Queries IPsec servers.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ListIpsecServers

The operation that you want to perform. Set the value to ListIpsecServers.

RegionId String Yes cn-hangzhou

The ID of the region where the IPsec server is created.

IpsecServerName String No test

The name of the IPsec server.

VpnGatewayId String No vpn-bp1q8bgx4xnkm2ogj****

The ID of the VPN gateway.

NextToken String No caeba0bbb2be03f84eb48b699f0a****

The token that is used for the next query. Valid values:

  • If this is your first query or no next query is to be sent, ignore this parameter.
  • If a next query is to be sent, set the value to the value of NextToken that is returned from the last call.
MaxResults Integer No 10

The number of entries to return on each page. Valid values: 1 to 20. Default value: 10.

Response parameters

Parameter Type Example Description
NextToken String caeba0bbb2be03f84eb48b699f0a****

The token that is used for the next query. Valid values:

  • If the value returned of NextToken is empty, it indicates that no next query is to be sent.
  • If the value returned of NextToken is not empty, the value indicates the token that is used for the next query.
RequestId String 54B48E3D-DF70-471B-AA93-08E683A1B457

The ID of the request.

TotalCount Integer 10

The number of entries returned.

MaxResults Integer 1

The number of entries to return on each page.

IpsecServers Array of IpsecServer

The list of IPsec servers.

CreationTime String 2018-12-03T10:11:55Z

The time when the IPsec server was created.

T is used as a delimiter. Z indicates that the time is in UTC.

OnlineClientCount Integer 1

The number of clients that are connected to the IPsec server.

InternetIp String 47.22.XX.XX

The public IP address of the VPN gateway.

IpsecServerName String test

The name of the IPsec server.

IDaaSInstanceId String idaas-cn-hangzhou-****

The ID of the Identity as a Service (IDaaS) instance.

EffectImmediately Boolean false

Indicates whether the current IPsec tunnel is deleted and negotiations are reinitiated. Valid values:

  • true: initiates negotiations after the configuration is completed.
  • false: initiates negotiations when inbound traffic is detected.
VpnGatewayId String vpn-bp1q8bgx4xnkm2ogj****

The ID of the VPN gateway.

LocalSubnet String 192.168.0.0/16,172.17.0.0/16

The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client.

Psk String pgw6dy7d****

The pre-shared key.

RegionId String cn-hangzhou

The ID of the region where the IPsec server is created.

PskEnabled Boolean true

Indicates whether pre-shared key authentication is enabled. Pre-shared key authentication is enabled only when the value is set to true.

IpsecServerId String iss-bp1bo3xuvcxo7ixll****

The ID of the IPsec server.

MultiFactorAuthEnabled Boolean true

Indicates whether two-factor authentication is enabled. Valid values:

  • true: enabled
  • false: disabled
MaxConnections Integer 5

The number of SSL-VPN connections supported by the VPN gateway.

Note The number of SSL connections specified in this parameter includes both SSL-VPN and IPsec-VPN connections. For example, if a VPN gateway supports up to five SSL-VPN connections, and three SSL-VPN connections are already established to SSL clients. In this case, you can establish at most two connections to IPsec servers.
ClientIpPool String 10.0.0.0/24

The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.

IkeConfig Object

The configurations of Phase 1 negotiations.

RemoteId String 139.67.XX.XX

The identifier of the customer gateway. Both fully qualified domain names (FQDNs) and IP addresses are supported. By default, this parameter is empty.

IkeLifetime Long 86400

The IKE lifetime. Unit: seconds.

IkeEncAlg String aes

The IKE encryption algorithm.

LocalId String 116.64.XX.XX

The ID of the IPsec server. The default value is the public IP address of the VPN gateway. Both FQDNs and IP addresses are supported.

IkeMode String main

The IKE negotiation mode.

IkeVersion String ikev2

The IKE version.

IkePfs String group2

The Diffie-Hellman key exchange algorithm.

IkeAuthAlg String sha1

The IKE authentication algorithm.

IpsecConfig Object

The configuration of Phase 2 negotiations.

IpsecAuthAlg String sha1

The IPsec authentication algorithm.

IpsecLifetime Long 86400

The IPsec lifetime. Unit: seconds.

IpsecEncAlg String aes

The IPsec encryption algorithm.

IpsecPfs String group2

The Diffie-Hellman key exchange algorithm.

