All Products
Search
Document Center

Resource Orchestration Service:ALIYUN::VPC::VpnGateway

Last Updated:Dec 08, 2023

ALIYUN::VPC::VpnGateway is used to create a VPN gateway.

Syntax

{
  "Type": "ALIYUN::VPC::VpnGateway",
  "Properties": {
    "VpcId": String,
    "VSwitchId": String,
    "Description": String,
    "EnableIpsec": Boolean,
    "AutoPay": Boolean,
    "Period": Integer,
    "EnableSsl": Boolean,
    "Bandwidth": Integer,
    "InstanceChargeType": String,
    "SslConnections": Integer,
    "Name": String,
    "Tags": List,
    "VpnType": String,
    "NetworkType": String,
    "DisasterRecoveryVSwitchId": String
  }
}

Properties

Property

Type

Required

Editable

Description

Constraint

VpcId

String

Yes

No

The ID of the VPC to which the VPN gateway belongs.

None.

VSwitchId

String

No

No

The ID of the vSwitch to which the VPN gateway belongs.

None.

Description

String

No

Yes

The description of the VPN gateway.

The description must be 2 to 256 characters in length. It must start with a letter but cannot start with http:// or https://.

EnableIpsec

Boolean

No

No

Specifies whether to enable the IPsec-VPN feature.

Valid values:

  • true (default)

  • false

The IPsec-VPN feature provides site-to-site connections. You can create an IPsec tunnel to connect a data center to a VPC, or connect two VPCs.

AutoPay

Boolean

No

No

Specifies whether to enable automatic payment for the VPN gateway.

Valid values:

  • true (default)

  • false

Period

Integer

No

No

The subscription duration.

Valid values:

  • 1

  • 2

  • 3

  • 4

  • 5

  • 6

  • 7

  • 8

  • 9

  • 12

  • 24

  • 36

Unit: months.

This property is required when the InstanceChargeType parameter is set to PREPAY.

EnableSsl

Boolean

No

No

Specifies whether to enable the SSL-VPN feature for the VPN gateway.

Valid values:

  • true

  • false (default)

The SSL-VPN feature provides point-to-site connections. You can use the client to access the VPN without configuring a gateway for the client.

Bandwidth

Integer

Yes

No

The public bandwidth of the VPN gateway.

Valid values:

  • 5

  • 10

  • 20

  • 50

  • 100

Unit: Mbit/s.

InstanceChargeType

String

No

No

The billing method of the VPN gateway.

Set the value to PREPAY, which indicates that the billing method is subscription.

SslConnections

Integer

No

No

The maximum number of clients that can be connected at the same time.

None.

Name

String

No

Yes

The name of the VPN gateway.

The name must be 2 to 100 characters in length and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter but cannot start with http:// or https://.

The default value is the ID of the VPN gateway.

Tags

List

No

Yes

The tags of the VPN gateway.

You can specify up to 20 tags.

For more information, see Tags properties.

VpnType

String

No

No

The type of the VPN gateway.

Valid values:

  • Normal (default)

  • NationalStandard

NetworkType

String

No

No

The network type of the VPN gateway.

Valid values:

  • public (default)

  • private

DisasterRecoveryVSwitchId

String

No

No

The ID of the second vSwitch with which you want to associate the VPN gateway.

  • If you call this operation in a region that supports the IPsec-VPN connections in dual-tunnel mode, this property is required.

  • You need to specify two vSwitches in different zones from the VPC associated with the VPN gateway to implement disaster recovery across zones.

  • For a region that supports only one zone, disaster recovery across zones is not supported. We recommend that you specify two vSwitches in the zone to implement high availability. You can specify the same vSwitch.

For more information about the regions and zones that support the IPsec-VPN connections in dual-tunnel mode, see IPsec-VPN connections support the dual-tunnel mode.

Tags syntax

"Tags": [
  {
    "Key": String,
    "Value": String
  }
]  

Tags properties

Property

Type

Required

Editable

Description

Constraint

Key

String

Yes

No

The key of the tag.

The tag key must be 1 to 128 characters in length, and cannot contain http:// or https://. It cannot start with aliyun or acs:.

Value

String

No

No

The value of the tag.

The tag value can be up to 128 characters in length, and cannot contain http:// or https://. It cannot start with aliyun or acs:.

Return values

Fn::GetAtt

  • OrderId: the order ID.

  • VpnGatewayId: the ID of the VPN gateway.

  • InternetIp: the public IP address of the VPN gateway.

  • SslMaxConnections: the maximum number of SSL-VPN clients that can be connected.

  • Spec: the maximum bandwidth of the VPN gateway.

  • DisasterRecoveryVSwitchId: the ID of the second vSwitch associated with the VPN gateway.

  • VpnType: the type of the VPN gateway.

  • VpcId: the ID of the VPC to which the VPN gateway belongs.

