You can call this operation to create an IPsec VPN connection.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | CreateVpnConnection |
The operation that you want to perform. Set the value to CreateVpnConnection. |
CustomerGatewayId | String | Yes | vpn-bp1q8bgx4xnk**** |
The ID of the customer gateway. |
LocalSubnet | String | Yes | 1.1.1.0/24,1.1.2.0/24 |
The CIDR block of the VPC to be connected with the on-premises data center. This parameter is used for Phase 2 negotiations. Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24. |
RegionId | String | Yes | cn-shanghai |
The region ID of the IPsec VPN connection. You can call the DescribeRegions operation to query the region ID. |
RemoteSubnet | String | Yes | 1.1.1.0/24,1.1.2.0/24 |
The CIDR block of the on-premises data center. This parameter is used for Phase 2 negotiations. Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24. |
VpnGatewayId | String | Yes | vpn-bp1q8bgx4xnkm**** |
The ID of the VPN gateway. |
ClientToken | String | No | 02fb3da4-130e-11e9-8e44-001**** |
The client token that is used to guarantee the idempotence of the request. This parameter value is generated by the client and must be unique. The token must be 1 to 64 ASCII characters in length. |
Name | String | No | IPsec |
The name of the IPsec VPN connection. The name must be 2 to 128 characters in length and can contain letters, Chinese characters,
digits, periods (.), underscores (_), and hyphens (-). It must start with a letter
or Chinese character and cannot start with |
EffectImmediately | Boolean | No | false |
Specifies whether to delete a negotiated IPsec VPN tunnel and initiate a negotiation again. Valid values:
|
IkeConfig | String | No | {"IkeVersion":"ikev1","IkeMode":"main","IkeEncAlg":"aes","IkeAuthAlg":"sha1","IkePfs":"group2","IkeLifetime":86400} |
The configurations of Phase 1 negotiations:
|
IpsecConfig | String | No | {"IpsecEncAlg":"aes","IpsecAuthAlg":"sha1","IpsecPfs":"group2","IpsecLifetime":86400} |
The configurations of Phase 2 negotiations:
|
HealthCheckConfig | String | No | {"enable":"true","dip":"192.168.xx.2","sip":"192.168.xx.2","interval":"3","retry":"3"} |
The health check configurations:
|
AutoConfigRoute | Boolean | No | true |
Specifies whether to automatically configure routes. Valid values:
|
EnableDpd | Boolean | No | true |
Specifies whether to enable dead peer detection (DPD). Valid values:
|
EnableNatTraversal | Boolean | No | true |
Specifies whether to enable the NAT traversal feature. Valid values:
|
BgpConfig | String | No | {"EnableBgp":"true","LocalAsn":"10001","TunnelCidr":"169.254.11.0/30","LocalBgpIp":"169.254.11.1"} |
BGP configurations:
|
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
VpnConnectionId | String | vco-bp15oes1py4i6**** |
The ID of the IPsec VPN connection. |
CreateTime | Long | 1544666102000 |
The time when the IPsec VPN connection was created. |
Name | String | test |
The name of the IPsec VPN connection. |
RequestId | String | 082AD562-B8DB-4BB2-861F-DA1FCA01FD76 |
The ID of the request. |
Examples
Sample requests:
http(s)://[Endpoint]/? Action=CreateVpnConnection
&CustomerGatewayId=vpn-bp1q8bgx4xnk****
&LocalSubnet=1.1.1.0/24,1.1.2.0/24
&RegionId=cn-shanghai
&RemoteSubnet=1.1.1.0/24,1.1.2.0/24
&VpnGatewayId=vpn-bp1q8bgx4xnkm****
&<Common request parameter>
Sample success response
XML
format
<CreateVpnConnectionResponse>
<VpnConnectionId>vco-bp1bbi27hojx8****</VpnConnectionId>
<CreateTime>1493363928000</CreateTime>
</CreateVpnConnectionResponse>
JSON
format
{
"CreateTime": 1544666102000,
"VpnConnectionId": "vco-bp15oes1py4i6****"
}
Error codes
HttpCode | Error code | Error message | Description |
---|---|---|---|
403 | Forbbiden.SubUser | User not authorized to operate on the specified resource as your account is created by another user. | The error message returned because you are not authorized to perform this operation on the specified resource. You can apply for the permission and try again. |
403 | Forbidden | User not authorized to operate on the specified resource. | The error message returned because you are not authorized to perform this operation on the specified resource. To require the permission, submit a ticket. |
400 | Resource.QuotaFull | The quota of resource is full | The error message returned because the resource quota has reached the upper limit. |
404 | InvalidCustomerGatewayInstanceId.NotFound | The specified customer gateway instance id does not exist. | The error message returned because the specified instance ID does not exist. |
404 | InvalidVpnGatewayInstanceId.NotFound | The specified vpn gateway instance id does not exist. | The error message returned because the specified VPN gateway does not exist. You can check whether the configuration of the VPN connection is valid. |
400 | InvalidVpnConnection.AlreadyExists | Vpn connection already exists. | The error message returned because the VPN connection already exists. |
400 | VpnGateway.Configuring | The specified service is configuring. | The error message returned because the specified service is being configured. Try again later. |
400 | VpnGateway.FinancialLocked | The specified service is financial locked. | The error message returned because the service is overdue. Add funds before you enable the service. |
400 | QuotaExceeded.PolicyBasedRoute | The maximum number of policy-based routes is exceeded. Existing routes: %s. Routes to be created: %s. Maximum routes: %s. | The error message returned because the number of policy-based routing entries has reached the upper limit. The maximum number of entries that you can create is %s. The number of existing entries is %s. You are now creating %s entries. |
For a list of error codes, visit the API Error Center.