 Response
{
"response": {
"asn": 65001,
"topology_name": "Cohesive",
"controller_name": "Controller 1",
"topology_checksum": "a04a92073a4f6f32a2abce45439a2d8c016334dc",
"manager_id": 1,
"ntp_hosts": "0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org ntp.ubuntu.com time.apple.com",
"vns3_version": "4.5.0",
"licensed": true,
"overlay_ipaddress": "172.31.0.100",
"peered": true,
"public_ipaddress": "50.240.142.209",
"private_ipaddress": "192.168.30.247"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Get runtime Configuration details | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
ConfigDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| asn | integer | false | - | Autonomous system number for controller if peered |
| topology_name | string | false | - | - |
| controller_name | string | false | - | - |
| topology_checksum | string | false | - | - |
| manager_id | integer | false | - | This managers ID in peered topology |
| ntp_hosts | string | false | - | NTP host endpoints, whitespace delimited |
| vns3_version | string | false | - | - |
| licensed | boolean | false | - | - |
| overlay_ipaddress | string | false | - | This managers overlay IP in peered topology |
| peered | boolean | false | - | - |
| public_ipaddress | string | false | - | - |
| subnet_gateway | string | false | - | - |
| private_ipaddress | string | false | - | - |
| security_token | string | false | - | Security token in peered topology |
Update Config
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/config \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.put_config(
topology_name=topology_name,
controller_name=controller_name,
ntp_hosts=ntp_hosts)
print(api_response.json())
PUT /config
Provides general information about the manager's topology, license state and checksums and allows you to set the topology name.
Body parameter
{
"topology_name": "string",
"controller_name": "string",
"ntp_hosts": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| topology_name | body | string | false | Specifies a text name to display at the top of the web ui and in the desc_config API response |
| controller_name | body | string | false | Specifies a text name for this controller |
| ntp_hosts | body | string | false | Single or space separated list of ntp server IPs or dns names. Using this argument overwrites the existing Configuration. |
Example responses
200 Response
{
"response": {
"asn": 0,
"topology_name": "string",
"controller_name": "string",
"topology_checksum": "string",
"manager_id": 1,
"ntp_hosts": "string",
"vns3_version": "string",
"licensed": true,
"overlay_ipaddress": "string",
"peered": true,
"public_ipaddress": "string",
"subnet_gateway": "string",
"private_ipaddress": "string",
"security_token": "string"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156348220177382578437853325229350053485636",
"message": "ntp_hosts is not in proper domain name format or ipv4 address format. Update abandoned."
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
ConfigDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| asn | integer | false | - | Autonomous system number for controller if peered |
| topology_name | string | false | - | - |
| controller_name | string | false | - | - |
| topology_checksum | string | false | - | - |
| manager_id | integer | false | - | This managers ID in peered topology |
| ntp_hosts | string | false | - | NTP host endpoints, whitespace delimited |
| vns3_version | string | false | - | - |
| licensed | boolean | false | - | - |
| overlay_ipaddress | string | false | - | This managers overlay IP in peered topology |
| peered | boolean | false | - | - |
| public_ipaddress | string | false | - | - |
| subnet_gateway | string | false | - | - |
| private_ipaddress | string | false | - | - |
| security_token | string | false | - | Security token in peered topology |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get SSL Certs
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/system/ssl \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.get_s_s_l_certs()
print(api_response.json())
GET /system/ssl
Get SSL Certificates
Example responses
200 Response
{
"response": {
"certs": [
{
"subject": "string",
"issuer": "string",
"before": "string",
"after": "string",
"algorithm": "string",
"sha1_fingerprint": "string",
"sha256_fingerprint": "string"
}
]
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Get VNS3:ms alert success | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
SSLCertsResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| certs | [object] | false | - | - |
| SSLCert | object | false | - | - |
| subject | string | false | - | - |
| issuer | string | false | - | - |
| before | string | false | - | - |
| after | string | false | - | - |
| algorithm | string | false | - | - |
| sha1_fingerprint | string | false | - | - |
| sha256_fingerprint | string | false | - | - |
Upload SSL certs
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/system/ssl/keypair \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.put_upload_ssl_keypair(
cert=cert,
key=key)
print(api_response.json())
PUT /system/ssl/keypair
Upload new SSL cert and key pair
Body parameter
{
"cert": "string",
"key": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| cert | body | string | true | - |
| key | body | string | true | - |
Example responses
200 Response
{
"response": "Valid key/cert files uploaded"
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156348346294205629750334447737345166168929",
"message": "cert is missing, key is missing"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
SimpleStringResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | string | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Install SSL certs
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/system/ssl/install \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.put_install_ssl_keypair()
print(api_response.json())
PUT /system/ssl/install
Install SSL cert and key pair
Example responses
200 Response
{
"response": {
"status": "SSL Cert installation queued",
"uuid": "10923jnowfdhgu039jon4r09201"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156348346294205629750334447737345166168929",
"message": "cert is missing, key is missing"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
ServerSSLDetailResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| uuid | string | false | - | - |
| status | string | false | - | - |
| state | string | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get SSL Install Status
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/system/ssl/install/{uuid} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.get_ssl_install_status(uuid)
print(api_response.json())
GET /system/ssl/install/{uuid}
Get status for ssl installation task
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| uuid | path | string | true | uuid of resource |
Example responses
200 Response
{
"response": {
"uuid": "19230109239012390129031012312",
"status": "Job pending",
"state": "pending"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Unknown Job ID: 1234"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
ServerSSLDetailResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| uuid | string | false | - | - |
| status | string | false | - | - |
| state | string | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get Variable Collections
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/system/variable-collections \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.get_variable_collections(
collections=collections)
print(api_response.json())
GET /system/variable-collections
Get system variable collections
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| collections | query | string | false | filter variables by collections (accepts csv A,B,C) |
Example responses
200 Response
{
"response": [
{
"name": "string",
"prefix": "string"
}
]
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
VariableCollectionsListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | [object] | false | - | - |
| name | string | false | - | - |
| prefix | string | false | - | variable name prefix. All variables in collection start with prefix. |
Get Variables
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/system/variables \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.get_variables()
print(api_response.json())
GET /system/variables
Get system variables grouped by collections
Example responses
200 Response
{
"response": {
"property1": [
{
"variable": "string",
"description": "string",
"value": "string"
}
],
"property2": [
{
"variable": "string",
"description": "string",
"value": "string"
}
]
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
VariablesListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | lists of variables grouped by collection |
| additionalProperties | [object] | false | - | - |
| Variable | object | false | - | - |
| variable | string | false | - | resolvable variable name |
| description | string | false | - | - |
| value | string | false | - | value that the variable resolves to |
Create Variable
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/system/variables \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.post_create_custom_variable(
name=name,
value=value,
description=description)
print(api_response.json())
POST /system/variables
Create custom variable
Body parameter
{
"name": "string",
"value": "string",
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| name | body | string | true | - |
| value | body | string | true | - |
| description | body | string | false | - |
Example responses
201 Response
{
"response": {
"property1": [
{
"variable": "string",
"description": "string",
"value": "string"
}
],
"property2": [
{
"variable": "string",
"description": "string",
"value": "string"
}
]
}
}
400 Response
{
"error": {
"name": "APIBadRequestError",
"log": "156347797058992573673734848595852371200179",
"message": "Invalid name. Names can only contain alphanumeric characters and underscores."
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 201
VariablesListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | lists of variables grouped by collection |
| additionalProperties | [object] | false | - | - |
| Variable | object | false | - | - |
| variable | string | false | - | resolvable variable name |
| description | string | false | - | - |
| value | string | false | - | value that the variable resolves to |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Update Variable
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/system/variables/{name} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.put_update_custom_variable(name,
value=value,
description=description)
print(api_response.json())
PUT /system/variables/{name}
Update custom variable value
Body parameter
{
"value": "string",
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| name | path | string | true | name of variable |
| value | body | string | false | - |
| description | body | string | false | - |
Example responses
200 Response
{
"response": {
"variable": "string",
"description": "string",
"value": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Link does not exist"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
VariableDetailResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| variable | string | false | - | resolvable variable name |
| description | string | false | - | - |
| value | string | false | - | value that the variable resolves to |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete Variable
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/system/variables/{name} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.delete_custom_variable(name)
print(api_response.json())
DELETE /system/variables/{name}
Delete custom variable
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| name | path | string | true | name of variable |
Example responses
200 Response
{
"response": {
"property1": [
{
"variable": "string",
"description": "string",
"value": "string"
}
],
"property2": [
{
"variable": "string",
"description": "string",
"value": "string"
}
]
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Custom variable foo does not exist"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 404 | Not Found | Not found | Inline |
Response Schema
Status Code 200
VariablesListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | lists of variables grouped by collection |
| additionalProperties | [object] | false | - | - |
| Variable | object | false | - | - |
| variable | string | false | - | resolvable variable name |
| description | string | false | - | - |
| value | string | false | - | value that the variable resolves to |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get Keyset
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/keyset \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.undefined.get_keyset()
print(api_response.json())
GET /keyset
Returns topology keyset details. The keyset is a set of cryptographic credentials used for encrypting all data on the overlay network.
Example responses
200 Response
{
"response": {
"keyset_present": true,
"created_at": "2019-07-19T19:44:02.191+00:00",
"created_at_i": 1563565442,
"checksum": "6093b865464ec3f7ab7213975c3b952763d1df14",
"uuid": "8effb1ea-aa5d-11e9-aaf4-02935c82307a"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
KeysetDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| in_progress | boolean | false | - | - |
| running | integer | false | - | - |
| keyset_present | boolean | false | - | - |
| checksum | string | false | - | - |
| created_at | string | false | - | - |
| created_at_i | integer | false | - | - |
| started_at | string | false | - | - |
| started_at_i | integer | false | - | - |
| uuid | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Generate Keyset
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/keyset \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.put_keyset(
source=source,
token=token,
topology_name=topology_name)
print(api_response.json())
PUT /keyset
Generate keyset The keyset is a set of cryptographic credentials used for encrypting all data on the overlay network. Keyset generation happens in background. Poll on GET /keyset in_progress value for keyset status.
