Queries one or more IPsec-VPN connections.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | DescribeVpnConnections |
The operation that you want to perform. Set the value to DescribeVpnConnections. |
RegionId | String | Yes | cn-hangzhou |
The region where the IPsec-VPN connection is deployed. You can call the DescribeRegions operation to query the region IDs. |
VpnGatewayId | String | No | vpn-bp1q8bgx4xnkx**** |
The ID of the VPN gateway. |
CustomerGatewayId | String | No | cgw-bp1mvj4g9kogw**** |
The ID of the customer gateway. |
PageNumber | Integer | No | 1 |
The number of the page to return. Default value: 1. |
PageSize | Integer | No | 10 |
The number of entries to return on each page. Maximum value: 50. Default value: 10. |
VpnConnectionId | String | No | vco-bp15oes1py4i6**** |
The name of the IPsec-VPN connection. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
VpnConnections | Array |
The details of the IPsec-VPN connection. |
|
VpnConnection | |||
IkeConfig | Struct |
The configurations of Phase 1 negotiations. |
|
IkeAuthAlg | String | sha1 |
The IKE authentication algorithm. |
IkeEncAlg | String | aes |
The IKE encryption algorithm. |
IkeLifetime | Long | 86400 |
The IKE lifetime. |
IkeMode | String | main |
The IKE mode. Both the main mode and aggressive mode are supported. The main mode features high security. If NAT traversal is enabled, we recommend that you select the aggressive mode. |
IkePfs | String | group2 |
The DH group. |
IkeVersion | String | ikev1 |
The IKE version. |
LocalId | String | 116.xx.xx.64 |
The local ID of the VPN gateway. The default value is the IP address of the VPN gateway. Both fully qualified domain name (FQDN) and IP address formats are supported. |
Psk | String | pgw6dy7dxxxxxxxx |
The pre-shared key. |
RemoteId | String | 139.xx.xx.167 |
The ID of the peer. By default, it is the IP address of the customer gateway. Both FQDN and IP formats are supported. |
IpsecConfig | Struct |
The configurations for Phase 2 negotiations. |
|
IpsecAuthAlg | String | sha1 |
The IPsec authentication algorithm. |
IpsecEncAlg | String | aes |
The IPsec encryption algorithm. |
IpsecLifetime | Long | 86400 |
The IPsec lifetime. |
IpsecPfs | String | group2 |
The DH group. |
VpnConnectionId | String | vco-bp10lz7aejumd**** |
The ID of the IPsec-VPN connection. |
CustomerGatewayId | String | vpn-bp1q8bgx4xnk**** |
The ID of the customer gateway. |
VpnGatewayId | String | vpn-bp1q8bgx4xnkm**** |
The ID of the VPN gateway. |
Name | String | name |
The name of the IPsec-VPN connection. |
LocalSubnet | String | 1.1.1.0/24,1.1.2.0/24 |
The CIDR block of the VPC. |
RemoteSubnet | String | 1.1.1.0/24,1.1.2.0/24 |
The CIDR block of the on-premises data center. |
CreateTime | Long | 1492753817000 |
The time when the IPsec-VPN connection was created. |
Status | String | ipsec_sa_established |
The status of the connection.
|
EffectImmediately | Boolean | true |
Indicates whether the connection immediately takes effect.
|
EnableDpd | Boolean | true |
Indicates whether dead peer detection (DPD) is enabled.
|
EnableNatTraversal | Boolean | true |
Indicates whether to enable the NAT traversal feature.
|
VcoHealthCheck | Struct |
The health check configurations. |
|
Dip | String | 8.xx.xx.8 |
The destination IP address configured for health checks. |
Enable | String | true |
The status of the health check.
|
Interval | Integer | 2 |
The interval between two consecutive health checks. Unit: seconds. |
Retry | Integer | 3 |
The number of times that health check packets are resent. |
Sip | String | 192.xx.xx.66 |
The source IP address configured for health checks. |
Status | String | success |
The result of the health check.