  • SslVpnInternetIp: the IP address of the SSL-VPN connection.

  • DisasterRecoveryInternetIp: the second IP address assigned by the system to create an IPsec-VPN connection.

  • VSwitchId: the ID of the vSwitch associated with the VPN gateway.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
 AutoPay:
  AllowedValues:
  - 'True'
  - 'true'
  - 'False'
  - 'false'
  Default: true
  Description: 'Whether to automatically pay the bill of the VPN gateway, the value:

   True: Automatically pays the bill for the VPN gateway.

   False (default): Does not automatically pay the bill for the VPN gateway.'
  Type: Boolean
 Bandwidth:
  AllowedValues:
  - 5
  - 10
  - 20
  - 50
  - 100
  - 200
  Description: 'The public network bandwidth of the VPN gateway, in Mbps.

   Value: 5|10|20|50|100|200.'
  Type: Number
 Description:
  Description: 'Description of the VPN gateway.

   The length is 2-256 characters and must start with a letter or Chinese, but
   cannot start with http:// or https://.'
  MaxLength: 256
  MinLength: 2
  Type: String
 EnableIpsec:
  AllowedValues:
  - 'True'
  - 'true'
  - 'False'
  - 'false'
  Default: true
  Description: 'Whether to enable IPsec-VPN. The IPsec-VPN feature provides a site-to-site
   connection. You can securely connect your local data center network to a private
   network or two proprietary networks by creating an IPsec tunnel. Value:

   True (default): Enables the IPsec-VPN feature.

   False: The IPsec-VPN function is not enabled.'
  Type: Boolean
 EnableSsl:
  AllowedValues:
  - 'True'
  - 'true'
  - 'False'
  - 'false'
  Default: false
  Description: 'Enable the SSL-VPN function. Provide point-to-site VPN connection,
   no need to configure customer gateway, terminal directly access. Value:

   True: Enable SSL-VPN.

   False (default): Does not enable SSL-VPN.'
  Type: Boolean
 InstanceChargeType:
  AllowedValues:
  - PREPAY
  - POSTPAY
  Default: PREPAY
  Description: 'Accounting type of the VPN gateway, the value is:

   PREPAY, POSTPAY'
  Type: String
 Name:
  Description: 'Name of the VPN gateway. The default value is the ID of the VPN
   gateway.

   The length is 2~100 English or Chinese characters. It must start with a large
   or small letter or Chinese. It can contain numbers, underscores (_) and dashes
   (-). It cannot start with http:// or https://.'
  MaxLength: 100
  MinLength: 2
  Type: String
 Period:
  AllowedValues:
  - 1
  - 2
  - 3
  - 4
  - 5
  - 6
  - 7
  - 8
  - 9
  - 12
  - 24
  - 36
  Description: 'Purchase time, value: 1~9|12|24|36.

   When the value of the InstanceChargeType parameter is PREPAY, this parameter
   is mandatory.'
  Type: Number
 SslConnections:
  Description: The maximum number of clients allowed to connect at the same time.
  Type: Number
 Tags:
  Description: Tags to attach to instance. Max support 20 tags to add during create
   instance. Each tag with two properties Key and Value, and Key is required.
  MaxLength: 20
  Type: Json
 VSwitchId:
  Description: The ID of the VSwitch to which the VPN gateway belongs.
  Type: String
 VpcId:
  Description: VPC ID to which the VPN gateway belongs.
  Type: String
Resources:
 VpnGateway:
  Properties:
   AutoPay:
    Ref: AutoPay
   Bandwidth:
    Ref: Bandwidth
   Description:
    Ref: Description
   EnableIpsec:
    Ref: EnableIpsec
   EnableSsl:
    Ref: EnableSsl
   InstanceChargeType:
    Ref: InstanceChargeType
   Name:
    Ref: Name
   Period:
    Ref: Period
   SslConnections:
    Ref: SslConnections
   Tags:
    Ref: Tags
   VSwitchId:
    Ref: VSwitchId
   VpcId:
    Ref: VpcId
  Type: ALIYUN::VPC::VpnGateway
Outputs:
 InternetIp:
  Description: The public IP address of the VPN gateway.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - InternetIp
 OrderId:
  Description: The order ID.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - OrderId
 Spec:
  Description: The specification of the VPN gateway.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - Spec
 SslMaxConnections:
  Description: The maximum number of concurrent SSL-VPN connections.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - SslMaxConnections
 VpnGatewayId:
  Description: ID of the VPN gateway.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - VpnGatewayId