Body parameter
{
"source": "string",
"token": "string",
"topology_name": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| source | body | string | false | If provided, fetches keyset from source manager |
| token | body | string | true | Arbitrary key used to help randomize the checksum, it must be identical for each manager in a topology. |
| topology_name | body | string | false | Name for the topology |
Example responses
200 Response
{
"response": {
"keyset_preset": false,
"in_progress": true,
"started_at": "2019-07-19T19:43:00.147+00:00",
"started_at_i": 1563565380,
"running": 0
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156348346294205629750334447737345166168929",
"message": "token is missing"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
KeysetDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| in_progress | boolean | false | - | - |
| running | integer | false | - | - |
| keyset_present | boolean | false | - | - |
| checksum | string | false | - | - |
| created_at | string | false | - | - |
| created_at_i | integer | false | - | - |
| started_at | string | false | - | - |
| started_at_i | integer | false | - | - |
| uuid | string | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get License Details
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/license \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.licensing.get_license()
print(api_response.json())
GET /license
Get license details
Example responses
200 Response
{
"response": {
"capabilities": [
"string"
],
"finalized": true,
"my_manager_vip": "string",
"license": "string",
"license_present": true,
"sha1_checksum": "string",
"uploaded_at": "string",
"custom_addressing": true,
"uploaded_at_i": 0,
"container_details": {
"containers_run_count": 0,
"containers_image_count": 0
},
"topology": {
"clients": [
{
"ip_address": "string",
"octets": [
0
]
}
],
"managers": [
{
"asn": 0,
"manager_id": 1,
"overlay_ipaddress": {
"ip_address": "string",
"octets": [
0
]
}
}
],
"total_clients": 0,
"ipsec_max_subnets": 0,
"ipsec_max_endpoints": 0,
"license_upgrades": [
"string"
],
"overlay_max_clients": 0,
"overlay_subnet": "string"
}
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "9009012801280138018910283081301390103",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Get license topology details | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
LicenseDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| capabilities | [string] | false | - | Features available such as eBGP, CloudWAN etc. |
| finalized | boolean | false | - | - |
| my_manager_vip | string | false | - | - |
| license | string | false | - | State of license, accepted, in-progress, failed |
| license_present | boolean | false | - | - |
| sha1_checksum | string | false | - | - |
| uploaded_at | string | false | - | - |
| custom_addressing | boolean | false | - | - |
| uploaded_at_i | integer | false | - | - |
| container_details | object | false | - | - |
| containers_run_count | integer | false | - | - |
| containers_image_count | integer | false | - | - |
| topology | object | false | - | - |
| clients | [object] | false | - | IPs for clientpacks |
| ip_address | string | false | - | - |
| octets | [integer] | false | - | - |
| managers | [object] | false | - | - |
| VNS3Controller | object | false | - | - |
| asn | integer | false | - | - |
| manager_id | integer | false | - | - |
| overlay_ipaddress | object | false | - | - |
| ip_address | string | false | - | - |
| octets | [integer] | false | - | - |
| total_clients | integer | false | - | - |
| ipsec_max_subnets | integer | false | - | - |
| ipsec_max_endpoints | integer | false | - | - |
| license_upgrades | [string] | false | - | - |
| overlay_max_clients | integer | false | - | - |
| overlay_subnet | string | false | - | CIDR for overlay clients |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Upload License
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/license \
-H 'Content-Type: text/plain' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.licensing.upload_license()
print(api_response.json())
PUT /license
License a VNS3 Controller to be a part of a specific topology. Must not be licensed already.
Body parameter
string
Example responses
200 Response
{
"response": {
"capabilities": [
"string"
],
"finalized": true,
"license": "string",
"license_present": true,
"default_topology": {
"clients": [
{
"ip_address": "string",
"octets": [
0
]
}
],
"managers": [
{
"asn": 0,
"manager_id": 1,
"overlay_ipaddress": {
"ip_address": "string",
"octets": [
0
]
}
}
],
"total_clients": 0,
"ipsec_max_subnets": 0,
"ipsec_max_endpoints": 0,
"license_upgrades": [
"string"
],
"overlay_max_clients": 0,
"overlay_subnet": "string"
}
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156348220177382578437853325229350053485636",
"message": "Bad license"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Upload license response | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
InitLicenseDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| capabilities | [string] | false | - | Features available such as eBGP, CloudWAN, Containers etc. |
| finalized | boolean | false | - | - |
| license | string | false | - | State of license, accepted, in-progress, failed |
| license_present | boolean | false | - | - |
| default_topology | object | false | - | - |
| clients | [object] | false | - | IPs for clientpacks |
| ip_address | string | false | - | - |
| octets | [integer] | false | - | - |
| managers | [object] | false | - | - |
| VNS3Controller | object | false | - | - |
| asn | integer | false | - | - |
| manager_id | integer | false | - | - |
| overlay_ipaddress | object | false | - | - |
| ip_address | string | false | - | - |
| octets | [integer] | false | - | - |
| total_clients | integer | false | - | - |
| ipsec_max_subnets | integer | false | - | - |
| ipsec_max_endpoints | integer | false | - | - |
| license_upgrades | [string] | false | - | - |
| overlay_max_clients | integer | false | - | - |
| overlay_subnet | string | false | - | CIDR for overlay clients |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Set License Parameters
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/license/parameters \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.licensing.put_set_license_parameters(
subnet=subnet,
managers=managers,
asns=asns,
clients=clients,
my_manager_vip=my_manager_vip,
default=default)
print(api_response.json())
PUT /license/parameters
Set and accept license parameters. Triggers reboot. Irreversible operation.
Body parameter
{
"subnet": "string",
"managers": "string",
"asns": "string",
"clients": "string",
"my_manager_vip": "string",
"default": false
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| subnet | body | string | false | Specifies the CIDR of the virtual network created for use with the VNS3 Manager |
| managers | body | string | false | Whitespace delimited address string in the subnet to use for the VNS3 Controllers' virtual interfaces. |
| asns | body | string | false | Whitespace delimited string of ASNs (autonomous system numbers) corresponding to the order of the controllers |
| clients | body | string | false | Comma delimited, or hyphenated sequence of addresses for use as client addresses in the virtual network. |
| my_manager_vip | body | string | false | IPAddress that must be allocated from the subnet, and be the same for all controllers |
| default | body | boolean | false | Specifices whether to use defualt topology addressing as specified by the license |
Example responses
200 Response
{
"response": {
"license": "string",
"finalized": true,
"parameters": {
"subnet": "string",
"controllers": [
"string"
],
"managers": [
"string"
],
"clients": [
"string"
],
"asns": [
0
],
"my_manager_vip": "string"
}
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156348346294205629750334447737345166168929",
"message": "invalid asns field"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Put new license parameters for topology | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
LicenseParametersDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| license | string | false | - | - |
| finalized | boolean | false | - | - |
| parameters | object | false | - | - |
| subnet | string | false | - | - |
| controllers | [string] | false | - | IP addresses of VNS3 controllers in topology |
| managers | [string] | false | - | IP addresses of VNS3 controllers in topology |
| clients | [string] | false | - | IP addresses of clients in topology |
| asns | [integer] | false | - | ASNs used by controllers in topology |
| my_manager_vip | string | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Upgrade License
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/license/upgrade \
-H 'Content-Type: text/plain' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.licensing.put_license_upgrade()
print(api_response.json())
PUT /license/upgrade
Upload new license to controller
Body parameter
string
Example responses
200 Response
{
"response": {
"finalized": true,
"uniq": "string",
"license": "string",
"new_clientpacks": 0,
"new_managers": 0
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | New license parameters | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
UpgradeLicenseResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| finalized | boolean | false | - | - |
| uniq | string | false | - | new sha1 hash of license |
| license | string | false | - | State of license, accepted, in-progress, failed |
| new_clientpacks | integer | false | - | - |
| new_managers | integer | false | - | - |
Get MS Config
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/ms \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.get_ms_config(
ip=ip)
print(api_response.json())
GET /ms
Get MS configuration
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| ip | query | string | false | name of resource |
Example responses
200 Response
{
"response": {
"id": 1,
"name": "string",
"url": "string",
"enabled": true,
"webhook_id": 1,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"events": [
"string"
],
"custom_properties": [
{
"name": "string",
"value": "string"
}
]
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Get VNS3:ms alert success | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
AlertDetailResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| name | string | false | - | - |
| url | string¦null | false | - | - |
| enabled | boolean | false | - | - |
| webhook_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
| events | [string] | false | - | - |
| custom_properties | [object] | false | - | - |
| name | string | false | - | - |
| value | string | false | - | - |
Set MS
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/ms \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.post_set_ms_config(
ip=ip)
print(api_response.json())
POST /ms
Set VNS3 Management System endpoint
Body parameter
{
"ip": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| ip | body | string | true | VNS3 Management system endpoint IP address |
Example responses
200 Response
{
"response": {
"ip": "string",
"alert_enabled": true
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
MSConfig
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| ip | string | false | - | IP address of VNS3 Management Systems |
| alert_enabled | boolean | false | - | Enable alerting to MS |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Update MS Config
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/ms \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.update_ms_config(
ip=ip,
alert_enabled=alert_enabled)
print(api_response.json())
PUT /ms
Update VNS3 Management System integration
Body parameter
{
"ip": "string",
"alert_enabled": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| ip | body | string | false | VNS3 Management system endpoint IP address |
| alert_enabled | body | boolean | true | Disable/Enable sending alerts to VNS3:ms |
Example responses
200 Response
{
"response": {
"ip": "string",
"alert_enabled": true
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
MSConfig
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| ip | string | false | - | IP address of VNS3 Management Systems |
| alert_enabled | boolean | false | - | Enable alerting to MS |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Send test VNS3:ms alert
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/ms/alert/test \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.config.post_send_test_ms_alert()
print(api_response.json())
POST /ms/alert/test
Send test alert to VNS3:ms
Example responses
200 Response
{
"response": true
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
SimpleBooleanResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | boolean | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
IPsec
Control and manage your IPSec tunnels
Get IPsec status
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/status/ipsec \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.get_ipsec_status(
up_down_status_only=up_down_status_only)
print(api_response.json())
GET /status/ipsec
Describe ipsec tunnels status
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| up_down_status_only | query | boolean | false | Only retrieve tunnel status. True is more performant but has less info. Defaults to false. |
Example responses
200 Response
{
"response": {
"property1": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
},
"property2": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
}
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
IpsecTunnelListResponseKeyValue
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | Ipsec tunnel details keyed by ID |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Get IPsec link history
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/status/link_history \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.get_ipsec_link_history(
remote=remote,
local=local,
tunnelid=tunnelid)
print(api_response.json())
GET /status/link_history
Provides information about the connection history of the subnet or tunnel
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| remote | query | string | false | Address string in CIDR format to display link history to a remote endpoint. |
| local | query | string | false | Address string in CIDR format which will display status of the local route |
| tunnelid | query | integer | false | Will display link history of just the tunnel specified, which may be only one tunnel to a remote endpoint. |
Example responses
200 Response
{
"response": {
"remote": "string",
"local": "string",
"tunnelid": 1,
"history": [
{
"event": "string",
"timestamp": "string",
"timestamp_i": 0
}
]
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "1564152672558671466135091328226684573894656",
"message": "bad or invalid remote"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"unlicensedExample": {
"value": {
"error": {
"name": "PrerequisiteError",
"log": "1563472268929826518356034508450851266833526",
"message": "Must be licensed first."
