All Products
Search
Document Center

Virtual Private Cloud:DownloadVpnConnectionConfig

Last Updated:Mar 04, 2024

Queries the configuration of an IPsec-VPN connection.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
vpc:DownloadVpnConnectionConfigRead
  • VpnConnection
    acs:vpc:{#regionId}:{#accountId}:vpnconnection/{#VpnConnectionId}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
RegionIdstringYes

The ID of the region where the IPsec-VPN connection is created.

You can call the DescribeRegions operation to query the most recent region list.

cn-shanghai
VpnConnectionIdstringYes

The ID of the IPsec-VPN connection.

vco-bp1bbi27hojx80nck****

Response parameters

ParameterTypeDescriptionExample
object

The returned data.

RequestIdstring

The request ID.

0C68048B-0F70-40DA-B8AE-1B79B5CF62E3
VpnConnectionConfigobject

The configurations of the peer gateway device.

Remotestring

The identifier of the VPN gateway.

116.62.XX.XX
Localstring

The identifier of the customer gateway.

139.196.XX.XX
RemoteSubnetstring

The CIDR block on the virtual private cloud (VPC) side.

192.168.0.0/16
LocalSubnetstring

The CIDR block on the data center side.

10.0.0.0/8
IkeConfigobject

The configurations of Phase 1 negotiations.

RemoteIdstring

The identifier of the VPN gateway. FQDN and IP formats are supported. The default value is the IP address of the VPN gateway.

139.196.XX.XX
IkeLifetimelong

The lifetime in the IKE phase. Unit: seconds.

86400
IkeEncAlgstring

The encryption algorithm in the IKE phase.

aes
LocalIdstring

The identifier of the customer gateway. FQDN and IP formats are supported. The default value is the IP address of the customer gateway.

116.62.XX.XX
IkeModestring

The IKE negotiation mode. Valid values:

  • main: This mode offers higher security during negotiations.
  • aggressive: This mode is faster and has a higher success rate.
main
IkeVersionstring

The IKE version.

ikev1
IkePfsstring

The DH group in the IKE phase.

group2
Pskstring

The pre-shared key.

pgw6dy7d1i8i****
IkeAuthAlgstring

The authentication algorithm in the IKE phase.

sha1
IpsecConfigobject

The configurations of Phase 2 negotiations.

IpsecAuthAlgstring

The authentication algorithm in the IPsec phase.

sha1
IpsecEncAlgstring

The encryption algorithm in the IPsec phase.

aes
IpsecLifetimelong

The lifetime in the IPsec phase. Unit: seconds.

86400
IpsecPfsstring

The DH group in the IPsec phase.

group2
TunnelsConfigobject []

The tunnel configurations of the peer gateway device.

The parameters in TunnelsConfig are returned only when the IPsec-VPN connection supports the dual-tunnel mode.

TunnelIdstring

The tunnel ID.

tun-opsqc4d97wni27****
Localstring

The identifier of the tunnel on the data center side.

47.21.XX.XX
Remotestring

The identifier of the tunnel on the Alibaba Cloud side.

47.24.XX.XX
IkeConfigobject

The configurations of Phase 1 negotiations.

Pskstring

The pre-shared key.

pgw6dy7d1i8i****
IkeVersionstring

The IKE version.

ikev1
IkeModestring

The IKE negotiation mode. Valid values:

  • main: This mode offers higher security during negotiations.
  • aggressive: This mode is faster and has a higher success rate.
main
IkeEncAlgstring

The encryption algorithm in the IKE phase.

aes
IkeAuthAlgstring

The authentication algorithm in the IKE phase.

sha1
IkePfsstring

The DH group in the IKE phase.

group2
IkeLifetimelong

The lifetime in the IKE phase. Unit: seconds.

86400
LocalIdstring

The identifier of the tunnel on the data center side.

47.21.XX.XX
RemoteIdstring

The identifier of the tunnel on the Alibaba Cloud side.

47.24.XX.XX
IpsecConfigobject

The configurations of Phase 2 negotiations.

IpsecAuthAlgstring

The authentication algorithm in the IPsec phase.

sha1
IpsecEncAlgstring

The encryption algorithm in the IPsec phase.

aes
IpsecPfsstring

The DH group in the IPsec phase.

group2
IpsecLifetimelong

The lifetime in the IPsec phase. Unit: seconds.

86400

Examples

Sample success responses

JSONformat

{
  "RequestId": "0C68048B-0F70-40DA-B8AE-1B79B5CF62E3",
  "VpnConnectionConfig": {
    "Remote": "116.62.XX.XX",
    "Local": "139.196.XX.XX",
    "RemoteSubnet": "192.168.0.0/16",
    "LocalSubnet": "10.0.0.0/8",
    "IkeConfig": {
      "RemoteId": "139.196.XX.XX",
      "IkeLifetime": 86400,
      "IkeEncAlg": "aes",
      "LocalId": "116.62.XX.XX",
      "IkeMode": "main",
      "IkeVersion": "ikev1",
      "IkePfs": "group2",
      "Psk": "pgw6dy7d1i8i****",
      "IkeAuthAlg": "sha1"
    },
    "IpsecConfig": {
      "IpsecAuthAlg": "sha1",
      "IpsecEncAlg": "aes",
      "IpsecLifetime": 86400,
      "IpsecPfs": "group2"
    },
    "TunnelsConfig": {
      "TunnelConfig": [
        {
          "TunnelId": "tun-opsqc4d97wni27****",
          "Local": "47.21.XX.XX",
          "Remote": "47.24.XX.XX",
          "IkeConfig": {
            "Psk": "pgw6dy7d1i8i****",
            "IkeVersion": "ikev1",
            "IkeMode": "main",
            "IkeEncAlg": "aes",
            "IkeAuthAlg": "sha1",
            "IkePfs": "group2",
            "IkeLifetime": 86400,
            "LocalId": "47.21.XX.XX",
            "RemoteId": "47.24.XX.XX"
          },
          "IpsecConfig": {
            "IpsecAuthAlg": "sha1",
            "IpsecEncAlg": "aes",
            "IpsecPfs": "group2",
            "IpsecLifetime": 86400
          }
        }
      ]
    }
  }
}

Error codes

HTTP status codeError codeError messageDescription
403Forbbiden.SubUserUser not authorized to operate on the specified resource as your account is created by another user.You are unauthorized to perform this operation on the specified resource. Acquire the required permissions and try again.
403ForbiddenUser not authorized to operate on the specified resource.You do not have the permissions to manage the specified resource. Apply for the permissions and try again.
404InvalidVpnConnectionInstanceId.NotFoundThe specified vpn connection instance id does not exist.The specified vpn connection instance id does not exist.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-08-01API Description Update. The Error code has changed. The response structure of the API has changedsee changesets
Change itemChange content
API DescriptionAPI Description Update.
Error CodesThe Error code has changed.
    delete Error Codes: 403
    delete Error Codes: 404
Output ParametersThe response structure of the API has changed.
2023-06-13The Error code has changed. The response structure of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 403
    delete Error Codes: 404
Output ParametersThe response structure of the API has changed.