JSON format

{
 "ROSTemplateFormatVersion": "2015-09-01",
 "Parameters": {
  "EnableIpsec": {
   "Type": "Boolean",
   "Description": "Whether to enable IPsec-VPN. The IPsec-VPN feature provides a site-to-site connection. You can securely connect your local data center network to a private network or two proprietary networks by creating an IPsec tunnel. Value:\nTrue (default): Enables the IPsec-VPN feature.\nFalse: The IPsec-VPN function is not enabled.",
   "AllowedValues": [
    "True",
    "true",
    "False",
    "false"
   ],
   "Default": true
  },
  "EnableSsl": {
   "Type": "Boolean",
   "Description": "Enable the SSL-VPN function. Provide point-to-site VPN connection, no need to configure customer gateway, terminal directly access. Value:\nTrue: Enable SSL-VPN.\nFalse (default): Does not enable SSL-VPN.",
   "AllowedValues": [
    "True",
    "true",
    "False",
    "false"
   ],
   "Default": false
  },
  "SslConnections": {
   "Type": "Number",
   "Description": "The maximum number of clients allowed to connect at the same time."
  },
  "Description": {
   "Type": "String",
   "Description": "Description of the VPN gateway.\nThe length is 2-256 characters and must start with a letter or Chinese, but cannot start with http:// or https://.",
   "MinLength": 2,
   "MaxLength": 256
  },
  "VpcId": {
   "Type": "String",
   "Description": "VPC ID to which the VPN gateway belongs."
  },
  "InstanceChargeType": {
   "Type": "String",
   "Description": "Accounting type of the VPN gateway, the value is:\nPREPAY, POSTPAY",
   "AllowedValues": [
    "PREPAY",
    "POSTPAY"
   ],
   "Default": "PREPAY"
  },
  "Bandwidth": {
   "Type": "Number",
   "Description": "The public network bandwidth of the VPN gateway, in Mbps.\nValue: 5|10|20|50|100|200.",
   "AllowedValues": [
    5,
    10,
    20,
    50,
    100,
    200
   ]
  },
  "VSwitchId": {
   "Type": "String",
   "Description": "The ID of the VSwitch to which the VPN gateway belongs."
  },
  "Period": {
   "Type": "Number",
   "Description": "Purchase time, value: 1~9|12|24|36.\nWhen the value of the InstanceChargeType parameter is PREPAY, this parameter is mandatory.",
   "AllowedValues": [
    1,
    2,
    3,
    4,
    5,
    6,
    7,
    8,
    9,
    12,
    24,
    36
   ]
  },
  "AutoPay": {
   "Type": "Boolean",
   "Description": "Whether to automatically pay the bill of the VPN gateway, the value:\nTrue: Automatically pays the bill for the VPN gateway.\nFalse (default): Does not automatically pay the bill for the VPN gateway.",
   "AllowedValues": [
    "True",
    "true",
    "False",
    "false"
   ],
   "Default": true
  },
  "Tags": {
   "Type": "Json",
   "Description": "Tags to attach to instance. Max support 20 tags to add during create instance. Each tag with two properties Key and Value, and Key is required.",
   "MaxLength": 20
  },
  "Name": {
   "Type": "String",
   "Description": "Name of the VPN gateway. The default value is the ID of the VPN gateway.\nThe length is 2~100 English or Chinese characters. It must start with a large or small letter or Chinese. It can contain numbers, underscores (_) and dashes (-). It cannot start with http:// or https://.",
   "MinLength": 2,
   "MaxLength": 100
  }
 },
 "Resources": {
  "VpnGateway": {
   "Type": "ALIYUN::VPC::VpnGateway",
   "Properties": {
    "EnableIpsec": {
     "Ref": "EnableIpsec"
    },
    "EnableSsl": {
     "Ref": "EnableSsl"
    },
    "SslConnections": {
     "Ref": "SslConnections"
    },
    "Description": {
     "Ref": "Description"
    },
    "VpcId": {
     "Ref": "VpcId"
    },
    "InstanceChargeType": {
     "Ref": "InstanceChargeType"
    },
    "Bandwidth": {
     "Ref": "Bandwidth"
    },
    "VSwitchId": {
     "Ref": "VSwitchId"
    },
    "Period": {
     "Ref": "Period"
    },
    "AutoPay": {
     "Ref": "AutoPay"
    },
    "Tags": {
     "Ref": "Tags"
    },
    "Name": {
     "Ref": "Name"
    }
   }
  }
 },
 "Outputs": {
  "InternetIp": {
   "Description": "The public IP address of the VPN gateway.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "InternetIp"
    ]
   }
  },
  "VpnGatewayId": {
   "Description": "ID of the VPN gateway.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "VpnGatewayId"
    ]
   }
  },
  "OrderId": {
   "Description": "The order ID.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "OrderId"
    ]
   }
  },
  "Spec": {
   "Description": "The specification of the VPN gateway.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "Spec"
    ]
   }
  },
  "SslMaxConnections": {
   "Description": "The maximum number of concurrent SSL-VPN connections.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "SslMaxConnections"
    ]
   }
  }
 }
}