Creates an SSL-VPN server.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateSslVpnServer

The operation that you want to perform. Set the value to CreateSslVpnServer.

ClientIpPool String Yes 192.168.1.0/24

The CIDR block of the client.

The CIDR block that is allocated to the virtual network interface of the client. It is not the CIDR block where the client resides.

When the client accesses the server through an SSL-VPN connection, the VPN gateway selects an IP address from the specified CIDR block and assigns it to the client.

Note This CIDR block must not conflict with the value of LocalSubnet.
LocalSubnet String Yes 10.0.0.0/8

The local CIDR block.

The CIDR block to be accessed by the client through the SSL-VPN connection.

This value can be the CIDR block of a virtual private cloud (VPC), vSwitch, data center that is connected to a VPC through an Express Connect circuit, or Object Storage Service (OSS).

RegionId String Yes cn-shanghai

The ID of the region where the VPN gateway is created.

You can call the DescribeRegions operation to query region IDs.

VpnGatewayId String Yes vpn-bp1hgim8by0kc9nga****

The ID of the VPN gateway.

ClientToken String No 02fb3da4-130e-11e9-8e44-0016e04115b

The client token that is used to ensure the idempotence of the request.

You can use the client to generate a token, but you must ensure that it is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length.

Name String No sslvpnname

The name of the SSL-VPN server.

The name must be 2 to 128 characters in length, and can contain digits, periods (.), underscores (_), and hyphens (-). It must start with a letter and cannot start with http:// or https://.

Proto String No UDP

The protocol that is used by the SSL-VPN server. Valid values:

  • TCP: TCP
  • UDP (default): UDP
Cipher String No AES-128-CBC

The encryption algorithm that is used in the SSL-VPN connection. Valid values:

  • AES-128-CBC (default): the AES-128-CBC algorithm.
  • AES-192-CBC: the AES-192-CBC algorithm.
  • AES-256-CBC: the AES-256-CBC algorithm.
  • none: If you select this option, no encryption algorithm is used.
Port Integer No 1194

The port that is used by the SSL-VPN server. Default value: 1194. You cannot use the following ports:

22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, and 4500.

Compress Boolean No false

Specifies whether to enable data compression. Valid values:

  • true: enables data compression.
  • false (default): disables data compression.
EnableMultiFactorAuth Boolean No true

Specifies whether to enable two-factor authentication. Valid values:

  • true: enables two-factor authentication.
  • false (default): disables two-factor authentication.
Note To enable two-factor authentication, make sure that the VPN gateway is created after 00:00:00 (UTC+8), March 5, 2020. Only VPN gateways that are created after 00:00:00 (UTC+8), March 5, 2020 support two-factor authentication.
IDaaSInstanceId String No idaas-cn-hangzhou-p****

The ID of the IDaaS instance.
IDaaSRegionId String No cn-hangzhou

The ID of the region where the IDaaS instance is created.

Response parameters

Parameter Type Example Description
Name String test

The name of the SSL-VPN server.
RequestId String E98A9651-7098-40C7-8F85-C818D1EBBA85

The ID of the request.
SslVpnServerId String vss-bp18q7hzj6largv4v****

The ID of the SSL-VPN server.

Examples

Sample requests

http(s)://[Endpoint]/? Action=CreateSslVpnServer
&ClientIpPool=192.168.1.0/24
&LocalSubnet=10.0.0.0/8
&RegionId=cn-shanghai
&VpnGatewayId=vpn-bp1hgim8by0kc9nga****
&<Common request parameters>

Sample success responses

XML format 

<CreateSslVpnServerResponse>
      <RequestId>E98A9651-7098-40C7-8F85-C818D1EBBA85</RequestId>
      <SslVpnServerId>vss-bp18q7hzj6largv4v****</SslVpnServerId>
      <Name>test</Name>
</CreateSslVpnServerResponse>

JSON format 

{
    "RequestId": "E98A9651-7098-40C7-8F85-C818D1EBBA85",
    "SslVpnServerId": "vss-bp18q7hzj6largv4v****",
    "Name": "test"
}

Error codes

HttpCode Error code Error message Description
403 Forbbiden.SubUser User not authorized to operate on the specified resource as your account is created by another user. The error message returned because you are unauthorized to perform the operation on the specified resource. You can apply for the permissions and try again.
403 Forbidden User not authorized to operate on the specified resource. The error message returned because you are unauthorized to perform this operation on the specified resource. To obtain the required permissions, submit a ticket.
400 Resource.QuotaFull The quota of resource is full The error message returned because the quota is reached.
400 InvalidName The name is not valid The error message returned because the format of the specified name is invalid.
404 InvalidVpnGatewayInstanceId.NotFound The specified vpn gateway instance id does not exist. The error message returned because the specified VPN gateway does not exist. Check whether the configuration of the VPN gateway is valid.
400 VpnGateway.Configuring The specified service is configuring. The error message returned because the operation is not allowed when the specified service is being configured. Try again later.
400 VpnGateway.FinancialLocked The specified service is financial locked. The error message returned because the service is suspended due to overdue payments. Top up your account first.
400 QuotaExceeded.VpnRouteEntry The number of route entries to the VPN gateway in the VPC routing table has reached the quota limit. The error message returned because the number of routes that point to the VPN gateway in the VPC route table reaches the quota.

For a list of error codes, visit the API Error Center.