Queries the detailed information of an IPsec connection.

Debug

By using API Explorer, you can easily debug APIs, automatically generate SDK code examples, and quickly search for APIs.

Request parameters

Parameter Type Required? Example value Description
Action String Yes DescribeVpnConnection

The name of this action. Value:

DescribeVpnConnection

RegionId String Yes cn-hangzhou

The ID of the region to which the IPsec connection belongs.

To query the region ID, call DescribeRegions.

VpnConnectionId String Yes vco-bp1bbi27hojx80nck9k1i

The ID of the IPsec connection.

Response parameters

Parameter Type Example value Description
VpnConnectionId String vco-bp1bbi27hojx80nck9k1i

The ID of the IPsec connection.

CustomerGatewayId String cgw-bp1mvj4g9kogwwcxknfuv

The ID of the customer gateway.

VpnGatewayId String vpn-bp1q8bgx4xnkm2ogj0fiu

The ID of the VPN Gateway.

Name String ipsec1

The name of the IPsec connection.

LocalSubnet String 1.1.1.0/24,1.1.2.0/24

The CIDR block of the VPC.

RemoteSubnet String 1.1.1.0/24,1.1.2.0/24

The CIDR block of the on-premises data center.

CreateTime Long 1492753817000

The time when the IPsec connection was created.

Status String ike_sa_not_established

The connection status. Valid values:

  • ike_sa_not_established: The phase one negotiation failed.
  • ike_sa_established: The phase one negotiation succeeded.
  • ipsec_sa_not_established: The phase two negotiation failed.
  • ipsec_sa_established: The phase two negotiation succeeded.
EffectImmediately Boolean true

Indicates whether the IPsec connection takes effect immediately.

  • true: Reconnection is triggered when there is a change to the network configuration.
  • false: Reconnection is triggered when traffic is detected over the network. Reconnection may cause intermittent disconnection.
IkeConfig N/A N/A

Configurations of phase one negotiation.

 └IkeAuthAlg String sha1

The IKE authentication algorithm. Both SHA-1 and MD5 are supported.

 └IkeEncAlg String aes

The IKE encryption algorithm.

 └IkeLifetime Long 86400

The IKE life time.

 └IkeMode String main

The IKE mode. Both the main mode and aggressive mode are supported.

The main mode features high security. If NAT traversal is enabled, we recommend that you select the aggressive mode.

 └IkePfs String group2

The DH group.

 └IkeVersion String ikev1

The IKE version.

 └LocalId String 116.62.69.64

The local ID. It is the IP address of the VPN Gateway by default. Both FQDN and IP formats are supported.

 └Psk String pgw6dy7d1i8in7x5

The pre-shared key.

 └RemoteId String 139.196.32.167

The peer ID. It is the IP address of the customer gateway by default. Both FQDN and IP formats are supported.

IpsecConfig N/A N/A

Configurations of phase two negotiation.

 └IpsecAuthAlg String sha1

The IPsec authentication algorithm. Both SHA-1 and MD5 are supported.

 └IpsecEncAlg String aes

The IPsec encryption algorithm.

 └IpsecLifetime Long 86400

The IPsec lifetime.

 └IpsecPfs String group2

The DH group.

RequestId String F2310D45-BCF6-4E2E-9082-B4503844BA4C

The ID of the request.

Examples

Request example


https://vpc.aliyuncs.com/?Action=DescribeVpnConnection
&RegionId=cn-hangzhou
&VpnConnectionId=vco-bp1bbi27hojx80nck9k1i
&<CommonParameters>
Response example
  • XML format

    <DescribeVpnConnectionResponse>
      <PageNumber>1</PageNumber>
      <VpnConnections>
        <VpnConnection>
          <Name>c2</Name>
          <CustomerGatewayId>cgw-bp1wl8dtz3auwlavwhgcw</CustomerGatewayId>
          <Status>ike_sa_not_established</Status>
          <RemoteSubnet>192.168.0.0/16</RemoteSubnet>
          <IpsecConfig>
            <IpsecLifetime>86400</IpsecLifetime>
            <IpsecAuthAlg>md5</IpsecAuthAlg>
            <IpsecPfs>group2</IpsecPfs>
            <IpsecEncAlg>aes</IpsecEncAlg>
          </IpsecConfig>
          <EffectImmediately>false</EffectImmediately>
          <VpnGatewayId>vpn-bp1yfrjxn4d5t63tbqq70</VpnGatewayId>
          <CreateTime>1519391420000</CreateTime>
          <VpnConnectionId>vco-bp1w3m1p23iftycvseuc2</VpnConnectionId>
          <LocalSubnet>172.16.0.0/12</LocalSubnet>
          <IkeConfig>
            <IkeEncAlg>aes</IkeEncAlg>
            <RemoteId>47.97.176.95</RemoteId>
            <IkePfs>group2</IkePfs>
            <IkeAuthAlg>sha1</IkeAuthAlg>
            <Psk>1234567</Psk>
            <IkeMode>aggressive</IkeMode>
            <IkeLifetime>86400</IkeLifetime>
            <IkeVersion>ikev1</IkeVersion>
            <LocalId>116.62.119.2</LocalId>
          </IkeConfig>
        </VpnConnection>
      </VpnConnections>
      <TotalCount>1</TotalCount>
      <PageSize>10</PageSize>
      <RequestId>7D598A10-26EF-44F2-9F47-E417842F3CEA</RequestId>
    </DescribeVpnConnectionResponse>
    
  • JSON format

    {
    	"PageNumber":1,
    	"VpnConnections":{
    		"VpnConnection":[
    			{
    				"CustomerGatewayId":"cgw-bp1wl8dtz3auwlavwhgcw",
    				"Name":"c2",
    				"Status":"ike_sa_not_established",
    				"RemoteSubnet":"192.168.0.0/16",
    				"IpsecConfig":{
    					"IpsecLifetime":86400,
    					"IpsecAuthAlg":"md5",
    					"IpsecPfs":"group2",
    					"IpsecEncAlg":"aes"
    				},
    				"VpnGatewayId":"vpn-bp1yfrjxn4d5t63tbqq70",
    				"EffectImmediately":false,
    				"VpnConnectionId":"vco-bp1w3m1p23iftycvseuc2",
    				"CreateTime":1519391420000,
    				"LocalSubnet":"172.16.0.0/12",
    				"IkeConfig":{
    					"IkeEncAlg":"aes",
    					"IkePfs":"group2",
    					"RemoteId":"47.97.176.95",
    					"IkeAuthAlg":"sha1",
    					"Psk":"1234567",
    					"IkeMode":"aggressive",
    					"IkeLifetime":86400,
    					"IkeVersion":"ikev1",
    					"LocalId":"116.62.119.2"
    				}
    			}
    		]
    	},
    	"TotalCount":1,
    	"PageSize":10,
    	"RequestId":"7D598A10-26EF-44F2-9F47-E417842F3CEA"
    }

Error codes

HTTP status code Error code Error message Description
403 Forbbiden.SubUser User not authorized to operate on the specified resource as your account is created by another user. You are not authorized to operate on this resource. Please apply for the permission and try again later.
403 Forbidden User not authorized to operate on the specified resource. You are not authorized to operate on this resource. For more information, open a ticket.
404 InvalidVpnConnectionInstanceId.NotFound The specified vpn connection instance id does not exist. The specified VPN connection does not exist. Check if the VPN link is correct.

See common error codes