All Products
Search
Document Center

VPN Gateway:ListIpsecServers

Last Updated:Feb 26, 2024

Queries IPsec servers.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
vpc:ListIpsecServersList
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
RegionIdstringYes

The ID of the region where the IPsec server is created.

You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou
IpsecServerNamestringNo

The name of the IPsec server.

The name must be 1 to 100 characters in length and cannot start with http:// or https://.

test
VpnGatewayIdstringNo

The ID of the VPN gateway.

vpn-bp1q8bgx4xnkm2ogj****
NextTokenstringNo

The pagination token that is used in the next request to retrieve a new page of results. Valid values:

  • If this is your first request and no next requests are to be performed, you do not need to specify this parameter.
  • You must specify the token that is obtained from the previous query as the value of NextToken.
caeba0bbb2be03f84eb48b699f0a****
MaxResultsintegerNo

The number of entries to return on each page. Valid values: 1 to 20. Default value: 10.

10
IpsecServerIdarrayNo

The ID of the IPsec server.

stringNo

The ID of the IPsec server. Valid values of N: 1 to 20.

iss-bp1bo3xuvcxo7ixll****
ResourceGroupIdstringNo

The ID of the resource group to which the IPsec server belongs.

The IPsec server has the same resource group as its associated VPN gateway instance.

You can call the DescribeVpnGateway operation to query the ID of the resource group to which the VPN gateway instance belongs.

rg-acfmzs372yg****

Response parameters

ParameterTypeDescriptionExample
object
NextTokenstring

A pagination token. It can be used in the next request to retrieve a new page of results. Valid values:

  • If no value is returned for NextToken, no next queries are sent.
  • If a value is returned for NextToken, the value can be used in the next request to retrieve a new page of results.
caeba0bbb2be03f84eb48b699f0a****
RequestIdstring

The request ID.

54B48E3D-DF70-471B-AA93-08E683A1B457
TotalCountinteger

The total number of entries returned.

10
MaxResultsinteger

The number of entries returned per page.

1
IpsecServersobject []

The list of IPsec servers.

CreationTimestring

The time when the IPsec server was created.

T is used as a delimiter. Z indicates that the time is in UTC.

2018-12-03T10:11:55Z
OnlineClientCountinteger

The number of clients that are connected to the IPsec server.

1
InternetIpstring

The public IP address of the VPN gateway.

47.22.XX.XX
IpsecServerNamestring

The name of the IPsec server.

test
IDaaSInstanceIdstring

The ID of the IDaaS instance.

idaas-cn-hangzhou-****
EffectImmediatelyboolean

Indicates whether the current IPsec tunnel is deleted and negotiations are reinitiated. Valid values:

  • true: immediately initiates negotiations after the configuration is completed.
  • false: initiates negotiations when inbound traffic is detected.
false
VpnGatewayIdstring

The ID of the VPN gateway.

vpn-bp1q8bgx4xnkm2ogj****
LocalSubnetstring

The local CIDR blocks, which refer to the CIDR blocks on the virtual private cloud (VPC) side.

192.168.0.0/16,172.17.0.0/16
Pskstring

The pre-shared key.

pgw6dy7d****
RegionIdstring

The ID of the region where the IPsec server is created.

cn-hangzhou
PskEnabledboolean

Indicates whether pre-shared key authentication is enabled. Only true may be returned, which indicates that pre-shared key authentication is enabled.

true
IpsecServerIdstring

The IPsec server ID.

iss-bp1bo3xuvcxo7ixll****
MultiFactorAuthEnabledboolean

Indicates whether two-factor authentication is enabled. Valid values:

  • true
  • false: The feature is disabled.
true
MaxConnectionsinteger

The number of SSL-VPN connections supported by the VPN gateway.

Note The number of SSL-VPN connections specified in this parameter includes both SSL-VPN and IPsec-VPN connections. For example, you have five SSL-VPN connections and three SSL clients occupy three SSL-VPN connections. In this case, two clients can connect to the IPsec server.
5
ClientIpPoolstring

The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.

