Queries IPsec servers.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ListIpsecServers

The operation that you want to perform. Set the value to ListIpsecServers.

RegionId String Yes cn-hangzhou

The ID of the region where the IPsec server is created.

IpsecServerId.N RepeatList No iss-bp1bo3xuvcxo7ixll****

The ID of the IPsec server.

IpsecServerName String No test

The name of the IPsec server.

VpnGatewayId String No vpn-bp1q8bgx4xnkm2ogj****

The ID of the VPN gateway.

NextToken String No caeba0bbb2be03f84eb48b699f0a****

The query token. Set the value to the NextToken value returned in the last call. If no subsequent queries are to be sent, leave this parameter empty.

MaxResults Integer No 10

The number of entries to return on each page. Valid values: 1 to 20. Default value: 10.

Response parameters

Parameter Type Example Description
IpsecServers Array of IpsecServer

The list of IPsec servers.

ClientIpPool String 10.XX.XX.0/24

The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.

CreationTime String 2018-12-03T10:11:55Z

The time when the IPsec server was created.

T is used as a delimiter. Z indicates that the time is in UTC.

EffectImmediately Boolean false

Indicates whether the current IPsec tunnel is deleted to reinitiate negotiations. Valid values:

  • true: negotiations are initiated after the configuration is complete.
  • false (default): negotiations are initiated when inbound traffic is detected.
IDaaSInstanceId String idaas-cn-hangzhou-****

The ID of the IDaaS instance.

IkeConfig Struct

The configuration of Phase 1 negotiations.

IkeAuthAlg String sha1

The IKE authentication algorithm.

IkeEncAlg String aes

The IKE encryption algorithm.

IkeLifetime Long 86400

The IKE lifetime. Unit: seconds.

IkeMode String main

The IKE negotiation mode.

IkePfs String group2

The Diffie-Hellman key exchange algorithm.

IkeVersion String ikev2

The IKE version.

LocalId String 116.XX.XX.64

The ID of the IPsec server. The default value is the public IP address of the VPN gateway. Both fully qualified domain names (FQDNs) and IP addresses are supported.

RemoteId String 139.XX.XX.167

The ID of the peer. Both FQDNs and IP addresses are supported. By default, this parameter is empty.

InternetIp String 47.XX.XX.246

The public IP address of the VPN gateway.

IpsecConfig Struct

The configuration of Phase 2 negotiations.

IpsecAuthAlg String sha1

The IPsec authentication algorithm.

IpsecEncAlg String aes

The IPsec encryption algorithm.

IpsecLifetime Long 86400

The IPsec lifetime. Unit: seconds.

IpsecPfs String group2

The Diffie-Hellman key exchange algorithm.

IpsecServerId String iss-bp1bo3xuvcxo7ixll****

The ID of the IPsec server.

IpsecServerName String test

The name of the IPsec server.

LocalSubnet String 1.XX.XX.0/24,1.XX.XX.0/24

The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client.

MaxConnections Integer 5

The number of SSL-VPN connections supported by the VPN gateway.

Note The number of SSL-VPN connections supported by a VPN gateway equals the sum of connections that can be established to SSL clients and the connections that can be established to IPsec servers. For example, if a VPN gateway supports up to five SSL-VPN connections, and three SSL-VPN connections are already established to SSL clients. In this case, you can establish at most two connections to IPsec servers.
MultiFactorAuthEnabled Boolean true

Indicates whether two-factor authentication is enabled. Valid values:

  • true: Two-factor authentication is enabled.
  • false: Two-factor authentication is disabled.
OnlineClientCount Integer 1

The number of clients that are connected to IPsec servers.

Psk String pgw6dy7d****

The pre-shared key.

PskEnabled Boolean true

Indicates whether pre-shared key authentication is enabled. Only if true is returned, pre-shared key authentication is enabled.

RegionId String cn-hangzhou

The ID of the region where the IPsec server is created.

VpnGatewayId String vpn-bp1q8bgx4xnkm2ogj****

The ID of the VPN gateway.