}
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
LinkHistoryDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| remote | string | false | - | - |
| local | string | false | - | - |
| tunnelid | integer | false | - | - |
| history | [object] | false | - | - |
| LinkEvent | object | false | - | - |
| event | string | false | - | Tunnel event, up or down |
| timestamp | string | false | - | - |
| timestamp_i | integer | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get connected subnets
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/status/connected_subnets \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.get_connected_subnets(
extended_output=extended_output)
print(api_response.json())
GET /status/connected_subnets
Provides information about any connected subnets.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| extended_output | query | boolean | false | Receive verbose information about resources |
Example responses
200 Response
{
"response": [
[
"string"
]
]
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
ConnectedSubnetsDetailResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | any | false | - | - |
oneOf
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | [array] | false | - | Array of arrays with each element of length 2 representing [network, subnet mask] |
xor
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | [object] | false | - | - |
| ConnectedSubnet | object | false | - | - |
| subnet | string | false | - | - |
| network | string | false | - | - |
| cidr_mask | string | false | - | - |
| managerid | integer | false | - | - |
| netmask | string | false | - | - |
| origin | string | false | - | ipsec, local_no_encryption, remote_manager, or ebgp |
Get IPsec details
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/ipsec \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.get_ipsec_details()
print(api_response.json())
GET /ipsec
Get details for all IPsec endpoints/subnets
Example responses
200 Response
{
"response": {
"this_endpoint": {
"ipaddress": "3.222.68.251",
"overlay_subnet": "100.127.255.192/26",
"private_ipaddress": "192.168.1.230",
"ipsec_local_ipaddress": "192.168.1.230",
"asn": 65001
},
"remote_endpoints": {}
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IpsecSystemDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| this_endpoint | object | false | - | - |
| nat_traversal | boolean | false | - | - |
| ipaddress | string | false | - | - |
| overlay_subnet | string | false | - | - |
| private_ipaddress | string | false | - | - |
| ipsec_local_ipaddress | string | false | - | - |
| asn | integer | false | - | - |
| remote_endpoints | object | false | - | - |
| IpsecRemoteEndpoint | object | false | - | - |
| id | integer | false | - | - |
| name | string | false | - | - |
| ipaddress | string | false | - | - |
| description | string | false | - | - |
| nat_t_enabled | boolean | false | - | - |
| ike_version | integer | false | - | - |
| pfs | boolean | false | - | Perfect forward secrecy enabled |
| private_ipaddress | string | false | - | - |
| extra_config | [string] | false | - | - |
| tunnels | object | false | - | - |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
| traffic_pairs | object | false | - | - |
| IpsecEndpointTrafficPair | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
| bgp_peers | object | false | - | - |
| BGPPeer | object | false | - | - |
| id | integer | false | - | - |
| asn | integer | false | - | - |
| ipaddress | string | false | - | - |
| access_list | string | false | - | List of "in permit CIDR" and/or "out permit CIDR" statements in a string delimited by "\n" |
| local_asn_alias | integer | false | - | Allow BGP configuration to use any ASN required by peer |
| keepalive_interval | integer | false | - | Interval for checking if BGP peers are still alive |
| hold_time | integer | false | - | The length of inactive time after which BGP session is torn down. The timer is reset after updates and keepalives |
| bgp_password | string | false | - | - |
| add_network_distance | boolean | false | - | - |
| add_network_distance_direction | string | false | - | in or out |
| add_network_distance_hops | integer | false | - | - |
| connection_detail | string | false | - | - |
| type | string | false | - | Indicating Ipsec or GRE over ipsec |
| vpn_type | string | false | - | - |
| gre_interface_address | string | false | - | - |
| route_based_int_address | string | false | - | - |
| route_based_local | string | false | - | - |
| route_based_remote | string | false | - | - |
| psk | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Restart ipsec subystem
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/ipsec \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.post_restart_ipsec_action(
restart=restart)
print(api_response.json())
POST /ipsec
Restart ipsec subystem
Body parameter
{
"restart": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| restart | body | boolean | true | Restarts target system on server if true |
Example responses
200 Response
{
"response": {
"restart": true
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156398145066351285906955697179258297423716",
"message": "restart is invalid"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
RestartStatus
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| restart | boolean | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Update IPsec config
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/ipsec \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.put_update_ipsec_config(
ipsec_local_ipaddress=ipsec_local_ipaddress,
async=async)
print(api_response.json())
PUT /ipsec
Edit Ipsec Configuration on device. Note, This is device wide and must be set before any remote endpoint definitions are created. If it needs to be changed, all remote endpoint information and tunnel information must be deleted first.
Body parameter
{
"ipsec_local_ipaddress": "string",
"async": false
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| ipsec_local_ipaddress | body | string | true | This is effectively a "cloud NAT" address, since you don't know what your LAN address will be between invocations in a cloud, this address can be used by remote endpoints as your "behind a NAT" address, sometimes referred to Peer or IKE ID, if needed (e.g. Watchguard or Juniper). It can ALSO be thought of even more simply as an IPsec "loopback" interface that you can use to terminate traffic. |
| async | body | boolean | false | Return a task token waiting for IPsec configuration update, default is false, meaning the request will block |
Example responses
200 Response
{
"response": {
"this_endpoint": {
"nat_traversal": true,
"ipaddress": "string",
"overlay_subnet": "string",
"private_ipaddress": "string",
"ipsec_local_ipaddress": "string",
"asn": 0
},
"remote_endpoints": {
"property1": {
"id": 1,
"name": "string",
"ipaddress": "string",
"description": "string",
"nat_t_enabled": true,
"ike_version": 0,
"pfs": true,
"private_ipaddress": "string",
"extra_config": [
"string"
],
"tunnels": {
"property1": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
},
"property2": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
}
},
"traffic_pairs": {
"property1": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"property2": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
},
"bgp_peers": {
"property1": {
"id": 1,
"asn": 0,
"ipaddress": "string",
"access_list": "string",
"local_asn_alias": 0,
"keepalive_interval": 0,
"hold_time": 0,
"bgp_password": "string",
"add_network_distance": true,
"add_network_distance_direction": "string",
"add_network_distance_hops": 0,
"connection_detail": "string"
},
"property2": {
"id": 1,
"asn": 0,
"ipaddress": "string",
"access_list": "string",
"local_asn_alias": 0,
"keepalive_interval": 0,
"hold_time": 0,
"bgp_password": "string",
"add_network_distance": true,
"add_network_distance_direction": "string",
"add_network_distance_hops": 0,
"connection_detail": "string"
}
},
"type": "string",
"vpn_type": "string",
"gre_interface_address": "string",
"route_based_int_address": "string",
"route_based_local": "string",
"route_based_remote": "string",
"psk": "string"
},
"property2": {
"id": 1,
"name": "string",
"ipaddress": "string",
"description": "string",
"nat_t_enabled": true,
"ike_version": 0,
"pfs": true,
"private_ipaddress": "string",
"extra_config": [
"string"
],
"tunnels": {
"property1": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
},
"property2": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
}
},
"traffic_pairs": {
"property1": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"property2": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
},
"bgp_peers": {
"property1": {
"id": 1,
"asn": 0,
"ipaddress": "string",
"access_list": "string",
"local_asn_alias": 0,
"keepalive_interval": 0,
"hold_time": 0,
"bgp_password": "string",
"add_network_distance": true,
"add_network_distance_direction": "string",
"add_network_distance_hops": 0,
"connection_detail": "string"
},
"property2": {
"id": 1,
"asn": 0,
"ipaddress": "string",
"access_list": "string",
"local_asn_alias": 0,
"keepalive_interval": 0,
"hold_time": 0,
"bgp_password": "string",
"add_network_distance": true,
"add_network_distance_direction": "string",
"add_network_distance_hops": 0,
"connection_detail": "string"
}
},
"type": "string",
"vpn_type": "string",
"gre_interface_address": "string",
"route_based_int_address": "string",
"route_based_local": "string",
"route_based_remote": "string",
"psk": "string"
}
}
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156398145066351285906955697179258297423716",
"message": "ipsec_local_address is invalid"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IpsecSystemDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| this_endpoint | object | false | - | - |
| nat_traversal | boolean | false | - | - |
| ipaddress | string | false | - | - |
| overlay_subnet | string | false | - | - |
| private_ipaddress | string | false | - | - |
| ipsec_local_ipaddress | string | false | - | - |
| asn | integer | false | - | - |
| remote_endpoints | object | false | - | - |
| IpsecRemoteEndpoint | object | false | - | - |
| id | integer | false | - | - |
| name | string | false | - | - |
| ipaddress | string | false | - | - |
| description | string | false | - | - |
| nat_t_enabled | boolean | false | - | - |
| ike_version | integer | false | - | - |
| pfs | boolean | false | - | Perfect forward secrecy enabled |
| private_ipaddress | string | false | - | - |
| extra_config | [string] | false | - | - |
| tunnels | object | false | - | - |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
| traffic_pairs | object | false | - | - |
| IpsecEndpointTrafficPair | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
| bgp_peers | object | false | - | - |
| BGPPeer | object | false | - | - |
| id | integer | false | - | - |
| asn | integer | false | - | - |
| ipaddress | string | false | - | - |
| access_list | string | false | - | List of "in permit CIDR" and/or "out permit CIDR" statements in a string delimited by "\n" |
| local_asn_alias | integer | false | - | Allow BGP configuration to use any ASN required by peer |
| keepalive_interval | integer | false | - | Interval for checking if BGP peers are still alive |
| hold_time | integer | false | - | The length of inactive time after which BGP session is torn down. The timer is reset after updates and keepalives |
| bgp_password | string | false | - | - |
| add_network_distance | boolean | false | - | - |
| add_network_distance_direction | string | false | - | in or out |
| add_network_distance_hops | integer | false | - | - |
| connection_detail | string | false | - | - |
| type | string | false | - | Indicating Ipsec or GRE over ipsec |
| vpn_type | string | false | - | - |
| gre_interface_address | string | false | - | - |
