Queries IPsec servers.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | ListIpsecServers | The operation that you want to perform. Set the value to ListIpsecServers. |
RegionId | String | Yes | cn-hangzhou | The ID of the region where the IPsec server is created. You can call the DescribeRegions operation to query the most recent region list. |
IpsecServerName | String | No | test | The name of the IPsec server. The name must be 1 to 100 characters in length, and cannot start with |
VpnGatewayId | String | No | vpn-bp1q8bgx4xnkm2ogj**** | The ID of the VPN gateway. |
NextToken | String | No | caeba0bbb2be03f84eb48b699f0a**** | The token that is used for the next query. Valid values:
|
MaxResults | Integer | No | 10 | The number of entries to return on each page. Valid values: 1 to 20. Default value: 10. |
IpsecServerId.N | String | No | iss-bp1bo3xuvcxo7ixll**** | The ID of the IPsec server. Valid values of N: 1 to 20. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
NextToken | String | caeba0bbb2be03f84eb48b699f0a**** | The token that is used for the next query. Valid values:
|
RequestId | String | 54B48E3D-DF70-471B-AA93-08E683A1B457 | The ID of the request. |
TotalCount | Integer | 10 | The number of entries returned. |
MaxResults | Integer | 1 | The number of entries returned on each page. |
IpsecServers | Array of IpsecServer | The list of IPsec servers. | |
CreationTime | String | 2018-12-03T10:11:55Z | The time when the IPsec server was created. T is used as a delimiter. Z indicates that the time is in UTC. |
OnlineClientCount | Integer | 1 | The number of clients that are connected to the IPsec server. |
InternetIp | String | 47.22.XX.XX | The public IP address of the VPN gateway. |
IpsecServerName | String | test | The name of the IPsec server. |
IDaaSInstanceId | String | idaas-cn-hangzhou-**** | The ID of the Identity as a Service (IDaaS) instance. |
EffectImmediately | Boolean | false | Indicates whether the current IPsec tunnel is deleted and negotiations are reinitiated. Valid values:
|
VpnGatewayId | String | vpn-bp1q8bgx4xnkm2ogj**** | The ID of the VPN gateway. |
LocalSubnet | String | 192.168.0.0/16,172.17.0.0/16 | The local CIDR blocks, which refer to the CIDR blocks on the virtual private cloud (VPC) side. |
Psk | String | pgw6dy7d**** | The pre-shared key. |
RegionId | String | cn-hangzhou | The ID of the region where the IPsec server is created. |
PskEnabled | Boolean | true | Indicates whether pre-shared key authentication is enabled. Pre-shared key authentication is enabled only when the value is set to true. |
IpsecServerId | String | iss-bp1bo3xuvcxo7ixll**** | The ID of the IPsec server. |
MultiFactorAuthEnabled | Boolean | true | Indicates whether two-factor authentication is enabled. Valid values:
|
MaxConnections | Integer | 5 | The number of SSL-VPN connections supported by the VPN gateway. Note The number of SSL-VPN connections specified in this parameter includes both SSL-VPN and IPsec-VPN connections. For example, if a VPN gateway supports up to five SSL-VPN connections, and three SSL-VPN connections are already established to SSL clients. In this case, you can establish at most two connections to IPsec servers. |
ClientIpPool | String | 10.0.0.0/24 | The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client. |
IkeConfig | Object | The configurations of phase 1 negotiations. | |
RemoteId | String | 139.67.XX.XX | The identifier of the customer gateway. Both fully qualified domain names (FQDNs) and IP addresses are supported. By default, this parameter is empty. |
IkeLifetime | Long | 86400 | The IKE lifetime. Unit: seconds. |
IkeEncAlg | String | aes | The IKE encryption algorithm. |
LocalId | String | 116.64.XX.XX | The ID of the IPsec server. The default value is the public IP address of the VPN gateway. Both FQDNs and IP addresses are supported. |
