Queries the diagnostic result of a VPN gateway.

Description

When you call the GetVpnGatewayDiagnoseResult operation, you must set one of the DiagnoseId and VpnGatewayId parameters.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes GetVpnGatewayDiagnoseResult

The operation that you want to perform. Set the value to GetVpnGatewayDiagnoseResult.

RegionId String Yes cn-qingdao

The region ID of the VPN gateway.

You can call the DescribeRegions operation to obtain the region ID.

DiagnoseId String No vpndgn-uf6kuxbe3iv028k3s****

The ID of the diagnostic.

When you call the DiagnoseVpnGateway operation, the system returns a corresponding ID.

VpnGatewayId String No vpn-uf6fzwp0ck3frwtbk****

The ID of the VPN gateway.

ClientToken String No 02fb3da4-130e-11e9-8e44-001****

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken can contain only ASCII characters.

Note If you do not set this parameter, ClientToken is set to the value of RequestId. The ID of each request may be different.

Response parameters

Parameter Type Example Description
BeginTime String 2022-12-15T05:28:57Z

The time when the diagnostic started.

The time follows the ISO8601 standard in the YYYY-MM-DDThh:mm:ssZ format. The time is displayed in UTC.

DiagnoseId String vpndgn-uf6sgneym02lxyuv4****

The ID of the diagnostic.

DiagnoseResult Array of DiagnoseResult

The information about the diagnostic items.

DiagnoseName String RouteEntryConflict

The diagnostic item.

  • RouteEntryConflict: route conflicts.
  • VpnRouteQuota: the quota of destination-based routes for the VPN gateway.
  • VpnIPsecQuota: the quota of IPsec-VPN connections for the VPN gateway.
  • VpnPbrRouteQuota: the quota of policy-based routes for the VPN gateway.
  • VcoConfigConsistency: the consistency of the IPsec-VPN connection.
  • VcoUserInternetIpConnectivity: Internet connectivity of the customer gateway.
  • VcoPrivateConnectivity: private network connectivity.

For more information about the diagnostic items, see Background information about quick diagnostics.

DiagnoseResultDescription String {\"targetIp\":\"192.168.0.1\",\"srcIp\":\"192.168.1.1\",\"rtt\":-1.0,\"lossRate\":100.0}

The diagnostic result.

The system returns different results for each diagnostic item.

  • RouteEntryConflict: information about route conflicts.
  • VpnRouteQuota:
    • quotaName: the quota ID of destination-based routes.
    • quantity: the quota of destination-based routes for the VPN gateway.
    • used: the number of destination-based routes created for the VPN gateway.
  • VpnIPsecQuota:
    • quotaName: the quota ID of IPsec-VPN connections.
    • quantity: the quota of IPsec-VPN connections for the VPN gateway.
    • used: the number of IPsec-VPN connections created for the VPN gateway.
  • VpnPbrRouteQuota:
    • quotaName: the quota ID of policy-based routes.
    • quantity: the quota of policy-based routes for the VPN gateway.
    • used: the number of policy-based routes created for the VPN gateway.
  • VcoConfigConsistency:
    • vcoLackConf: The system cannot obtain the configuration of the peer of the IPsec-VPN connection.
    • vcoRunningConf: the configurations that have been added to the peer of the IPsec-VPN connection.
    • vcoDiffConf: the configurations that are inconsistent between the local end and the peer.
    • vcoConf: the configurations that have been added to the local end.
  • VcoUserInternetIpConnectivity:
    • targetIp: the public IP address of the customer gateway.
    • rtt: the latency when the system accesses the public IP address of the customer gateway. Unit: milliseconds.
    • lossRate: the packet loss when the system accesses the public IP address of the customer gateway.
  • VcoPrivateConnectivity:
    • targetIp: the source IP address.
    • srcIp: the destination IP address.
    • rtt: the latency when the source IP address accesses the destination IP address. Unit: milliseconds.
    • lossRate: the packet loss when the source IP address accesses the destination IP address.
DiagnoseResultLevel String normal

The diagnostic result level.

  • normal
  • warning
  • error

For more information, see Background information about quick diagnostics.

FinishTime String 2022-12-15T05:29:08Z

The timestamp when the system finishes diagnosing the item.

The time follows the ISO8601 standard in the YYYY-MM-DDThh:mm:ssZ format. The time is displayed in UTC.

FinishedCount Integer 7

The number of diagnostic items that have been diagnosed.

RequestId String 312C4D5A-6563-5FC6-8C6E-A43A5A316FEB

The ID of the request.

ResourceInstanceId String vco-uf6huqsu63azl7mdp****

The ID of the resource that is diagnosed.