| route_based_int_address | string | false | - | - |
| route_based_local | string | false | - | - |
| route_based_remote | string | false | - | - |
| psk | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Create IPsec endpoint
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.post_create_ipsec_endpoint(
name=name,
description=description,
ipaddress=ipaddress,
secret=secret,
pfs=pfs,
ike_version=ike_version,
nat_t_enabled=nat_t_enabled,
extra_config=extra_config,
private_ipaddress=private_ipaddress,
gre=gre,
gre_interface_address=gre_interface_address,
vpn_type=vpn_type,
route_based_int_address=route_based_int_address,
route_based_local=route_based_local,
route_based_remote=route_based_remote)
print(api_response.json())
POST /ipsec/endpoints
Create IPsec connection to the defined remote gateway
Body parameter
{
"name": "string",
"description": "string",
"ipaddress": "string",
"secret": "string",
"pfs": true,
"ike_version": 1,
"nat_t_enabled": true,
"extra_config": "string",
"private_ipaddress": "string",
"gre": true,
"gre_interface_address": "string",
"vpn_type": "policy",
"route_based_int_address": "string",
"route_based_local": "string",
"route_based_remote": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| name | body | string | true | Name for the connection. |
| description | body | string | false | Description of this IPsec endpoint |
| ipaddress | body | string | true | IP of the remote gateway |
| secret | body | string | true | Pre-shared key |
| pfs | body | boolean | false | Perfect Forward Secrecy if true, disables if false. |
| ike_version | body | integer | false | Version for IKE algorithm |
| nat_t_enabled | body | boolean | false | True if you want encapsulated IPsec protocol to this gateway |
| extra_config | body | string | false | Additional optionals for connection such as 'phase1=aes256_gcm-sha2_256-dh14 phase2=aes256_gcm' |
| private_ipaddress | body | string | false | Internal NAT address of the remote gateway |
| gre | body | boolean | false | True if GRE is being used for the specific endpoint |
| gre_interface_address | body | string | false | Interface for GRE in /30 format |
| vpn_type | body | string | false | policy, gre, vti |
| route_based_int_address | body | string | false | - |
| route_based_local | body | string | false | - |
| route_based_remote | body | string | false | - |
Enumerated Values
| Parameter | Value |
|---|---|
| ike_version | 1 |
| ike_version | 2 |
Example responses
200 Response
{
"response": {
"id": 1,
"name": "EndpointB",
"ipaddress": "13.53.72.182",
"pfs": true,
"ike_version": 2,
"nat_t_enabled": true,
"private_ipaddress": "192.0.2.254",
"extra_config": [],
"description": "To datacenter B",
"tunnels": {
"3": {
"id": 3,
"local_subnet": "172.31.0.0/28",
"remote_subnet": "192.168.10.0/22",
"endpoint_id": 1,
"enabled": true,
"description": "tunnel description",
"ping_ipaddress": "",
"ping_interface": "tun0",
"ping_interval": null
}
},
"bgp_peers": {},
"type": "ipsec",
"vpn_type": "policy",
"psk": "testtest"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156398145066351285906955697179258297423716",
"message": "ipaddress is invalid"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Created | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IpsecRemoteEndpointDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| name | string | false | - | - |
| ipaddress | string | false | - | - |
| description | string | false | - | - |
| nat_t_enabled | boolean | false | - | - |
| ike_version | integer | false | - | - |
| pfs | boolean | false | - | Perfect forward secrecy enabled |
| private_ipaddress | string | false | - | - |
| extra_config | [string] | false | - | - |
| tunnels | object | false | - | - |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
| traffic_pairs | object | false | - | - |
| IpsecEndpointTrafficPair | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
| bgp_peers | object | false | - | - |
| BGPPeer | object | false | - | - |
| id | integer | false | - | - |
| asn | integer | false | - | - |
| ipaddress | string | false | - | - |
| access_list | string | false | - | List of "in permit CIDR" and/or "out permit CIDR" statements in a string delimited by "\n" |
| local_asn_alias | integer | false | - | Allow BGP configuration to use any ASN required by peer |
| keepalive_interval | integer | false | - | Interval for checking if BGP peers are still alive |
| hold_time | integer | false | - | The length of inactive time after which BGP session is torn down. The timer is reset after updates and keepalives |
| bgp_password | string | false | - | - |
| add_network_distance | boolean | false | - | - |
| add_network_distance_direction | string | false | - | in or out |
| add_network_distance_hops | integer | false | - | - |
| connection_detail | string | false | - | - |
| type | string | false | - | Indicating Ipsec or GRE over ipsec |
| vpn_type | string | false | - | - |
| gre_interface_address | string | false | - | - |
| route_based_int_address | string | false | - | - |
| route_based_local | string | false | - | - |
| route_based_remote | string | false | - | - |
| psk | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get IPsec endpoint
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.get_ipsec_endpoint(endpoint_id)
print(api_response.json())
GET /ipsec/endpoints/{endpoint_id}
Get IPsec endpoint information
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
Example responses
200 Response
{
"response": {
"id": 1,
"name": "EndpointB",
"ipaddress": "13.53.72.182",
"pfs": true,
"ike_version": 2,
"nat_t_enabled": true,
"private_ipaddress": "192.0.2.254",
"extra_config": [],
"description": "To datacenter B",
"tunnels": {
"3": {
"id": 3,
"local_subnet": "172.31.0.0/28",
"remote_subnet": "192.168.10.0/22",
"endpoint_id": 1,
"enabled": true,
"description": "tunnel description",
"ping_ipaddress": "",
"ping_interface": "tun0",
"ping_interval": null
}
},
"bgp_peers": {},
"type": "ipsec",
"vpn_type": "policy",
"psk": "testtest"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IpsecRemoteEndpointDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| name | string | false | - | - |
| ipaddress | string | false | - | - |
| description | string | false | - | - |
| nat_t_enabled | boolean | false | - | - |
| ike_version | integer | false | - | - |
| pfs | boolean | false | - | Perfect forward secrecy enabled |
| private_ipaddress | string | false | - | - |
| extra_config | [string] | false | - | - |
| tunnels | object | false | - | - |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
| traffic_pairs | object | false | - | - |
| IpsecEndpointTrafficPair | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
| bgp_peers | object | false | - | - |
| BGPPeer | object | false | - | - |
| id | integer | false | - | - |
| asn | integer | false | - | - |
| ipaddress | string | false | - | - |
| access_list | string | false | - | List of "in permit CIDR" and/or "out permit CIDR" statements in a string delimited by "\n" |
| local_asn_alias | integer | false | - | Allow BGP configuration to use any ASN required by peer |
| keepalive_interval | integer | false | - | Interval for checking if BGP peers are still alive |
| hold_time | integer | false | - | The length of inactive time after which BGP session is torn down. The timer is reset after updates and keepalives |
| bgp_password | string | false | - | - |
| add_network_distance | boolean | false | - | - |
| add_network_distance_direction | string | false | - | in or out |
| add_network_distance_hops | integer | false | - | - |
| connection_detail | string | false | - | - |
| type | string | false | - | Indicating Ipsec or GRE over ipsec |
| vpn_type | string | false | - | - |
| gre_interface_address | string | false | - | - |
| route_based_int_address | string | false | - | - |
| route_based_local | string | false | - | - |
| route_based_remote | string | false | - | - |
| psk | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Update IPsec endpoint
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.put_update_ipsec_endpoint(endpoint_id,
name=name,
description=description,
ipaddress=ipaddress,
secret=secret,
pfs=pfs,
ike_version=ike_version,
nat_t_enabled=nat_t_enabled,
extra_config=extra_config,
private_ipaddress=private_ipaddress,
gre=gre,
gre_interface_address=gre_interface_address,
vpn_type=vpn_type,
route_based_int_address=route_based_int_address,
route_based_local=route_based_local,
route_based_remote=route_based_remote)
print(api_response.json())
PUT /ipsec/endpoints/{endpoint_id}
Edit IPsec endpoint connection configuration parameters
Body parameter
{
"name": "string",
"description": "string",
"ipaddress": "string",
"secret": "string",
"pfs": true,
"ike_version": 1,
"nat_t_enabled": true,
"extra_config": "string",
"private_ipaddress": "string",
"gre": true,
"gre_interface_address": "string",
"vpn_type": "string",
"route_based_int_address": "string",
"route_based_local": "string",
"route_based_remote": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
| name | body | string | false | Name for the endpoint. |
| description | body | string | false | Description of this IPsec endpoint |
| ipaddress | body | string | false | IP of the remote gateway |
| secret | body | string | false | Pre-shared key |
| pfs | body | boolean | false | Perfect Forward Secrecy if true, disables if false. |
| ike_version | body | integer | false | Version for IKE algorithm |
| nat_t_enabled | body | boolean | false | True if you want encapsulated IPsec protocol to this gateway |
| extra_config | body | string | false | Additional optionals for connection such as 'phase1=aes256_gcm-sha2_256-dh14 phase2=aes256_gcm' |
| private_ipaddress | body | string | false | Internal NAT address of the remote gateway |
| gre | body | boolean | false | True if GRE is being used for the specific endpoint |
| gre_interface_address | body | string | false | Interface address for GRE |
| vpn_type | body | string | false | policy, gre, vti |
| route_based_int_address | body | string | false | - |
| route_based_local | body | string | false | - |
| route_based_remote | body | string | false | - |
Enumerated Values
| Parameter | Value |
|---|---|
| ike_version | 1 |
| ike_version | 2 |
Example responses
200 Response
{
"response": {
"id": 1,
"name": "EndpointB",
"ipaddress": "13.53.72.182",
"pfs": true,
"ike_version": 2,
"nat_t_enabled": true,
"private_ipaddress": "192.0.2.254",
"extra_config": [],
"description": "To datacenter B",
"tunnels": {
"3": {
"id": 3,
"local_subnet": "172.31.0.0/28",
"remote_subnet": "192.168.10.0/22",
"endpoint_id": 1,
"enabled": true,
"description": "tunnel description",
"ping_ipaddress": "",
"ping_interface": "tun0",
"ping_interval": null
}
},
"bgp_peers": {},
"type": "ipsec",
"vpn_type": "policy",
"psk": "testtest"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156398145066351285906955697179258297423716",
"message": "nat_t_enabled is invalid"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IpsecRemoteEndpointDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| name | string | false | - | - |
| ipaddress | string | false | - | - |
| description | string | false | - | - |
| nat_t_enabled | boolean | false | - | - |
| ike_version | integer | false | - | - |
| pfs | boolean | false | - | Perfect forward secrecy enabled |
| private_ipaddress | string | false | - | - |
| extra_config | [string] | false | - | - |
| tunnels | object | false | - | - |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
| traffic_pairs | object | false | - | - |
| IpsecEndpointTrafficPair | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
| bgp_peers | object | false | - | - |
| BGPPeer | object | false | - | - |
| id | integer | false | - | - |
| asn | integer | false | - | - |
| ipaddress | string | false | - | - |