IkeMode | String | main | The IKE negotiation mode. Valid values: main: This mode offers higher security during negotiations. |
IkeVersion | String | ikev2 | The IKE version. |
IkePfs | String | group2 | The Diffie-Hellman key exchange algorithm. |
IkeAuthAlg | String | sha1 | The IKE authentication algorithm. |
IpsecConfig | Object | The configuration of phase 2 negotiations. | |
IpsecAuthAlg | String | sha1 | The IPsec authentication algorithm. |
IpsecLifetime | Long | 86400 | The IPsec lifetime. Unit: seconds. |
IpsecEncAlg | String | aes | The IPsec encryption algorithm. |
IpsecPfs | String | group2 | The Diffie-Hellman key exchange algorithm. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=ListIpsecServers
&RegionId=cn-hangzhou
&IpsecServerName=test
&VpnGatewayId=vpn-bp1q8bgx4xnkm2ogj****
&NextToken=caeba0bbb2be03f84eb48b699f0a****
&MaxResults=10
&IpsecServerId=["iss-bp1bo3xuvcxo7ixll****"]
&Common request parameters
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<ListIpsecServersResponse>
<NextToken>caeba0bbb2be03f84eb48b699f0a****</NextToken>
<RequestId>54B48E3D-DF70-471B-AA93-08E683A1B457</RequestId>
<TotalCount>10</TotalCount>
<MaxResults>1</MaxResults>
<IpsecServers>
<CreationTime>2018-12-03T10:11:55Z</CreationTime>
<OnlineClientCount>1</OnlineClientCount>
<InternetIp>47.22.XX.XX</InternetIp>
<IpsecServerName>test</IpsecServerName>
<IDaaSInstanceId>idaas-cn-hangzhou-****</IDaaSInstanceId>
<EffectImmediately>false</EffectImmediately>
<VpnGatewayId>vpn-bp1q8bgx4xnkm2ogj****</VpnGatewayId>
<LocalSubnet>192.168.0.0/16,172.17.0.0/16</LocalSubnet>
<Psk>pgw6dy7d****</Psk>
<RegionId>cn-hangzhou</RegionId>
<PskEnabled>true</PskEnabled>
<IpsecServerId>iss-bp1bo3xuvcxo7ixll****</IpsecServerId>
<MultiFactorAuthEnabled>true</MultiFactorAuthEnabled>
<MaxConnections>5</MaxConnections>
<ClientIpPool>10.0.0.0/24</ClientIpPool>
<IkeConfig>
<RemoteId>139.67.XX.XX</RemoteId>
<IkeLifetime>86400</IkeLifetime>
<IkeEncAlg>aes</IkeEncAlg>
<LocalId>116.64.XX.XX</LocalId>
<IkeMode>main</IkeMode>
<IkeVersion>ikev2</IkeVersion>
<IkePfs>group2</IkePfs>
<IkeAuthAlg>sha1</IkeAuthAlg>
</IkeConfig>
<IpsecConfig>
<IpsecAuthAlg>sha1</IpsecAuthAlg>
<IpsecLifetime>86400</IpsecLifetime>
<IpsecEncAlg>aes</IpsecEncAlg>
<IpsecPfs>group2</IpsecPfs>
</IpsecConfig>
</IpsecServers>
</ListIpsecServersResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"NextToken" : "caeba0bbb2be03f84eb48b699f0a****",
"RequestId" : "54B48E3D-DF70-471B-AA93-08E683A1B457",
"TotalCount" : 10,
"MaxResults" : 1,
"IpsecServers" : [ {
"CreationTime" : "2018-12-03T10:11:55Z",
"OnlineClientCount" : 1,
"InternetIp" : "47.22.XX.XX",
"IpsecServerName" : "test",
"IDaaSInstanceId" : "idaas-cn-hangzhou-****",
"EffectImmediately" : false,
"VpnGatewayId" : "vpn-bp1q8bgx4xnkm2ogj****",
"LocalSubnet" : "192.168.0.0/16,172.17.0.0/16",
"Psk" : "pgw6dy7d****",
"RegionId" : "cn-hangzhou",
"PskEnabled" : true,
"IpsecServerId" : "iss-bp1bo3xuvcxo7ixll****",
"MultiFactorAuthEnabled" : true,
"MaxConnections" : 5,
"ClientIpPool" : "10.0.0.0/24",
"IkeConfig" : {
"RemoteId" : "139.67.XX.XX",
"IkeLifetime" : 86400,
"IkeEncAlg" : "aes",
"LocalId" : "116.64.XX.XX",
"IkeMode" : "main",
"IkeVersion" : "ikev2",
"IkePfs" : "group2",
"IkeAuthAlg" : "sha1"
},
"IpsecConfig" : {
"IpsecAuthAlg" : "sha1",
"IpsecLifetime" : 86400,
"IpsecEncAlg" : "aes",
"IpsecPfs" : "group2"
}
} ]
}
Error codes
HttpCode | Error code | Error message | Description |
---|---|---|---|
403 | Forbidden | User not authorized to operate on the specified resource. | The error message returned because you are not authorized to perform the operation on the specified resource. Acquire the required permissions and try again. |
For a list of error codes, visit the API Error Center.