Examples

Sample requests

http(s)://[Endpoint]/?Action=ListIpsecServers
&RegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<ListIpsecServersResponse>
    <NextToken>caeba0bbb2be03f84eb48b699f0a****</NextToken>
    <RequestId>54B48E3D-DF70-471B-AA93-08E683A1B457</RequestId>
    <TotalCount>10</TotalCount>
    <MaxResults>1</MaxResults>
    <IpsecServers>
        <CreationTime>2018-12-03T10:11:55Z</CreationTime>
        <OnlineClientCount>1</OnlineClientCount>
        <InternetIp>47.22.XX.XX</InternetIp>
        <IpsecServerName>test</IpsecServerName>
        <IDaaSInstanceId>idaas-cn-hangzhou-****</IDaaSInstanceId>
        <EffectImmediately>false</EffectImmediately>
        <VpnGatewayId>vpn-bp1q8bgx4xnkm2ogj****</VpnGatewayId>
        <LocalSubnet>192.168.0.0/16,172.17.0.0/16</LocalSubnet>
        <Psk>pgw6dy7d****</Psk>
        <RegionId>cn-hangzhou</RegionId>
        <PskEnabled>true</PskEnabled>
        <IpsecServerId>iss-bp1bo3xuvcxo7ixll****</IpsecServerId>
        <MultiFactorAuthEnabled>true</MultiFactorAuthEnabled>
        <MaxConnections>5</MaxConnections>
        <ClientIpPool>10.0.0.0/24</ClientIpPool>
        <IkeConfig>
            <RemoteId>139.67.XX.XX</RemoteId>
            <IkeLifetime>86400</IkeLifetime>
            <IkeEncAlg>aes</IkeEncAlg>
            <LocalId>116.64.XX.XX</LocalId>
            <IkeMode>main</IkeMode>
            <IkeVersion>ikev2</IkeVersion>
            <IkePfs>group2</IkePfs>
            <IkeAuthAlg>sha1</IkeAuthAlg>
        </IkeConfig>
        <IpsecConfig>
            <IpsecAuthAlg>sha1</IpsecAuthAlg>
            <IpsecLifetime>86400</IpsecLifetime>
            <IpsecEncAlg>aes</IpsecEncAlg>
            <IpsecPfs>group2</IpsecPfs>
        </IpsecConfig>
    </IpsecServers>
</ListIpsecServersResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "NextToken" : "caeba0bbb2be03f84eb48b699f0a****",
  "RequestId" : "54B48E3D-DF70-471B-AA93-08E683A1B457",
  "TotalCount" : 10,
  "MaxResults" : 1,
  "IpsecServers" : [ {
    "CreationTime" : "2018-12-03T10:11:55Z",
    "OnlineClientCount" : 1,
    "InternetIp" : "47.22.XX.XX",
    "IpsecServerName" : "test",
    "IDaaSInstanceId" : "idaas-cn-hangzhou-****",
    "EffectImmediately" : false,
    "VpnGatewayId" : "vpn-bp1q8bgx4xnkm2ogj****",
    "LocalSubnet" : "192.168.0.0/16,172.17.0.0/16",
    "Psk" : "pgw6dy7d****",
    "RegionId" : "cn-hangzhou",
    "PskEnabled" : true,
    "IpsecServerId" : "iss-bp1bo3xuvcxo7ixll****",
    "MultiFactorAuthEnabled" : true,
    "MaxConnections" : 5,
    "ClientIpPool" : "10.0.0.0/24",
    "IkeConfig" : {
      "RemoteId" : "139.67.XX.XX",
      "IkeLifetime" : 86400,
      "IkeEncAlg" : "aes",
      "LocalId" : "116.64.XX.XX",
      "IkeMode" : "main",
      "IkeVersion" : "ikev2",
      "IkePfs" : "group2",
      "IkeAuthAlg" : "sha1"
    },
    "IpsecConfig" : {
      "IpsecAuthAlg" : "sha1",
      "IpsecLifetime" : 86400,
      "IpsecEncAlg" : "aes",
      "IpsecPfs" : "group2"
    }
  } ]
}

Error codes

HttpCode Error code Error message Description
403 Forbidden User not authorized to operate on the specified resource. The error message returned because you are unauthorized to perform this operation on the specified resource. Apply for the required permissions and try again.

For a list of error codes, visit the API Error Center.