ResourceType String IPsec

The type of the resource.

The value is set to IPsec, which indicates an IPsec-VPN connection.

TotalCount Integer 7

The total number of diagnostic items.

VpnGatewayId String vpn-uf6fzwp0ck3frwtbk****

The ID of the VPN gateway.

Examples

Sample requests

http(s)://[Endpoint]/?Action=GetVpnGatewayDiagnoseResult
&RegionId=cn-qingdao
&DiagnoseId=vpndgn-uf6kuxbe3iv028k3s****
&VpnGatewayId=vpndgn-uf6sgneym02lxyuv4****
&ClientToken=02fb3da4-130e-11e9-8e44-001****
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<GetVpnGatewayDiagnoseResultResponse>
    <TotalCount>7</TotalCount>
    <FinishTime>2022-12-15T05:29:08Z</FinishTime>
    <RequestId>312C4D5A-6563-5FC6-8C6E-A43A5A316FEB</RequestId>
    <VpnGatewayId>vpn-uf6fzwp0ck3frwtbk****</VpnGatewayId>
    <FinishedCount>7</FinishedCount>
    <DiagnoseId>vpndgn-uf6sgneym02lxyuv4****</DiagnoseId>
    <BeginTime>2022-12-15T05:28:57Z</BeginTime>
    <ResourceType>IPsec</ResourceType>
    <ResourceInstanceId>vco-uf6huqsu63azl7mdp****</ResourceInstanceId>
    <DiagnoseResult>
        <DiagnoseResultLevel>normal</DiagnoseResultLevel>
        <DiagnoseResultDescription>No routing conflict</DiagnoseResultDescription>
        <DiagnoseName>RouteEntryConflict</DiagnoseName>
    </DiagnoseResult>
    <DiagnoseResult>
        <DiagnoseResultLevel>normal</DiagnoseResultLevel>
        <DiagnoseResultDescription>{"quotaName":"vpn_route_entry_quota","quantity":"30","used":"0"}</DiagnoseResultDescription>
        <DiagnoseName>VpnRouteQuota</DiagnoseName>
    </DiagnoseResult>
    <DiagnoseResult>
        <DiagnoseResultLevel>normal</DiagnoseResultLevel>
        <DiagnoseResultDescription>{"quotaName":"vpn_quota_ipsec_connetcions_num","quantity":"10","used":"1"}</DiagnoseResultDescription>
        <DiagnoseName>VpnIPsecQuota</DiagnoseName>
    </DiagnoseResult>
    <DiagnoseResult>
        <DiagnoseResultLevel>normal</DiagnoseResultLevel>
        <DiagnoseResultDescription>{"quotaName":"vpn_pbr_route_entry_quota","quantity":"20","used":"0"}</DiagnoseResultDescription>
        <DiagnoseName>VpnPbrRouteQuota</DiagnoseName>
    </DiagnoseResult>
    <DiagnoseResult>
        <DiagnoseResultLevel>warning</DiagnoseResultLevel>
        <DiagnoseResultDescription>{"vcoLackConf":["leftid","rightid","right","leftsubnets","rightsubnets","ike_auth_alg","ike_enc_alg","ike_lifetime","ipsec_auth_alg","ipsec_enc_alg","ipsec_lifetime","nat_traversal","dpd","ike_pfs","ipsec_pfs"],"vcoRunningConf":{},"vcoDiffConf":{},"vcoConf":{"ipsec_lifetime":"86400","ike_pfs":"group2","ike_enc_alg":"aes","leftsubnets":"0.0.0.0/0","nat_traversal":"true","leftid":"47.XX.XX.15","right":"1.XX.XX.1","rightsubnets":"0.0.0.0/0","ipsec_pfs":"group2","ike_auth_alg":"sha1","ike_lifetime":"86400","rightid":"1.XX.XX.1","dpd":"true","ipsec_auth_alg":"sha1","ipsec_enc_alg":"aes"}}</DiagnoseResultDescription>
        <DiagnoseName>VcoConfigConsistency</DiagnoseName>
    </DiagnoseResult>
    <DiagnoseResult>
        <DiagnoseResultLevel>error</DiagnoseResultLevel>
        <DiagnoseResultDescription>{"targetIp":"1.XX.XX.1","rtt":-1.0,"lossRate":100.0}</DiagnoseResultDescription>
        <DiagnoseName>VcoUserInternetIpConnectivity</DiagnoseName>
    </DiagnoseResult>
    <DiagnoseResult>
        <DiagnoseResultLevel>error</DiagnoseResultLevel>