| access_list | string | false | - | List of "in permit CIDR" and/or "out permit CIDR" statements in a string delimited by "\n" |
| local_asn_alias | integer | false | - | Allow BGP configuration to use any ASN required by peer |
| keepalive_interval | integer | false | - | Interval for checking if BGP peers are still alive |
| hold_time | integer | false | - | The length of inactive time after which BGP session is torn down. The timer is reset after updates and keepalives |
| bgp_password | string | false | - | - |
| add_network_distance | boolean | false | - | - |
| add_network_distance_direction | string | false | - | in or out |
| add_network_distance_hops | integer | false | - | - |
| connection_detail | string | false | - | - |
| type | string | false | - | Indicating Ipsec or GRE over ipsec |
| vpn_type | string | false | - | - |
| gre_interface_address | string | false | - | - |
| route_based_int_address | string | false | - | - |
| route_based_local | string | false | - | - |
| route_based_remote | string | false | - | - |
| psk | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete IPsec endpoint
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.delete_ipsec_endpoint(endpoint_id)
print(api_response.json())
DELETE /ipsec/endpoints/{endpoint_id}
Delete IPsec endpoint
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
Example responses
200 Response
{
"response": {
"this_endpoint": {
"nat_traversal": true,
"ipaddress": "string",
"overlay_subnet": "string",
"private_ipaddress": "string",
"ipsec_local_ipaddress": "string",
"asn": 0
},
"remote_endpoints": {
"property1": {
"id": 1,
"name": "string",
"ipaddress": "string",
"description": "string",
"nat_t_enabled": true,
"ike_version": 0,
"pfs": true,
"private_ipaddress": "string",
"extra_config": [
"string"
],
"tunnels": {
"property1": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
},
"property2": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
}
},
"traffic_pairs": {
"property1": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"property2": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
},
"bgp_peers": {
"property1": {
"id": 1,
"asn": 0,
"ipaddress": "string",
"access_list": "string",
"local_asn_alias": 0,
"keepalive_interval": 0,
"hold_time": 0,
"bgp_password": "string",
"add_network_distance": true,
"add_network_distance_direction": "string",
"add_network_distance_hops": 0,
"connection_detail": "string"
},
"property2": {
"id": 1,
"asn": 0,
"ipaddress": "string",
"access_list": "string",
"local_asn_alias": 0,
"keepalive_interval": 0,
"hold_time": 0,
"bgp_password": "string",
"add_network_distance": true,
"add_network_distance_direction": "string",
"add_network_distance_hops": 0,
"connection_detail": "string"
}
},
"type": "string",
"vpn_type": "string",
"gre_interface_address": "string",
"route_based_int_address": "string",
"route_based_local": "string",
"route_based_remote": "string",
"psk": "string"
},
"property2": {
"id": 1,
"name": "string",
"ipaddress": "string",
"description": "string",
"nat_t_enabled": true,
"ike_version": 0,
"pfs": true,
"private_ipaddress": "string",
"extra_config": [
"string"
],
"tunnels": {
"property1": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
},
"property2": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
}
},
"traffic_pairs": {
"property1": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"property2": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
},
"bgp_peers": {
"property1": {
"id": 1,
"asn": 0,
"ipaddress": "string",
"access_list": "string",
"local_asn_alias": 0,
"keepalive_interval": 0,
"hold_time": 0,
"bgp_password": "string",
"add_network_distance": true,
"add_network_distance_direction": "string",
"add_network_distance_hops": 0,
"connection_detail": "string"
},
"property2": {
"id": 1,
"asn": 0,
"ipaddress": "string",
"access_list": "string",
"local_asn_alias": 0,
"keepalive_interval": 0,
"hold_time": 0,
"bgp_password": "string",
"add_network_distance": true,
"add_network_distance_direction": "string",
"add_network_distance_hops": 0,
"connection_detail": "string"
}
},
"type": "string",
"vpn_type": "string",
"gre_interface_address": "string",
"route_based_int_address": "string",
"route_based_local": "string",
"route_based_remote": "string",
"psk": "string"
}
}
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156398145066351285906955697179258297423716",
"message": "endpoint_id does not exist"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IpsecSystemDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| this_endpoint | object | false | - | - |
| nat_traversal | boolean | false | - | - |
| ipaddress | string | false | - | - |
| overlay_subnet | string | false | - | - |
| private_ipaddress | string | false | - | - |
| ipsec_local_ipaddress | string | false | - | - |
| asn | integer | false | - | - |
| remote_endpoints | object | false | - | - |
| IpsecRemoteEndpoint | object | false | - | - |
| id | integer | false | - | - |
| name | string | false | - | - |
| ipaddress | string | false | - | - |
| description | string | false | - | - |
| nat_t_enabled | boolean | false | - | - |
| ike_version | integer | false | - | - |
| pfs | boolean | false | - | Perfect forward secrecy enabled |
| private_ipaddress | string | false | - | - |
| extra_config | [string] | false | - | - |
| tunnels | object | false | - | - |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
| traffic_pairs | object | false | - | - |
| IpsecEndpointTrafficPair | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
| bgp_peers | object | false | - | - |
| BGPPeer | object | false | - | - |
| id | integer | false | - | - |
| asn | integer | false | - | - |
| ipaddress | string | false | - | - |
| access_list | string | false | - | List of "in permit CIDR" and/or "out permit CIDR" statements in a string delimited by "\n" |
| local_asn_alias | integer | false | - | Allow BGP configuration to use any ASN required by peer |
| keepalive_interval | integer | false | - | Interval for checking if BGP peers are still alive |
| hold_time | integer | false | - | The length of inactive time after which BGP session is torn down. The timer is reset after updates and keepalives |
| bgp_password | string | false | - | - |
| add_network_distance | boolean | false | - | - |
| add_network_distance_direction | string | false | - | in or out |
| add_network_distance_hops | integer | false | - | - |
| connection_detail | string | false | - | - |
| type | string | false | - | Indicating Ipsec or GRE over ipsec |
| vpn_type | string | false | - | - |
| gre_interface_address | string | false | - | - |
| route_based_int_address | string | false | - | - |
| route_based_local | string | false | - | - |
| route_based_remote | string | false | - | - |
| psk | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Create IPsec endpoint tunnel
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id}/tunnels \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.post_create_ipsec_endpoint_tunnel(endpoint_id,
remote_subnet=remote_subnet,
local_subnet=local_subnet,
ping_ipaddress=ping_ipaddress,
ping_interval=ping_interval,
ping_interface=ping_interface,
enabled=enabled,
description=description)
print(api_response.json())
POST /ipsec/endpoints/{endpoint_id}/tunnels
Create IPsec endpoint tunnel
Body parameter
{
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interval": 0,
"ping_interface": "string",
"enabled": true,
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
| remote_subnet | body | string | true | Remote subnet for tunnel in CIDR notation |
| local_subnet | body | string | false | Local subnet for tunnel in CIDR notation |
| ping_ipaddress | body | string | false | Exo Ping feature - remote IP destination of ping |
| ping_interval | body | integer | false | Exo Ping feature - periodicy of the ping in seconds |
| ping_interface | body | string | false | Exo Ping feature - what network interface IP of the VNS3 controller to use as the source of ping |
| enabled | body | boolean | false | Disables tunnel if set to false |
| description | body | string | false | - |
Example responses
200 Response
{
"response": {
"id": 1,
"name": "EndpointB",
"ipaddress": "13.53.72.182",
"pfs": true,
"ike_version": 2,
"nat_t_enabled": true,
"private_ipaddress": "192.0.2.254",
"extra_config": [],
"description": "To datacenter B",
"tunnels": {
"3": {
"id": 3,
"local_subnet": "172.31.0.0/28",
"remote_subnet": "192.168.10.0/22",
"endpoint_id": 1,
"enabled": true,
"description": "tunnel description",
"ping_ipaddress": "",
"ping_interface": "tun0",
"ping_interval": null
}
},
"bgp_peers": {},
"type": "ipsec",
"vpn_type": "policy",
"psk": "testtest"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156398145066351285906955697179258297423716",
"message": "endpoint_id does not exist"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Created | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Permission denied. Max number of tunnels reach | Inline |
Response Schema
Status Code 200
IpsecRemoteEndpointDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| name | string | false | - | - |
| ipaddress | string | false | - | - |
| description | string | false | - | - |
| nat_t_enabled | boolean | false | - | - |
| ike_version | integer | false | - | - |
| pfs | boolean | false | - | Perfect forward secrecy enabled |
| private_ipaddress | string | false | - | - |
| extra_config | [string] | false | - | - |
| tunnels | object | false | - | - |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
| traffic_pairs | object | false | - | - |
| IpsecEndpointTrafficPair | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
| bgp_peers | object | false | - | - |
| BGPPeer | object | false | - | - |
| id | integer | false | - | - |
| asn | integer | false | - | - |
| ipaddress | string | false | - | - |
| access_list | string | false | - | List of "in permit CIDR" and/or "out permit CIDR" statements in a string delimited by "\n" |
| local_asn_alias | integer | false | - | Allow BGP configuration to use any ASN required by peer |
| keepalive_interval | integer | false | - | Interval for checking if BGP peers are still alive |
| hold_time | integer | false | - | The length of inactive time after which BGP session is torn down. The timer is reset after updates and keepalives |
| bgp_password | string | false | - | - |
| add_network_distance | boolean | false | - | - |
| add_network_distance_direction | string | false | - | in or out |
| add_network_distance_hops | integer | false | - | - |
| connection_detail | string | false | - | - |
| type | string | false | - | Indicating Ipsec or GRE over ipsec |
| vpn_type | string | false | - | - |
| gre_interface_address | string | false | - | - |
| route_based_int_address | string | false | - | - |
| route_based_local | string | false | - | - |
| route_based_remote | string | false | - | - |
| psk | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Update IPsec endpoint tunnel
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id}/tunnels/{tunnel_id} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.put_update_ipsec_endpoint_tunnel(endpoint_id,tunnel_id,
bounce=bounce,
description=description,
remote_subnet=remote_subnet,
local_subnet=local_subnet,
ping_ipaddress=ping_ipaddress,
ping_interval=ping_interval,
ping_interface=ping_interface,
enabled=enabled)
print(api_response.json())
PUT /ipsec/endpoints/{endpoint_id}/tunnels/{tunnel_id}
Edit IPsec endpoint tunnel configuration
Body parameter
{
"bounce": false,
"description": "string",
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interval": 0,
"ping_interface": "string",
"enabled": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
| tunnel_id | path | integer | true | ID for tunnel |
| bounce | body | boolean | false | Resets the IPsec connection for this specific tunnel |
| description | body | string | false | - |
| remote_subnet | body | string | false | Remote subnet for tunnel in CIDR notation |
