Creates an SSL-VPN server.

Make the API call

You can use OpenAPI Explorer to make API calls, search for API calls, perform debugging, and generate SDK example code.

Request parameters

Parameter Type Required? Example value Description
Action String Yes CreateSslVpnServer

The name of this action. Value: CreateSslVpnServer

ClientIpPool String Yes

The CIDR block from which IP addresses are allocated to the virtual network interface card of the client. It is not the CIDR block of the client.

When the client accesses the local end through an SSL-VPN connection, the VPN Gateway allocates an IP address in the specified CIDR block to the client.

This CIDR block cannot conflict with LocalSubnet.

LocalSubnet String Yes

The CIDR block to be accessed by the client through the SSL-VPN connection.

The local CIDR block can be the CIDR block of the VPC, the CIDR block of the VSwitch, the CIDR block of the on-premises data center connected to the VPC through a physical connection, or the CIDR block of an Alibaba Cloud service, such as RDS and OSS.

RegionId String Yes cn-hangzhou

The ID of the region to which the VPN Gateway belongs

To query the region ID, call DescribeRegions.

VpnGatewayId String Yes vpn-bp1hgim8by0kc9nga****

The ID of the VPN Gateway.

ClientToken String No 02fb3da4-130e-11e9-8e44-0016e04115b

A client token used to guarantee the idempotence of requests.

This parameter value is generated by the client and must be unique. It must be 1 to 64 ASCII characters in length.

Name String No sslvpnname

The name of the SSL-VPN server.

The name must be 2 to 128 characters in length. It must start with a letter and can contain numbers, periods (.), underscores (_), and hyphens (-). It cannot start with http:// or https://.

Proto String No UDP

The protocol used by the SSL-VPN server. Valid values:

  • TCP: TCP protocol
  • UDP(default): UDP protocol
Cipher String No AES-128-CBC

The encryption algorithm used by the SSL-VPN server. Valid values:

  • AES-128-CBC (default): AES-128-CBC algorithm
  • AES-192-CBC: AES-192-CBC algorithm
  • AES-256-CBC: AES-256-CBC algorithm
  • none: No encryption algorithm is used.
Port Integer No 1194

The port used by the SSL-VPN server. Default value:1194 The following ports cannot be used:

22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, and 4500.

Compress Boolean No false

Indicates whether to compress the communication. Valid values:

  • true(default): Compresses the communication.
  • false: Do not compress the communication.

Response parameters

Parameter Type Example value Description
RequestId String E98A9651-7098-40C7-8F85-C818D1EBBA85

The ID of the request.

SslVpnServerId String vss-bp18q7hzj6largv4v****

The ID of the SSL-VPN server.

Name String test

The name of the SSL-VPN server.


Request example

http(s)://[Endpoint]/? Action=CreateSslVpnServer

Response example

XML format


JSON format

    "RequestId": "E98A9651-7098-40C7-8F85-C818D1EBBA85",
    "SslVpnServerId": "vss-bp18q7hzj6largv4v****",
    "Name": "test"


HTTP status code Error code Error message Description
403 Forbbiden.SubUser User not authorized to operate on the specified resource as your account is created by another user. You are not authorized to operate on this resource.
403 Forbidden User not authorized to operate on the specified resource. You are not authorized to operate on this resource.
400 Resource.QuotaFull The quota of resource is full The resource quota has been reached.
400 InvalidName The name is not valid The name format is invalid.
404 InvalidVpnGatewayInstanceId.NotFound The specified vpn gateway instance id does not exist. The specified VPN Gateway does not exist.
400 VpnGateway.Configuring The specified service is configuring. The specified service is being configured.
400 VpnGateway.FinancialLocked The specified service is financial locked. The specified service is locked due to insufficient account balance.

For a list of error codes, visit the API Error Center.