        <DiagnoseResultDescription>{"targetIp":"192.168.0.1","srcIp":"192.168.1.1","rtt":-1.0,"lossRate":100.0}</DiagnoseResultDescription>
        <DiagnoseName>VcoPrivateConnectivity</DiagnoseName>
    </DiagnoseResult>
</GetVpnGatewayDiagnoseResultResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "TotalCount" : 7,
  "FinishTime" : "2022-12-15T05:29:08Z",
  "RequestId" : "312C4D5A-6563-5FC6-8C6E-A43A5A316FEB",
  "VpnGatewayId" : "vpn-uf6fzwp0ck3frwtbk****",
  "FinishedCount" : 7,
  "DiagnoseId" : "vpndgn-uf6sgneym02lxyuv4****",
  "BeginTime" : "2022-12-15T05:28:57Z",
  "ResourceType" : "IPsec",
  "ResourceInstanceId" : "vco-uf6huqsu63azl7mdp****",
  "DiagnoseResult" : [ {
    "DiagnoseResultLevel" : "normal",
    "DiagnoseResultDescription" : "No routing conflict",
    "DiagnoseName" : "RouteEntryConflict"
  }, {
    "DiagnoseResultLevel" : "normal",
    "DiagnoseResultDescription" : "{\"quotaName\":\"vpn_route_entry_quota\",\"quantity\":\"30\",\"used\":\"0\"}",
    "DiagnoseName" : "VpnRouteQuota"
  }, {
    "DiagnoseResultLevel" : "normal",
    "DiagnoseResultDescription" : "{\"quotaName\":\"vpn_quota_ipsec_connetcions_num\",\"quantity\":\"10\",\"used\":\"1\"}",
    "DiagnoseName" : "VpnIPsecQuota"
  }, {
    "DiagnoseResultLevel" : "normal",
    "DiagnoseResultDescription" : "{\"quotaName\":\"vpn_pbr_route_entry_quota\",\"quantity\":\"20\",\"used\":\"0\"}",
    "DiagnoseName" : "VpnPbrRouteQuota"
  }, {
    "DiagnoseResultLevel" : "warning",
    "DiagnoseResultDescription" : "{\"vcoLackConf\":[\"leftid\",\"rightid\",\"right\",\"leftsubnets\",\"rightsubnets\",\"ike_auth_alg\",\"ike_enc_alg\",\"ike_lifetime\",\"ipsec_auth_alg\",\"ipsec_enc_alg\",\"ipsec_lifetime\",\"nat_traversal\",\"dpd\",\"ike_pfs\",\"ipsec_pfs\"],\"vcoRunningConf\":{},\"vcoDiffConf\":{},\"vcoConf\":{\"ipsec_lifetime\":\"86400\",\"ike_pfs\":\"group2\",\"ike_enc_alg\":\"aes\",\"leftsubnets\":\"0.0.0.0/0\",\"nat_traversal\":\"true\",\"leftid\":\"47.XX.XX.15\",\"right\":\"1.XX.XX.1\",\"rightsubnets\":\"0.0.0.0/0\",\"ipsec_pfs\":\"group2\",\"ike_auth_alg\":\"sha1\",\"ike_lifetime\":\"86400\",\"rightid\":\"1.XX.XX.1\",\"dpd\":\"true\",\"ipsec_auth_alg\":\"sha1\",\"ipsec_enc_alg\":\"aes\"}}",
    "DiagnoseName" : "VcoConfigConsistency"
  }, {
    "DiagnoseResultLevel" : "error",
    "DiagnoseResultDescription" : "{\"targetIp\":\"1.XX.XX.1\",\"rtt\":-1.0,\"lossRate\":100.0}",
    "DiagnoseName" : "VcoUserInternetIpConnectivity"
  }, {
    "DiagnoseResultLevel" : "error",
    "DiagnoseResultDescription" : "{\"targetIp\":\"192.168.0.1\",\"srcIp\":\"192.168.1.1\",\"rtt\":-1.0,\"lossRate\":100.0}",
    "DiagnoseName" : "VcoPrivateConnectivity"
  } ]
}

Error codes

HttpCode Error code Error message Description
400 VpnGateway.Configuring The specified service is configuring. The error message returned because the operation is not allowed when the specified service is being configured. Try again later.
403 Forbidden User not authorized to operate on the specified resource. The error message returned because you are unauthorized to perform this operation on the specified resource. Acquire the required permissions and try again.
404 InvalidVpnGatewayInstanceId.NotFound The specified vpn gateway instance id does not exist. The error message returned because the specified VPN gateway does not exist. Check whether the specified VPN gateway is valid.

For a list of error codes, see Service error codes.