| local_subnet | body | string | false | Local subnet for tunnel in CIDR notation |
| ping_ipaddress | body | string | false | Exo Ping feature - remote IP destination of ping |
| ping_interval | body | integer | false | Exo Ping feature - periodicy of the ping in seconds |
| ping_interface | body | string | false | Exo Ping feature - what network interface IP of the VNS3 controller to use as the source of ping |
| enabled | body | boolean | false | Disables tunnel if set to false |
Example responses
200 Response
{
"response": {
"id": 1,
"local_subnet": "string",
"remote_subnet": "string",
"endpointid": 1,
"endpoint_id": 1,
"endpoint_name": "string",
"enabled": true,
"active": true,
"description": "string",
"bounce": true,
"connected": true,
"ping_interface": "eth0",
"ping_interval": 0,
"ping_ipaddress": "string",
"tunnel_params": {
"phase2": "string",
"outbound_spi": "string",
"inbound_spi": "string",
"bytes_in": "string",
"bytes_out": "string",
"esp_time_remaining": "string",
"esp_port": "string",
"phase2_algo": "string",
"phase2_hash": "string",
"nat_t": "string",
"dpd": "string",
"pfs_dh_group": "string",
"phase1": "string",
"isakmp_port": "string",
"isakmp_time_remaining": "string",
"last_dpd": "string",
"phase1_cipher": "string",
"phase1_prf": "string",
"phase1_dh_group": "string",
"ike_version": "string"
}
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156398145066351285906955697179258297423716",
"message": "local_subnet is invalid CIDR"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IpsecTunnelDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete IPsec tunnel
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id}/tunnels/{tunnel_id} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.delete_ipsec_endpoint_tunnel(endpoint_id,tunnel_id)
print(api_response.json())
DELETE /ipsec/endpoints/{endpoint_id}/tunnels/{tunnel_id}
Delete IPsec tunnel
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
| tunnel_id | path | integer | true | ID for tunnel |
Example responses
200 Response
{
"response": {
"id": 1,
"name": "EndpointB",
"ipaddress": "13.53.72.182",
"pfs": true,
"ike_version": 2,
"nat_t_enabled": true,
"private_ipaddress": "192.0.2.254",
"extra_config": [],
"description": "To datacenter B",
"tunnels": {
"3": {
"id": 3,
"local_subnet": "172.31.0.0/28",
"remote_subnet": "192.168.10.0/22",
"endpoint_id": 1,
"enabled": true,
"description": "tunnel description",
"ping_ipaddress": "",
"ping_interface": "tun0",
"ping_interval": null
}
},
"bgp_peers": {},
"type": "ipsec",
"vpn_type": "policy",
"psk": "testtest"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156398145066351285906955697179258297423716",
"message": "tunnel id does not exist"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IpsecRemoteEndpointDetail
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| name | string | false | - | - |
| ipaddress | string | false | - | - |
| description | string | false | - | - |
| nat_t_enabled | boolean | false | - | - |
| ike_version | integer | false | - | - |
| pfs | boolean | false | - | Perfect forward secrecy enabled |
| private_ipaddress | string | false | - | - |
| extra_config | [string] | false | - | - |
| tunnels | object | false | - | - |
| IpsecTunnel | object | false | - | - |
| id | integer | false | - | - |
| local_subnet | string | false | - | - |
| remote_subnet | string | false | - | - |
| endpointid | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| endpoint_name | string | false | - | - |
| enabled | boolean | false | - | - |
| active | boolean | false | - | - |
| description | string¦null | false | - | - |
| bounce | boolean | false | - | True if tunnel was just bounced |
| connected | boolean | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer¦null | false | - | Interval for ping in seconds |
| ping_ipaddress | string | false | - | - |
| tunnel_params | object | false | - | - |
| phase2 | string | false | - | - |
| outbound_spi | string | false | - | - |
| inbound_spi | string | false | - | - |
| bytes_in | string | false | - | - |
| bytes_out | string | false | - | - |
| esp_time_remaining | string | false | - | - |
| esp_port | string | false | - | - |
| phase2_algo | string | false | - | - |
| phase2_hash | string | false | - | - |
| nat_t | string | false | - | - |
| dpd | string | false | - | - |
| pfs_dh_group | string¦null | false | - | - |
| phase1 | string | false | - | - |
| isakmp_port | string | false | - | - |
| isakmp_time_remaining | string | false | - | - |
| last_dpd | string | false | - | - |
| phase1_cipher | string¦null | false | - | - |
| phase1_prf | string¦null | false | - | - |
| phase1_dh_group | string¦null | false | - | - |
| ike_version | string | false | - | - |
| traffic_pairs | object | false | - | - |
| IpsecEndpointTrafficPair | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
| bgp_peers | object | false | - | - |
| BGPPeer | object | false | - | - |
| id | integer | false | - | - |
| asn | integer | false | - | - |
| ipaddress | string | false | - | - |
| access_list | string | false | - | List of "in permit CIDR" and/or "out permit CIDR" statements in a string delimited by "\n" |
| local_asn_alias | integer | false | - | Allow BGP configuration to use any ASN required by peer |
| keepalive_interval | integer | false | - | Interval for checking if BGP peers are still alive |
| hold_time | integer | false | - | The length of inactive time after which BGP session is torn down. The timer is reset after updates and keepalives |
| bgp_password | string | false | - | - |
| add_network_distance | boolean | false | - | - |
| add_network_distance_direction | string | false | - | in or out |
| add_network_distance_hops | integer | false | - | - |
| connection_detail | string | false | - | - |
| type | string | false | - | Indicating Ipsec or GRE over ipsec |
| vpn_type | string | false | - | - |
| gre_interface_address | string | false | - | - |
| route_based_int_address | string | false | - | - |
| route_based_local | string | false | - | - |
| route_based_remote | string | false | - | - |
| psk | string | false | - | - |
Enumerated Values
| Property | Value |
|---|---|
| ping_interface | eth0 |
| ping_interface | tun0 |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Create IPsec traffic pair
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id}/traffic_pairs \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.post_create_ipsec_traffic_pair(endpoint_id,
remote_subnet=remote_subnet,
local_subnet=local_subnet,
ping_ipaddress=ping_ipaddress,
ping_interval=ping_interval,
ping_interface=ping_interface,
enabled=enabled,
description=description)
print(api_response.json())
POST /ipsec/endpoints/{endpoint_id}/traffic_pairs
Create IPsec endpoint traffic pair
Body parameter
{
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interval": 0,
"ping_interface": "string",
"enabled": true,
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
| remote_subnet | body | string | true | Remote subnet for tunnel in CIDR notation |
| local_subnet | body | string | true | Local subnet for tunnel in CIDR notation |
| ping_ipaddress | body | string | false | Exo Ping feature - remote IP destination of ping |
| ping_interval | body | integer | false | Exo Ping feature - periodicy of the ping in seconds |
| ping_interface | body | string | false | Exo Ping feature - what network interface IP of the VNS3 controller to use as the source of ping |
| enabled | body | boolean | false | Disables tunnel if set to false |
| description | body | string | false | - |
Example responses
200 Response
{
"response": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "156398145066351285906955697179258297423716",
"message": "endpoint_id does not exist"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Created | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Permission denied. Max number of tunnels reach | Inline |
| 404 | Not Found | Bad request | Inline |
Response Schema
Status Code 200
IpsecTrafficPairResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Update IPsec traffic pair
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id}/traffic_pairs/{pair_id} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.put_update_ipsec_traffic_pair(endpoint_id,pair_id,
remote_subnet=remote_subnet,
local_subnet=local_subnet,
ping_ipaddress=ping_ipaddress,
ping_interval=ping_interval,
ping_interface=ping_interface,
enabled=enabled,
description=description)
print(api_response.json())
PUT /ipsec/endpoints/{endpoint_id}/traffic_pairs/{pair_id}
Edit IPsec endpoint traffic pair
Body parameter
{
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interval": 0,
"ping_interface": "string",
"enabled": true,
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
| pair_id | path | integer | true | ID for traffic pair |
| remote_subnet | body | string | false | Remote subnet for tunnel in CIDR notation |
| local_subnet | body | string | false | Local subnet for tunnel in CIDR notation |
| ping_ipaddress | body | string | false | Exo Ping feature - remote IP destination of ping |
| ping_interval | body | integer | false | Exo Ping feature - periodicy of the ping in seconds |
| ping_interface | body | string | false | Exo Ping feature - what network interface IP of the VNS3 controller to use as the source of ping |
| enabled | body | boolean | false | Disables tunnel if set to false |
| description | body | string | false | - |
Example responses
200 Response
{
"response": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "156398145066351285906955697179258297423716",
"message": "endpoint_id does not exist"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Created | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Permission denied. | Inline |
| 404 | Not Found | Bad request | Inline |
Response Schema
Status Code 200
IpsecTrafficPairResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete IPsec traffic pair
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id}/traffic_pairs/{pair_id} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.delete_ipsec_traffic_pair(endpoint_id,pair_id)
print(api_response.json())
DELETE /ipsec/endpoints/{endpoint_id}/traffic_pairs/{pair_id}
Delete IPsec traffic pair
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
| pair_id | path | integer | true | ID for traffic pair |
Example responses
200 Response
{
"response": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156398145066351285906955697179258297423716",
"message": "traffic pair id does not exist"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
Response Schema
Status Code 200
IpsecTrafficPairResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Enable IPsec traffic pair
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id}/traffic_pairs/{pair_id}/enable \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.enable_ipsec_traffic_pair(endpoint_id,pair_id)
print(api_response.json())
PUT /ipsec/endpoints/{endpoint_id}/traffic_pairs/{pair_id}/enable
Enable Ipsec Traffic Pair
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
| pair_id | path | integer | true | ID for traffic pair |
Example responses
200 Response
{
"response": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "156398145066351285906955697179258297423716",
"message": "endpoint_id does not exist"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Created | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Permission denied. | Inline |
| 404 | Not Found | Bad request | Inline |
Response Schema
Status Code 200
IpsecTrafficPairResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Disable IPsec traffic pair
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/ipsec/endpoints/{endpoint_id}/traffic_pairs/{pair_id}/disable \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.ipsec.disable_ipsec_traffic_pair(endpoint_id,pair_id)
print(api_response.json())
