edit-icon download-icon

CreateVpnConnection

Last Updated: Apr 12, 2018

Description

Create an IPsec connection.

Request parameters

Name Type Required Description
Action String Yes

The action to perform.

Valid value: CreateVpnConnection

RegionId String Yes

The region of the IPsec connection.

You can obtain the region ID by calling the DescribeRegions API.

Token String No

A client token used to guarantee the idempotence of requests. This parameter value is generated by the client and must be unique. It cannot exceed 64 ASCII characters.

For more information, see How to ensure idempotence.

CustomerGatewayId String Yes The ID of the customer gateway.
VpnGatewayId String Yes The ID of the VPN gateway.
Name String No

The name of the IPsec connection.

  • The name must start with an English letter, but cannot start withhttp:// or https://.
  • The name can contain from 2 to 100 characters including a-z, A-Z, 0-9, underlines, and hyphens.
LocalSubnet String Yes

The CIDR block of the VPC to be connected with the local data center.

This parameter is used for phase-two negotiation. Separate multiple CIDR blocks by commas (,). For example, 192.168.1.0/24,192.168.2.0/24.

RemoteSubnet String Yes

The CIDR block of the local data center.

This parameter is used for phase-two negotiation. Separate multiple CIDR blocks by commas (,). For example, 192.168.3.0/24,192.168.4.0/24.

EffectImmediately Boolean No

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:

  • true: Negotiate immediately after the configuration is completed.
  • false (default): Negotiate when there is incoming traffic.

IkeConfig JSON string No

The configurations of phase-one negotiation:

  • IkeConfig.Psk: Used for authentication between the IPsec VPN gateway and the customer gateway. This parameter is generated randomly by default and can contain up to 100 characters. You can also mamually specify the key.
  • IkeConfig.IkeVersion: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1

  • <p>IkeConfig. IkeMode: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
  • IkeConfig. IkeEncAlg: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Valid value: aes

  • IkeConfig.IkeAuthAlg: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1. Default value: sha1

  • IkeConfig.IkePfs: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

  • IkeConfig.IkeLifetime: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

  • IkeConfig.LocalIdIPsec: The identification of the VPN gateway. This parameter can contain up to 100 characters and the default value is the public IP address of the VPN gateway.

  • IkeConfig.RemoteId: The identification of the customer gateway. This parameter can contain up to 100 characters and the default value is the public IP address of the customer gateway.

IpsecConfig JSON string No

The configurations of phase-two negotiation:

  • IpsecConfig.IpsecEncAlg: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

  • IpsecConfig. IpsecAuthAlg: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1. Default value: sha1

  • IpsecConfig. IpsecPfs: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

  • IpsecConfig. IpsecLifetime: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

Response parameters

Name Type Description
RequestId String The ID of the request.
VpnConnectionId String The ID of the IPsec connection.
CreateTime Long The creation time of the IPsec connection.
Name String The name of the IPsec connection.

Error codes

See VPC API Error Center.

Examples

Request example

  1. https://vpc.aliyuncs.com/?Action=CreateVpnConnection
  2. &RegionID=cn-beijing
  3. &CustomerGatewayId=cgw-bp1jrawp82av6bws9h2ut
  4. &VpnGatewayId=vpn-bp1q8bgx4xnkm2ogj0fiu
  5. &LocalSubnet=10.1.1.0/24
  6. &RemoteSubnet=192.1.1.0/24
  7. &<CommonParameters>

Response example

XML format

  1. <CreateVpnConnectionResponse>
  2. <VpnConnectionId>vco-bp1bbi27hojx80nck9k1i</VpnConnectionId>
  3. <CreateTime>1493363928000</CreateTime>
  4. </CreateVpnConnectionResponse>

JSON format

  1. {
  2. "VpnConnectionId":"vco-bp1bbi27hojx80nck9k1i",
  3. "CreateTime":1493363928000,
  4. }
Thank you! We've received your feedback.