|
VpnBgpConfig | Struct |
BGP configuration information. |
|
LocalAsn | String | 10001 |
The local autonomous system number. |
LocalBgpIp | String | 169.254.10.2 |
The BGP address of the local VPN gateway that belongs to the CIDR block of the IPsec tunnel. |
PeerAsn | String | 10002 |
The peer autonomous system number. |
PeerBgpIp | String | 169.254.10.1 |
The BGP address of the peer. It is an IP address within the IPsec tunnel CIDR block. |
Status | String | success |
The BGP status
|
TunnelCidr | String | 169.254.10.0/30 |
The CIDR block of the IPsec tunnel. The subnet mask of the CIDR block is 30 bits within 169.254.0.0/16. |
TotalCount | Integer | 10 |
The total number of entries. |
PageNumber | Integer | 1 |
The number of the returned page. |
PageSize | Integer | 10 |
The number of entries returned per page. |
RequestId | String | 54A4B3D0-DF4D-4C54-B8DC-5DC8DD49C939 |
The ID of the request. |
Examples
Sample requests
https://vpc.aliyuncs.com/?Action=DescribeVpnConnections
&RegionId=cn-hangzhou
&<Common request parameters>
Sample success responses
XML
format
<DescribeVpnConnections>
<TotalCount>2</TotalCount>
<RequestId>238752DC-0693-49BE-9C85-711D5691D3E5</RequestId>
<PageSize>10</PageSize>
<PageNumber>1</PageNumber>
<VpnConnections>
<VpnConnection>
<LocalSubnet>10.0.0.0/8</LocalSubnet>
<Status>ipsec_sa_established</Status>
<CustomerGatewayId>cgw-gw8usu4zsk23pf69f****</CustomerGatewayId>
<CreateTime>1590495160000</CreateTime>
<Name>VPN1-CGW22</Name>
<EffectImmediately>false</EffectImmediately>
<RemoteSubnet>192.168.0.0/16</RemoteSubnet>
<VcoHealthCheck>
<Status>failed</Status>
<Enable>true</Enable>
<Dip>192.168.0.1</Dip>
<Sip>192.168.0.2</Sip>
<Retry>2</Retry>
<Interval>2</Interval>
</VcoHealthCheck>
<VpnGatewayId>vpn-gw8bvv722zwjht7ia****</VpnGatewayId>
<IpsecConfig>
<IpsecPfs>group2</IpsecPfs>
<IpsecEncAlg>aes</IpsecEncAlg>
<IpsecAuthAlg>sha1</IpsecAuthAlg>
<IpsecLifetime>86400</IpsecLifetime>
</IpsecConfig>
<VpnConnectionId>vco-gw8tylx7hvwhl7tu8****</VpnConnectionId>
<IkeConfig>
<IkeAuthAlg>sha1</IkeAuthAlg>
<LocalId>8.xx.xx.192</LocalId>
<IkeEncAlg>aes</IkeEncAlg>
<IkeVersion>ikev1</IkeVersion>
<IkeMode>main</IkeMode>
<IkeLifetime>86400</IkeLifetime>
<Psk>123456</Psk>
<RemoteId>8.xx.xx.146</RemoteId>
<IkePfs>group2</IkePfs>
</IkeConfig>
<VpnBgpConfig>
<Status>success</Status>
<LocalAsn>10001</LocalAsn>
<TunnelCidr>169.254.10.0/30</TunnelCidr>
<PeerBgpIp>169.254.10.2</PeerBgpIp>
<PeerAsn>10001</PeerAsn>
<LocalBgpIp>169.254.10.1</LocalBgpIp>
</VpnBgpConfig>
</VpnConnection>
<VpnConnection>
<LocalSubnet>192.168.0.0/16</LocalSubnet>
<Status>ipsec_sa_established</Status>
<CustomerGatewayId>cgw-gw819u3zrifo8m5iz****</CustomerGatewayId>
<CreateTime>1590495260000</CreateTime>
<Name>VPN2-CGW1</Name>
<EffectImmediately>false</EffectImmediately>
<RemoteSubnet>10.0.0.0/8</RemoteSubnet>
<VcoHealthCheck>
<Status>success</Status>
<Enable>true</Enable>
<Dip>192.168.0.1</Dip>
<Sip>192.168.0.56</Sip>
<Retry>2</Retry>
<Interval>2</Interval>
</VcoHealthCheck>
<VpnGatewayId>vpn-gw8uofjyg2db32o89****</VpnGatewayId>
<IpsecConfig>
<IpsecPfs>group2</IpsecPfs>
<IpsecEncAlg>aes</IpsecEncAlg>
<IpsecAuthAlg>sha1</IpsecAuthAlg>
<IpsecLifetime>86400</IpsecLifetime>
</IpsecConfig>
<VpnConnectionId>vco-gw837v1ybfh74b6dy****</VpnConnectionId>