MaxResults Integer 1

The number of entries returned per page.

NextToken String caeba0bbb2be03f84eb48b699f0a****

The query token.

RequestId String 54B48E3D-DF70-471B-AA93-08E683A1B457

The ID of the request.

TotalCount Integer 10

The number of returned entries.

Examples

Sample requests

http(s)://[Endpoint]/? Action=ListIpsecServers
&RegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format

<ListIpsecServersResponse>
  <TotalCount>1</TotalCount>
  <IpsecServers>
        <LocalSubnet>192.168.1.0/24</LocalSubnet>
        <ClientIpPool>10.1.1.0/24</ClientIpPool>
        <MultiFactorAuthEnabled>false</MultiFactorAuthEnabled>
        <MaxConnections>10</MaxConnections>
        <IpsecServerId>iss-bp1bo3xuvcxo7ixll****</IpsecServerId>
        <Psk>so7suwy****</Psk>
        <PskEnabled>true</PskEnabled>
        <EffectImmediately>false</EffectImmediately>
        <InternetIp>47.XX.XX.246</InternetIp>
        <VpnGatewayId>vpn-bp17lofy9fd0****</VpnGatewayId>
        <OnlineClientCount>0</OnlineClientCount>
        <IpsecConfig>
              <IpsecPfs>group2</IpsecPfs>
              <IpsecEncAlg>aes</IpsecEncAlg>
              <IpsecAuthAlg>sha1</IpsecAuthAlg>
              <IpsecLifetime>86400</IpsecLifetime>
        </IpsecConfig>
        <CreationTime>2021-02-22T07:54:38Z</CreationTime>
        <RegionId>cn-hangzhou</RegionId>
        <IkeConfig>
              <IkeAuthAlg>sha1</IkeAuthAlg>
              <LocalId>47.XX.XX.246</LocalId>
              <IkeEncAlg>aes</IkeEncAlg>
              <IkeVersion>ikev2</IkeVersion>
              <IkeMode>main</IkeMode>
              <IkeLifetime>86400</IkeLifetime>
              <IkePfs>group2</IkePfs>
        </IkeConfig>
  </IpsecServers>
  <RequestId>66881D3C-07C1-402A-991E-26830E867B01</RequestId>
  <MaxResults>10</MaxResults>
</ListIpsecServersResponse>

JSON format

{
  "TotalCount": 1,
  "IpsecServers": [
    {
      "LocalSubnet": "192.168.1.0/24",
      "ClientIpPool": "10.1.1.0/24",
      "MultiFactorAuthEnabled": false,
      "MaxConnections": 10,
      "IpsecServerId": "iss-bp1bo3xuvcxo7ixll****",
      "Psk": "so7suwy****",
      "PskEnabled": true,
      "EffectImmediately": false,
      "InternetIp": "47.XX.XX.246",
      "VpnGatewayId": "vpn-bp17lofy9fd0****",
      "OnlineClientCount": 0,
      "IpsecConfig": {
        "IpsecPfs": "group2",
        "IpsecEncAlg": "aes",
        "IpsecAuthAlg": "sha1",
        "IpsecLifetime": 86400
      },
      "CreationTime": "2021-02-22T07:54:38Z",
      "RegionId": "cn-hangzhou",
      "IkeConfig": {
        "IkeAuthAlg": "sha1",
        "LocalId": "47.XX.XX.246",
        "IkeEncAlg": "aes",
        "IkeVersion": "ikev2",
        "IkeMode": "main",
        "IkeLifetime": 86400,
        "IkePfs": "group2"
      }
    }
  ],
  "RequestId": "66881D3C-07C1-402A-991E-26830E867B01",
  "MaxResults": 10
}

Error codes

HttpCode Error code Error message Description
403 Forbidden User not authorized to operate on the specified resource. The error message returned because you are unauthorized to perform this operation on the specified resource. To obtain the required permissions, submit a ticket.

For a list of error codes, visit the API Error Center.