PUT /ipsec/endpoints/{endpoint_id}/traffic_pairs/{pair_id}/disable
Disable Ipsec Traffic Pair
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| endpoint_id | path | integer | true | ID for IPsec endpoint |
| pair_id | path | integer | true | ID for traffic pair |
Example responses
200 Response
{
"response": {
"id": 1,
"remote_subnet": "string",
"local_subnet": "string",
"ping_ipaddress": "string",
"ping_interface": "string",
"ping_interval": 0,
"enabled": true,
"description": "string",
"ipsec_endpoint_id": 0,
"endpoint_id": 0,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "156398145066351285906955697179258297423716",
"message": "endpoint_id does not exist"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Created | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Permission denied. | Inline |
| 404 | Not Found | Bad request | Inline |
Response Schema
Status Code 200
IpsecTrafficPairResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| id | integer | false | - | - |
| remote_subnet | string | false | - | - |
| local_subnet | string | false | - | - |
| ping_ipaddress | string¦null | false | - | - |
| ping_interface | string | false | - | - |
| ping_interval | integer | false | - | - |
| enabled | boolean | false | - | - |
| description | string¦null | false | - | - |
| ipsec_endpoint_id | integer | false | - | - |
| endpoint_id | integer | false | - | - |
| created_at | string(date-time) | false | - | - |
| updated_at | string(date-time) | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Firewall
Functions for managing Firewall rules, subgroups (chains) and IPSets
Overwrite Firewall v1
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/firewall \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.put_overwrite_firewall(
rules=rules)
print(api_response.json())
PUT /firewall
Put/Overwrite entire firewall. Careful! API v1
Body parameter
{
"rules": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| rules | body | string | true | - |
Example responses
200 Response
{
"response": {
"token": "string",
"status": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
TaskTokenResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| token | string | false | - | - |
| status | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Put Firewall Action v1
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/firewall/actions \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.put_firewall_action(
action=action)
print(api_response.json())
PUT /firewall/actions
Take an action on the firewall
Body parameter
{
"action": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| action | body | string | true | Action to take. Currently only reset_connection_tracking supported |
Example responses
200 Response
{
"response": {
"status": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
SimpleStatusResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| status | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get Firewall Rules v1
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/firewall/rules \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.get_firewall_rules()
print(api_response.json())
GET /firewall/rules
Get a list of current firewall rules API v1
Example responses
200 Response
{
"response": [
[
"string"
]
]
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
FirewallRuleListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | [array] | false | - | - |
| FirewallRuleTuple | [oneOf] | false | - | IPtables firewall rule represented as array [rule, position] |
oneOf
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | string | false | - | - |
xor
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | integer | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Create Firewall Rule v1
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/firewall/rules \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.post_create_firewall_rule(
rule=rule,
position=position)
print(api_response.json())
POST /firewall/rules
Adds a firewall rule to the VNS3 Controller's firewall API v1
Body parameter
{
"rule": "string",
"position": -1
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| rule | body | string | true | New firewall rule string that needs to be compatible with a Linux "iptables" statement |
| position | body | integer | false | Position which the rule will be inserted in the list of Firewall rules. Default is -1, which will post as the next rule in the list |
Example responses
200 Response
{
"response": {
"status": "submitted",
"rule": "MACRO_CUST -o eth0 -s 10.199.2.0/24 -j MASQUERADE",
"token": "15798987631596_5280108744805298913050300048466684878015928855"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "1564155261466915664338789304780698957922014",
"message": "Parse Error - iptables v1.4.21: host/network `10.199.2.0.' not found"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
FirewallRuleOperationResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| status | string | false | - | - |
| rule | string | false | - | - |
| position | integer | false | - | - |
| token | string | false | - | Task token |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete Firewall Rule v1
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/firewall/rules \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.delete_firewall_rule_by_rule(
rule=rule)
print(api_response.json())
DELETE /firewall/rules
Delete firewall rule by passing the actual rule to delete API v1
Body parameter
{
"rule": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| rule | body | string | true | Rule to be deleted |
Example responses
200 Response
{
"response": {
"status": "submitted",
"position": 0,
"rule": "MACRO_CUST -o eth0 -s 10.199.2.0/24 -j MASQUERADE",
"token": "15641553402765_1730986546845926230044120934882999801643412463756"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "1564155261466915664338789304780698957922014",
"message": "either position or rule argument must be provided"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
FirewallRuleOperationResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| status | string | false | - | - |
| rule | string | false | - | - |
| position | integer | false | - | - |
| token | string | false | - | Task token |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete Firewall Rule Position
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/firewall/rules/{position} \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.delete_firewall_rule_by_position(position)
print(api_response.json())
DELETE /firewall/rules/{position}
Delete firewall rule by position in the firewall. The firewall is 0 indexed. So deleting position 0 will remove the first rule in the firewall and the second rule will become the first. API v1
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| position | path | integer | true | index position for firewall rule, 0 is first |
Example responses
200 Response
{
"response": {
"status": "submitted",
"rule": "MACRO_CUST -o eth1 -s 10.0.2.0/24 -j MASQUERADE\\n",
"position": 0,
"token": "15641555503109_367028783492026941846541919926446643820946500940416"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "156415545591919091797511226100046886299005",
"message": "position exceeds the number of rules"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
FirewallRuleOperationResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| status | string | false | - | - |
| rule | string | false | - | - |
| position | integer | false | - | - |
| token | string | false | - | Task token |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get Firewall Subgroups v1
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/firewall/rules/subgroup \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.get_firewall_rule_subgroups(
name=name,
verbose=verbose)
print(api_response.json())
GET /firewall/rules/subgroup
Get a list of current firewall rules at subgroup (chained rules) API v1
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| name | query | string | false | name of resource |
| verbose | query | boolean | false | True for verbose output |
Example responses
200 Response
{
"response": [
"string"
]
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
FirewallSubgroupListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | any | false | - | - |
oneOf
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | [string] | false | - | - |
| FirewallSubgroupRule | string | false | - | Begins with name and is followed by Firewall rule. This is single rule in the chain. |
xor
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| any | [array] | false | - | - |
| FirewallSubgroupRule | string | false | - | Begins with name and is followed by Firewall rule. This is single rule in the chain. |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Create Firewall Subgroup v1
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/firewall/rules/subgroup \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.post_create_firewall_subgroup(
name=name,
position=position,
flush=flush)
print(api_response.json())
POST /firewall/rules/subgroup
Create a new firewall subgroup. Subgroups are named lists of rules that can be "jumped to" from another rule. These are effectively IPtables custom chains. For example, PREROUTING_CUST -s 10.0.2.0/24 -j PRE_C_MYGROUP. API v1
Body parameter
{
"rules": "string",
"name": "string",
"position": 0,
"flush": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| rules | body | string | false | Chained firewall rules seperated by \n. Rule should be preceded by group name |
| name | body | string | false | 'name of the subgroup. Must be valid chain that begins with one of the following: PRE_C_, PST_C_, FWD_C_, INP_C_, OUT_C_.' |
| position | body | integer | false | Position which the chain will be inserted in the list of Firewall rules. Default is 0, which is first in the ruleset |
| flush | body | boolean | false | - |
One of the following param combinations are required:
name
rules
Example responses
200 Response
{
"response": {
"status": "ok",
"rules": "Rule 1\\n Rule 2\\n Rule 3"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "1564155261466915664338789304780698957922014",
"message": "invalid subgroup name - some bad name"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Reload Firewall Subgroups v1
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/firewall/rules/subgroup \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.put_reinitialize_firewall_subgroups(
reinitialize=reinitialize)
print(api_response.json())
PUT /firewall/rules/subgroup
Reload firewall subgroups API v1
Body parameter
{
"reinitialize": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| reinitialize | body | boolean | false | - |
Example responses
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | - |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete Firewall Subgroup v1
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/firewall/rules/subgroup \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.delete_firewall_subgroup(
rules=rules,
name=name)
print(api_response.json())
DELETE /firewall/rules/subgroup
Delete Firewall subgroup by name or rules API v1
Body parameter
{
"rules": "string",
"name": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| rules | body | string | false | Chained firewall rules seperated by "\n" |
| name | body | string | false | Name of the subgroup chain. Must be valid chain name. |
Example responses
200 Response
{
"response": {
"status": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
404 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Chain named some BAD_NAME not found."
}
}
410 Response
{
"error": {
"name": "APINotFoundError",
"log": "15640808375976073208002188741879242245537",
"message": "Chain references remain for CHAIN_NAME, although rules were deleted."
