Queries the configuration of an IPsec-VPN connection.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DownloadVpnConnectionConfig

The operation that you want to perform. Set the value to DownloadVpnConnectionConfig.

RegionId String Yes cn-shanghai

The ID of the region where you want to create the IPsec-VPN connection.

You can call the DescribeRegions operation to query the most recent region list.

VpnConnectionId String Yes vco-bp1bbi27hojx80nck****

The ID of the IPsec-VPN connection.

Response parameters

Parameter Type Example Description
RequestId String 0C68048B-0F70-40DA-B8AE-1B79B5CF62E3

The ID of the request.

VpnConnectionConfig Object

The configuration of the IPsec-VPN connection.

Remote String 116.62.XX.XX

The identifier of the customer gateway.

Local String 139.196.XX.XX

The identifier of the VPN gateway.

RemoteSubnet String 192.168.0.0/16

The CIDR block on the data center side.

LocalSubnet String 10.0.0.0/8

The CIDR block on the virtual private cloud (VPC) side.

IkeConfig Object

The IKE configuration.

RemoteId String 139.196.XX.XX

The peer ID. The default value is the IP address of the customer gateway. You can specify the value as an IP address or in the fully qualified domain name (FQDN) format.

IkeLifetime Long 86400

The IKE lifetime. Unit: seconds.

IkeEncAlg String aes

The IKE encryption algorithm.

LocalId String 116.62.XX.XX

The local ID. The default value is the IP address of the VPN gateway. You can specify the value as an IP address or in the FQDN format.

IkeMode String main

The IKE mode. Valid values: main and aggressive. The main mode offers higher security. If NAT traversal is enabled, we recommend that you use the aggressive mode.

IkeVersion String ikev1

The IKE version.

IkePfs String group2

The DH group.

Psk String pgw6dy7d1i8i****

The pre-shared key.

IkeAuthAlg String sha1

The IKE authentication algorithm. Valid values: sha1 and MD5.

IpsecConfig Object

The configuration of the IPsec-VPN connection.

IpsecAuthAlg String sha1

The IPsec authentication algorithm. Valid values: sha1 and md5.

IpsecLifetime Long 86400

The IPsec lifetime. Unit: seconds.

IpsecEncAlg String aes

The IPsec encryption algorithm.

IpsecPfs String group2

The DH group.

Examples

Sample requests

https://vpc.aliyuncs.com/?Action=DownloadVpnConnectionConfig
&RegionId=cn-shanghai
&VpnConnectionId=vco-bp1bbi27hojx80nck****
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DownloadVpnConnectionConfigResponse>
    <RequestId>0C68048B-0F70-40DA-B8AE-1B79B5CF62E3</RequestId>
    <VpnConnectionConfig>
        <Remote>116.62.XX.XX</Remote>
        <Local>139.196.XX.XX</Local>
        <RemoteSubnet>192.168.0.0/16</RemoteSubnet>
        <LocalSubnet>10.0.0.0/8</LocalSubnet>
        <IkeConfig>
            <RemoteId>139.196.XX.XX</RemoteId>
            <IkeLifetime>86400</IkeLifetime>
            <IkeEncAlg>aes</IkeEncAlg>
            <LocalId>116.62.XX.XX</LocalId>
            <IkeMode>main</IkeMode>
            <IkeVersion>ikev1</IkeVersion>
            <IkePfs>group2</IkePfs>
            <Psk>pgw6dy7d1i8i****</Psk>
            <IkeAuthAlg>sha1</IkeAuthAlg>
        </IkeConfig>
        <IpsecConfig>
            <IpsecAuthAlg>sha1</IpsecAuthAlg>
            <IpsecLifetime>86400</IpsecLifetime>
            <IpsecEncAlg>aes</IpsecEncAlg>
            <IpsecPfs>group2</IpsecPfs>
        </IpsecConfig>
    </VpnConnectionConfig>
</DownloadVpnConnectionConfigResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "0C68048B-0F70-40DA-B8AE-1B79B5CF62E3",
  "VpnConnectionConfig" : {
    "Remote" : "116.62.XX.XX",
    "Local" : "139.196.XX.XX",
    "RemoteSubnet" : "192.168.0.0/16",
    "LocalSubnet" : "10.0.0.0/8",
    "IkeConfig" : {
      "RemoteId" : "139.196.XX.XX",
      "IkeLifetime" : 86400,
      "IkeEncAlg" : "aes",
      "LocalId" : "116.62.XX.XX",
      "IkeMode" : "main",
      "IkeVersion" : "ikev1",
      "IkePfs" : "group2",
      "Psk" : "pgw6dy7d1i8i****",
      "IkeAuthAlg" : "sha1"
    },
    "IpsecConfig" : {
      "IpsecAuthAlg" : "sha1",
      "IpsecLifetime" : 86400,
      "IpsecEncAlg" : "aes",
      "IpsecPfs" : "group2"
    }
  }
}

Error codes

HttpCode Error code Error message Description
403 Forbbiden.SubUser User not authorized to operate on the specified resource as your account is created by another user. The error message returned because you are unauthorized to perform this operation on the specified resource. Acquire the required permissions and try again.
403 Forbidden User not authorized to operate on the specified resource. The error message returned because you are unauthorized to perform this operation on the specified resource. You can apply for the required permissions and try again.
404 InvalidVpnConnectionInstanceId.NotFound The specified vpn connection instance id does not exist. The error message returned because the specified IPsec-VPN connection does not exist. Check whether the ID of the IPsec-VPN connection is valid.

For a list of error codes, visit the API Error Center.