10.0.0.0/24
IkeConfigobject

The configurations of Phase 1 negotiations.

RemoteIdstring

The identifier of the customer gateway. Both fully qualified domain names (FQDNs) and IP addresses are supported. By default, this parameter is empty.

139.67.XX.XX
IkeLifetimelong

The IKE lifetime. Unit: seconds.

86400
IkeEncAlgstring

The IKE encryption algorithm.

aes
LocalIdstring

The ID of the IPsec server. The default value is the public IP address of the VPN gateway. Both FQDNs and IP addresses are supported.

116.64.XX.XX
IkeModestring

The IKE negotiation mode. Valid values:

main: This mode offers higher security during negotiations.

main
IkeVersionstring

The IKE version.

ikev2
IkePfsstring

The Diffie-Hellman key exchange algorithm.

group2
IkeAuthAlgstring

The IKE authentication algorithm.

sha1
IpsecConfigobject

The configurations of Phase 2 negotiations.

IpsecAuthAlgstring

The IPsec authentication algorithm.

sha1
IpsecLifetimelong

The IPsec lifetime. Unit: seconds.

86400
IpsecEncAlgstring

The IPsec encryption algorithm.

aes
IpsecPfsstring

The Diffie-Hellman key exchange algorithm.

group2
ResourceGroupIdstring

The ID of the resource group to which the IPsec server belongs.

You can call the ListResourceGroups operation to query the resource group information.

rg-acfmzs372yg****

Examples

Sample success responses

JSONformat

{
  "NextToken": "caeba0bbb2be03f84eb48b699f0a****",
  "RequestId": "54B48E3D-DF70-471B-AA93-08E683A1B457",
  "TotalCount": 10,
  "MaxResults": 1,
  "IpsecServers": [
    {
      "CreationTime": "2018-12-03T10:11:55Z",
      "OnlineClientCount": 1,
      "InternetIp": "47.22.XX.XX",
      "IpsecServerName": "test",
      "IDaaSInstanceId": "idaas-cn-hangzhou-****",
      "EffectImmediately": false,
      "VpnGatewayId": "vpn-bp1q8bgx4xnkm2ogj****",
      "LocalSubnet": "192.168.0.0/16,172.17.0.0/16",
      "Psk": "pgw6dy7d****",
      "RegionId": "cn-hangzhou",
      "PskEnabled": true,
      "IpsecServerId": "iss-bp1bo3xuvcxo7ixll****",
      "MultiFactorAuthEnabled": true,
      "MaxConnections": 5,
      "ClientIpPool": "10.0.0.0/24",
      "IkeConfig": {
        "RemoteId": "139.67.XX.XX",
        "IkeLifetime": 86400,
        "IkeEncAlg": "aes",
        "LocalId": "116.64.XX.XX",
        "IkeMode": "main",
        "IkeVersion": "ikev2",
        "IkePfs": "group2",
        "IkeAuthAlg": "sha1"
      },
      "IpsecConfig": {
        "IpsecAuthAlg": "sha1",
        "IpsecLifetime": 86400,
        "IpsecEncAlg": "aes",
        "IpsecPfs": "group2"
      },
      "ResourceGroupId": "rg-acfmzs372yg****"
    }
  ]
}

Error codes

HTTP status codeError codeError messageDescription
400IllegalParam.NextTokenThe specified NextToken is invalid.The specified NextToken is invalid.
403ForbiddenUser not authorized to operate on the specified resource.You do not have the permissions to manage the specified resource. Apply for the permissions and try again.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-10-19API Description Update. The Error code has changed. The request parameters of the API has changed. The response structure of the API has changedsee changesets
Change itemChange content
API DescriptionAPI Description Update.
Error CodesThe Error code has changed.
    Error Codes 400 change
    delete Error Codes: 403
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: ResourceGroupId
Output ParametersThe response structure of the API has changed.