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
| 404 | Not Found | Not found | Inline |
| 410 | Gone | Resource gone | Inline |
Response Schema
Status Code 200
SimpleStatusResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| status | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 404
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 410
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
List Fwsets v1
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/firewall/fwsets \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.get_firewall_fwsets(
name=name,
verbose=verbose)
print(api_response.json())
GET /firewall/fwsets
Get a list of current firewall rule sets. These are IPsets that allow for faster matching of rules against IPs. See http://ipset.netfilter.org for more details. API v1
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| name | query | string | false | name of resource |
| verbose | query | boolean | false | True for verbose output |
Example responses
200 Response
{
"response": [
"string"
]
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
FirewallV1FwsetListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | [string] | false | - | - |
| FirewallV1FwsetString | string | false | - | Begins with name and is followed by Firewall rules. This is an indexed rule that allows for speedy matching on IPs |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Create Fwset v1
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/firewall/fwsets \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.post_create_firewall_fwset(
rules=rules,
name=name,
flush=flush)
print(api_response.json())
POST /firewall/fwsets
Create a new firewall FWSet for fast rule matching API v1
Body parameter
{
"rules": "string",
"name": "string",
"flush": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| rules | body | string | false | Chained firewall rules seperated by "\n" |
| name | body | string | false | 'name of the FWSet. Must be valid chain that begins with one of the following: NETS_, PORTS_, LIST_.' |
| flush | body | boolean | false | - |
Example responses
200 Response
{
"response": {
"status": "ok",
"rules": "Rule 1\\n Rule 2\\n Rule 3"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "1564155261466915664338789304780698957922014",
"message": "invalid FWSet name - some bad name"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Accepted | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Reload all Fwsets
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/firewall/fwsets \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.put_reinitialize_fwsets(
reinitialize=reinitialize)
print(api_response.json())
PUT /firewall/fwsets
Reload all firewall FWsets
Body parameter
{
"reinitialize": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| reinitialize | body | boolean | false | - |
Example responses
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | - |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Delete Fwset v1
Code samples
# You can also use wget
curl -X DELETE -u api:myapipassword https://vns3-host:8000/api/firewall/fwsets \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.delete_firewall_fwset(
rules=rules,
name=name)
print(api_response.json())
DELETE /firewall/fwsets
Delete Firewall FWSet by name or rules API v1
Body parameter
{
"rules": "string",
"name": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| rules | body | string | false | Chained firewall rules seperated by "\n" |
| name | body | string | false | Name of the FWSet. Must be valid chain that begins with one of the following: NETS_, PORTS_, LIST_. |
Example responses
200 Response
{
"response": {
"status": "finished_ok"
}
}
400 Response
{
"error": {
"name": "APIArgumentError",
"log": "1564155261466915664338789304780698957922014",
"message": "More than one FWSet name found in rules"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
SimpleStatusResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| status | string | false | - | - |
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Put firewall action v2
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/v2/firewall/actions \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.put_firewall_action(
action=action)
print(api_response.json())
PUT /v2/firewall/actions
Take an action on the firewall
Body parameter
{
"action": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| action | body | string | true | Action to take. Currently only reset_connection_tracking supported |
Example responses
200 Response
{
"response": {
"status": "string"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
SimpleStatusResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| status | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Get Firewall Rules v2
Code samples
# You can also use wget
curl -X GET -u api:myapipassword https://vns3-host:8000/api/v2/firewall/rules \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.get_firewall_rules(
state=state,
groups=groups,
osview=osview,
tables=tables)
print(api_response.json())
GET /v2/firewall/rules
Get a list of firewall rules API v2
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| state | query | string | false | Filter rules by state, active or disabled |
| groups | query | string | false | Filter by groups. Accepts csv. |
| osview | query | boolean | false | Show operating system level rules |
| tables | query | string | false | Filter by tables. Accepts csv. |
Example responses
200 Response
{
"response": [
{
"id": "fdf43d86e3a303851085",
"rule": "POSTROUTING -s ${vns3_overlay_subnet} -o eth0 ! -d ${vns3_overlay_subnet} -j MASQUERADE-ONCE",
"table": "postrouting",
"rule_resolved": "POSTROUTING -s 100.64.0.0/19 -o eth0 ! -d 100.64.0.0/19 -j MASQUERADE-ONCE",
"position": 0,
"comment": "Source NAT for traffic to the internet",
"last_resolved": "2022-06-06T18:44:14.343Z",
"disabled": true,
"created_at": "2022-06-06T18:44:14.409Z",
"groups": [
"VPN2Internet"
],
"os_rules": []
},
{
"id": "9538949c46f9a9f6d120",
"rule": "FORWARD -o eth0 -ctrack NEW,ESTABLISHED,RELATED -j ACCEPT",
"table": "forward",
"rule_resolved": "FORWARD -o eth0 -ctrack NEW,ESTABLISHED,RELATED -j ACCEPT",
"position": 1,
"comment": "Allow outbound internet access",
"last_resolved": "2022-06-06T18:44:15.566Z",
"disabled": true,
"created_at": "2022-06-06T18:44:15.566Z",
"groups": [
"VPN2Internet"
],
"os_rules": []
},
{
"id": "59f87f2c775793a38441",
"rule": "FORWARD -i eth0 -ctrack NEW, ESTABLISHED,RELATED -j ACCEPT",
"table": "forward",
"rule_resolved": "FORWARD -i eth0 -ctrack NEW, ESTABLISHED,RELATED -j ACCEPT",
"position": 2,
"comment": "Allow response traffic",
"last_resolved": "2022-06-06T18:44:16.743Z",
"disabled": true,
"created_at": "2022-06-06T18:44:16.768Z",
"groups": [
"VPN2Internet"
],
"os_rules": []
},
{
"id": "926bc4e70fc7afcd13b8",
"rule": "FORWARD -s ${vns3_overlay_subnet} -d ${vns3_overlay_subnet} -o eth0 -j DROP",
"table": "forward",
"rule_resolved": "FORWARD -s 100.64.0.0/19 -d 100.64.0.0/19 -o eth0 -j DROP",
"position": 3,
"comment": "Do not allow VPN connected people or devices to reach each other",
"last_resolved": "2022-06-06T18:44:17.907Z",
"disabled": true,
"created_at": "2022-06-06T18:44:17.973Z",
"groups": [
"BlockVPN2VPN"
],
"os_rules": []
},
{
"id": "d12390aa2dd1c14be090",
"rule": "FORWARD -i eth0 -j ACCEPT",
"table": "forward",
"rule_resolved": "FORWARD -i eth0 -j ACCEPT",
"position": 4,
"comment": "",
"last_resolved": "2022-07-12T02:36:38.064Z",
"disabled": true,
"created_at": "2022-07-12T02:36:38.081Z",
"groups": [],
"os_rules": [
{
"rule": "FORWARD_CUST -i eth0 -j ACCEPT",
"position": 0,
"table": "filter",
"rule_type": "iptables"
}
]
}
]
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
FirewallRuleV2ListResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| FirewallRuleV2 | object | false | - | - |
| id | string | false | - | unique random id |
| rule | string | false | - | Unresolved rule |
| rule_resolved | string | false | - | Rule with variables resolved |
| table | string | false | - | - |
| position | integer | false | - | - |
| comment | string | false | - | - |
| last_resolved | string | false | - | - |
| disabled | boolean | false | - | - |
| created_at | string(date-time) | false | - | - |
| groups | [string] | false | - | List of groups that this rule is in |
| os_rules | [object] | false | - | The actuall firewall rules enforced at the operating system level |
| rule | string | false | - | - |
| position | integer | false | - | - |
| table | string | false | - | OS level table. This will differ from the VNS3 level table |
| rule_type | string | false | - | Indicates where this rule exists in OS |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Create Firewall Rule v2
Code samples
# You can also use wget
curl -X POST -u api:myapipassword https://vns3-host:8000/api/v2/firewall/rules \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.post_create_firewall_rule(
rule=rule,
comment=comment,
position=position,
groups=groups,
disabled=disabled)
print(api_response.json())
POST /v2/firewall/rules
Create a VNS3 firewall rule API v2
Body parameter
{
"rule": "string",
"comment": "string",
"rules": [
"string"
],
"position": -1,
"groups": [
"string"
],
"disabled": false
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| rule | body | string | false | firewall rule string |
| comment | body | string | false | - |
| rules | body | [string] | false | list of rules to create |
| position | body | integer | false | starting position for the rule or rules. -1 indicates end of firewall |
| groups | body | [string] | false | List of groups to add this rule to |
| disabled | body | boolean | false | - |
One of the following param combinations are required:
rule
rules
Example responses
201 Response
{
"response": {
"id": "string",
"rule": "string",
"rule_resolved": "string",
"table": "string",
"position": 0,
"comment": "string",
"last_resolved": "string",
"disabled": false,
"created_at": "2019-08-24T14:15:22Z",
"groups": [
"string"
],
"os_rules": [
{
"rule": "string",
"position": 0,
"table": "string",
"rule_type": "string"
}
]
}
}
400 Response
{
"error": {
"name": "APIBadRequestError",
"log": "1564155261466915664338789304780698957922014",
"message": "Parse Error - iptables v1.4.21: host/network `10.199.2.0.' not found"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | created | Inline |
| 400 | Bad Request | Bad request | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 400
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Overwrite Firewall v2
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/v2/firewall/rules \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.put_overwrite_firewall(
rules=rules,
rule= rule,
position= position,
comment= comment,
id= id,
groups= groups,
disabled= disabled)
print(api_response.json())
PUT /v2/firewall/rules
Put/Overwrite entire firewall. Careful! API v2
Body parameter
{
"rules": {
"rule": "string",
"position": 0,
"comment": "string",
"id": "string",
"groups": [
"string"
],
"disabled": false
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| rules | body | object | true | - |
| rule | body | string | true | - |
| position | body | integer | false | position in resulting firewall. default position is position in list |
| comment | body | string | false | - |
| id | body | string | false | optional ID to preserve groups and map errors |
| groups | body | [string] | false | - |
| disabled | body | boolean | false | - |
One of the following param combinations are required:
- rule
Example responses
200 Response
{
"response": {
"rules": [
{
"id": "string",
"rule": "string",
"rule_resolved": "string",
"table": "string",
"position": 0,
"comment": "string",
"last_resolved": "string",
"disabled": false,
"created_at": "2019-08-24T14:15:22Z",
"groups": [
"string"
],
"os_rules": [
{
"rule": "string",
"position": 0,
"table": "string",
"rule_type": "string"
}
]
}
],
"errors": [
{
"rule": "string",
"error": "string"
}
]
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"
}
}
403 Response
{
"response": {
"message": "Must be licensed first",
"log": "123901290309083024802120939123901023091239",
"name": "PrerequisiteError"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 401 | Unauthorized | Authentication information missing or invalid | Inline |
| 403 | Forbidden | Request Forbidden - operation not allowed | Inline |
Response Schema
Status Code 200
FirewallBulkWriteResponse
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| response | object | false | - | - |
| rules | [object] | false | - | - |
| FirewallRuleV2 | object | false | - | - |
| id | string | false | - | unique random id |
| rule | string | false | - | Unresolved rule |
| rule_resolved | string | false | - | Rule with variables resolved |
| table | string | false | - | - |
| position | integer | false | - | - |
| comment | string | false | - | - |
| last_resolved | string | false | - | - |
| disabled | boolean | false | - | - |
| created_at | string(date-time) | false | - | - |
| groups | [string] | false | - | List of groups that this rule is in |
| os_rules | [object] | false | - | The actuall firewall rules enforced at the operating system level |
| rule | string | false | - | - |
| position | integer | false | - | - |
| table | string | false | - | OS level table. This will differ from the VNS3 level table |
| rule_type | string | false | - | Indicates where this rule exists in OS |
| errors | [object] | false | - | List of rules that errored |
| rule | string | false | - | - |
| error | string | false | - | - |
Status Code 403
Error
| Name | Type | Required | Constraints | Description |
|---|---|---|---|---|
| error | object | false | - | - |
| name | string | false | - | - |
| log | string | false | - | - |
| message | string | false | - | - |
Update Firewall Rule
Code samples
# You can also use wget
curl -X PUT -u api:myapipassword https://vns3-host:8000/api/v2/firewall/rules/{id} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
from cohesivenet import VNS3Client
api_response = vns3_client.firewall.put_update_firewall_rule(id,
rule=rule,
comment=comment,
groups=groups,
disabled=disabled)
print(api_response.json())
PUT /v2/firewall/rules/{id}
Update firewall rule
Body parameter
{
"rule": "string",
"comment": "string",
"groups": [
"string"
],
"disabled": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | path | string | true | Rule ID |
| rule | body | string | false | firewall rule string |
| comment | body | string | false | - |
| groups | body | [string] | false | - |
| disabled | body | boolean | false | if true, rule will be disabled |
Example responses
200 Response
{
"response": {
"id": "string",
"rule": "string",
"rule_resolved": "string",
"table": "string",
"position": 0,
"comment": "string",
"last_resolved": "string",
"disabled": false,
"created_at": "2019-08-24T14:15:22Z",
"groups": [
"string"
],
"os_rules": [
{
"rule": "string",
"position": 0,
"table": "string",
"rule_type": "string"
}
],
"errors": [
"string"
]
}
}
400 Response
{
"error": {
"name": "APIBadRequestError",
"log": "1564155261466915664338789304780698957922014",
"message": "Invalid rule"
}
}
Authentication information missing or invalid
{
"error": {
"name": "UnauthorizedError",
"log": "1563472268929826518356034508450851266833526",
"message": "Invalid or expired token"