<IkeConfig>
<IkeAuthAlg>sha1</IkeAuthAlg>
<LocalId>8.xx.xx.146</LocalId>
<IkeEncAlg>aes</IkeEncAlg>
<IkeVersion>ikev1</IkeVersion>
<IkeMode>main</IkeMode>
<IkeLifetime>86400</IkeLifetime>
<Psk>123456</Psk>
<RemoteId>8.xx.xx.192</RemoteId>
<IkePfs>group2</IkePfs>
</IkeConfig>
<VpnBgpConfig>
<Status>success</Status>
<LocalAsn>10001</LocalAsn>
<TunnelCidr>169.254.10.0/30</TunnelCidr>
<PeerBgpIp>169.254.10.1</PeerBgpIp>
<PeerAsn>10001</PeerAsn>
<LocalBgpIp>169.254.10.2</LocalBgpIp>
</VpnBgpConfig>
</VpnConnection>
</VpnConnections>
</DescribeVpnConnections>
JSON
format
{
"TotalCount": 2,
"RequestId": "238752DC-0693-49BE-9C85-711D5691D3E5",
"PageSize": 10,
"PageNumber": 1,
"VpnConnections": {
"VpnConnection": [
{
"LocalSubnet": "10.0.0.0/8",
"Status": "ipsec_sa_established",
"CustomerGatewayId": "cgw-gw8usu4zsk23pf69f****",
"CreateTime": 1590495160000,
"Name": "VPN1-CGW22",
"EffectImmediately": false,
"RemoteSubnet": "192.168.0.0/16",
"VcoHealthCheck": {
"Status": "failed",
"Enable": "true",
"Dip": "192.168.0.1",
"Sip": "192.168.0.2",
"Retry": 2,
"Interval": 2
},
"VpnGatewayId": "vpn-gw8bvv722zwjht7ia****",
"IpsecConfig": {
"IpsecPfs": "group2",
"IpsecEncAlg": "aes",
"IpsecAuthAlg": "sha1",
"IpsecLifetime": 86400
},
"VpnConnectionId": "vco-gw8tylx7hvwhl7tu8****",
"IkeConfig": {
"IkeAuthAlg": "sha1",
"LocalId": "8.xx.xx.192",
"IkeEncAlg": "aes",
"IkeVersion": "ikev1",
"IkeMode": "main",
"IkeLifetime": 86400,
"Psk": "123456",
"RemoteId": "8.xx.xx.146",
"IkePfs": "group2"
},
"VpnBgpConfig": {
"Status": "success",
"LocalAsn": 10001,
"TunnelCidr": "169.254.10.0/30",
"PeerBgpIp": "169.254.10.2",
"PeerAsn": 10001,
"LocalBgpIp": "169.254.10.1"
}
},
{
"LocalSubnet": "192.168.0.0/16",
"Status": "ipsec_sa_established",
"CustomerGatewayId": "cgw-gw819u3zrifo8m5iz****",
"CreateTime": 1590495260000,
"Name": "VPN2-CGW1",
"EffectImmediately": false,
"RemoteSubnet": "10.0.0.0/8",
"VcoHealthCheck": {
"Status": "success",
"Enable": "true",
"Dip": "192.168.0.1",
"Sip": "192.168.0.56",
"Retry": 2,
"Interval": 2
},
"VpnGatewayId": "vpn-gw8uofjyg2db32o89****",
"IpsecConfig": {
"IpsecPfs": "group2",
"IpsecEncAlg": "aes",
"IpsecAuthAlg": "sha1",
"IpsecLifetime": 86400
},
"VpnConnectionId": "vco-gw837v1ybfh74b6dy****",
"IkeConfig": {
"IkeAuthAlg": "sha1",
"LocalId": "8.xx.xx.146",
"IkeEncAlg": "aes",
"IkeVersion": "ikev1",
"IkeMode": "main",
"IkeLifetime": 86400,
"Psk": "123456",
"RemoteId": "8.xx.xx.192",
"IkePfs": "group2"
},
"VpnBgpConfig": {
"Status": "success",
"LocalAsn": 10001,
"TunnelCidr": "169.254.10.0/30",
"PeerBgpIp": "169.254.10.1",
"PeerAsn": 10001,
"LocalBgpIp": "169.254.10.2"
}
}
]
}
}
Error codes
HttpCode | Error code | Error message | Description |
---|---|---|---|
403 | Forbbiden.SubUser | User not authorized to operate on the specified resource as your account is created by another user. | The error message returned because you are not authorized to perform this operation on the specified resource. You can apply for the permission and try again. |
403 | Forbidden | User not authorized to operate on the specified resource. | The error message returned because you are not authorized to perform this operation on the specified resource. To acquire the required permissions, submit a ticket. |
For a list of error codes, visit the API Error Center.