Creates an SSL-VPN server.


By using API Explorer, you can easily debug APIs, automatically generate SDK code examples, and quickly search for APIs.

Request parameters

Parameter Type Required? Example value Description
Action String Yes CreateSslVpnServer

The name of this action. Value:


ClientIpPool String Yes

The CIDR block from which IP addresses are allocated to the virtual network interface card of the client. It is not the CIDR block of the client. When the client accesses the local end through an SSL-VPN connection, the VPN Gateway allocates an IP address in the specified CIDR block to the client.

The CIDR block cannot conflict with the LocalSubnet.

LocalSubnet String Yes

The CIDR block to be accessed by the client through the SSL-VPN connection.

The local CIDR block can be the  CIDR block of the VPC, the CIDR block of the VSwitch, the CIDR block of the local data center connected to the VPC through a physical connection, or the CIDR block of an Alibaba Cloud service, such as RDS and OSS.

RegionId String Yes cn-hangzhou

The ID of the region to which the VPN Gateway belongs.

To query the region ID, call DescribeRegions.

VpnGatewayId String Yes vpn-bp1hgim8by0kc9nga5lg3

The ID of the VPN Gateway to be used.

Cipher String No AES-128-CBC

The encryption algorithm used by the SSL-VPN server. Valid values:

AES-128-CBC (default) | AES-192-CBC | AES-256-CBC | none

ClientToken String No 02fb3da4-130e-11e9-8e44-0016e04115b

A client token used to guarantee the idempotence of requests.

This parameter value is generated by the client and must be unique. It must be 1 to 64 ASCII characters in length.

Compress Boolean No false

Indicates whether to enable compression.

Name String No sslvpnname

The name of the SSL-VPN server.

The name must be 2 to 128 characters in length and can contain letters, numbers, periods (.), underscores (_), and hyphens (-). The name must start with a letter. It cannot start with http:// or https://.

Port Integer No 1194

The port used by the SSL-VPN server. Default value: 1194.

The following ports cannot be used: 22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, and 4500.

Proto String No UDP

The protocol used by the SSL-VPN server.

Valid values: UDP (default) | TCP

Response parameters

Parameter Type Example value Description
Name String test The name of the SSL-VPN server.
RequestId String E98A9651-7098-40C7-8F85-C818D1EBBA85 The ID of the request.
SslVpnServerId String vss-bp18q7hzj6largv4vk2fe The ID of the SSL-VPN server.


Request example
Response example
  • XML format

  • JSON format


Error codes

HTTP status code Error code Error message Description
403 Forbbiden.SubUser User not authorized to operate on the specified resource as your account is created by another user. You are not authorized to operate on this resource. Please apply for the permission and try again.
403 Forbidden User not authorized to operate on the specified resource. You are not authorized to operate on this resource. For more information, open a ticket.
400 Resource.QuotaFull The quota of resource is full The resource quota has been reached.
400 InvalidName The name is not valid The name format is invalid.
404 InvalidVpnGatewayInstanceId.NotFound The specified vpn gateway instance id does not exist. The specified VPN connection does not exist. Check that the VPN connection is correct.
400 VpnGateway.Configuring The specified service is configuring. The service is being configured. Please try again later.
400 VpnGateway.FinancialLocked The specified service is financial locked. The specified service has an overdue payment. Renew your account to settle the overdue payment.

See common error codes