 
    New in version 2.5.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | 
|---|---|---|
| account 
                    string
                                         | Account the VPN customer gateway is related to. | |
| api_http_method 
                    string
                                         | 
 | HTTP method used to query the API endpoint. If not given, the  CLOUDSTACK_METHODenv variable is considered.As the last option, the value is taken from the ini config file, also see the notes. Fallback value is  getif not specified. | 
| api_key 
                    string
                                         | API key of the CloudStack API. If not given, the  CLOUDSTACK_KEYenv variable is considered.As the last option, the value is taken from the ini config file, also see the notes. | |
| api_region 
                    string
                                         | Default: "cloudstack" | Name of the ini section in the  cloustack.inifile.If not given, the  CLOUDSTACK_REGIONenv variable is considered. | 
| api_secret 
                    string
                                         | Secret key of the CloudStack API. If not set, the  CLOUDSTACK_SECRETenv variable is considered.As the last option, the value is taken from the ini config file, also see the notes. | |
| api_timeout 
                    integer
                                         | HTTP timeout in seconds. If not given, the  CLOUDSTACK_TIMEOUTenv variable is considered.As the last option, the value is taken from the ini config file, also see the notes. Fallback value is 10 seconds if not specified. | |
| api_url 
                    string
                                         | URL of the CloudStack API e.g. https://cloud.example.com/client/api. If not given, the  CLOUDSTACK_ENDPOINTenv variable is considered.As the last option, the value is taken from the ini config file, also see the notes. | |
| cidrs 
                    list
                                         | List of guest CIDRs behind the gateway. Required if state=present. aliases: cidr | |
| domain 
                    string
                                         | Domain the VPN customer gateway is related to. | |
| dpd 
                    boolean
                                         | 
 | Enable Dead Peer Detection. Disabled per default by the API on creation if not set. | 
| esp_lifetime 
                    integer
                                         | Lifetime in seconds of phase 2 VPN connection. Defaulted to 3600 by the API on creation if not set. | |
| esp_policy 
                    string
                                         | ESP policy in the format e.g.  aes256-sha1;modp1536.Required if state=present. | |
| force_encap 
                    boolean
                                         | 
 | Force encapsulation for NAT traversal. Disabled per default by the API on creation if not set. | 
| gateway 
                    string
                                         | Public IP address of the gateway. Required if state=present. | |
| ike_lifetime 
                    integer
                                         | Lifetime in seconds of phase 1 VPN connection. Defaulted to 86400 by the API on creation if not set. | |
| ike_policy 
                    string
                                         | IKE policy in the format e.g.  aes256-sha1;modp1536.Required if state=present. | |
| ipsec_psk 
                    string
                                         | IPsec Preshared-Key. Cannot contain newline or double quotes. Required if state=present. | |
| name 
                    string
                     / required                     | Name of the gateway. | |
| poll_async 
                    boolean
                                         | 
 | Poll async jobs until job has finished. | 
| project 
                    string
                                         | Name of the project the VPN gateway is related to. | |
| state 
                    string
                                         | 
 | State of the VPN customer gateway. | 
Note
cs library’s configuration method if credentials are not provided by the arguments api_url, api_key, api_secret. Configuration is read from several locations, in the following order. The CLOUDSTACK_ENDPOINT, CLOUDSTACK_KEY, CLOUDSTACK_SECRET and CLOUDSTACK_METHOD. CLOUDSTACK_TIMEOUT environment variables. A CLOUDSTACK_CONFIG environment variable pointing to an .ini file. A cloudstack.ini file in the current working directory. A .cloudstack.ini file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini. Use the argument api_region to select the section name, default section is cloudstack. See https://github.com/exoscale/cs for more information.- name: Create a vpn customer gateway
  cs_vpn_customer_gateway:
    name: my vpn customer gateway
    cidrs:
    - 192.168.123.0/24
    - 192.168.124.0/24
    esp_policy: aes256-sha1;modp1536
    gateway: 10.10.1.1
    ike_policy: aes256-sha1;modp1536
    ipsec_psk: "S3cr3Tk3Y"
  delegate_to: localhost
- name: Remove a vpn customer gateway
  cs_vpn_customer_gateway:
    name: my vpn customer gateway
    state: absent
  delegate_to: localhost
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | 
|---|---|---|
| account string | success | Account the VPN customer gateway is related to. Sample: example account | 
| cidrs list | success | List of CIDRs of this customer gateway. Sample: ['10.10.10.0/24'] | 
| domain string | success | Domain the VPN customer gateway is related to. Sample: example domain | 
| dpd boolean | success | Whether dead pear detection is enabled or not. Sample: True | 
| esp_lifetime integer | success | Lifetime in seconds of phase 2 VPN connection. Sample: 86400 | 
| esp_policy string | success | IKE policy of the VPN customer gateway. Sample: aes256-sha1;modp1536 | 
| force_encap boolean | success | Whether encapsulation for NAT traversal is enforced or not. Sample: True | 
| gateway string | success | IP address of the VPN customer gateway. Sample: 10.100.212.10 | 
| id string | success | UUID of the VPN customer gateway. Sample: 04589590-ac63-4ffc-93f5-b698b8ac38b6 | 
| ike_lifetime integer | success | Lifetime in seconds of phase 1 VPN connection. Sample: 86400 | 
| ike_policy string | success | ESP policy of the VPN customer gateway. Sample: aes256-sha1;modp1536 | 
| name string | success | Name of this customer gateway. Sample: my vpn customer gateway | 
| project string | success | Name of project the VPN customer gateway is related to. Sample: Production | 
Hint
If you notice any issues in this documentation you can edit this document to improve it.