CreateVpnConnection
Description
call the CreateVpnConnection interface to create an IPsec connection.
Request Method
POST
Request Path
/apsara/route/Vpc/CreateVpnConnection
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| LocalSubnet | BODY | string | Yes | 10.1.1.0/24,10.1.2.0/24 | The network segment on the VPC side that needs to be interconnected with the local IDC is used for second-stage negotiation. multiple network segments are separated by commas (,), for example: 192.168.1.0/24,192.168.2.0/24. |
| CustomerGatewayId | BODY | string | Yes | vpn-bp1q8bgx4xnk**** | ID of the user gateway. |
| AutoConfigRoute | BODY | boolean | No | true | whether to automatically configure routing, value: true: automatically configure routes. false(default): routing is not automatically configured. |
| version | BODY | string | No | 2016-01-01 | version of api |
| Name | BODY | string | No | IPsec | the name of the IPsec connection. /p> is 2-128 characters in length and must start with a letter or Chinese, and can contain numbers, half-width periods (.), underscores (_) and dashes (-), but you cannot use http:// or https:// start. |
| EffectImmediately | BODY | boolean | No | false | Whether to delete the IPsec tunnel that has been negotiated successfully and re-initiate negotiation. Value: true: negotiate immediately after the configuration is completed. false(default): negotiate when traffic enters. |
| RemoteSubnet | BODY | string | Yes | 10.10.1.0/24,10.10.2.0/24 | the network segment of the local IDC, used for the second phase of negotiation. multiple network segments are separated by commas (,), for example: 192.168.3.0/24,192.168.4.0/24. |
| VpnGatewayId | BODY | string | Yes | vpn-bp1q8bgx4xnkm**** | VPN gateway ID. |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| IpsecConfig | BODY | string | No | {"IpsecEncAlg":"aes","IpsecAuthAlg":"sha1","IpsecPfs":"group2","IpsecLifetime":86400} | configuration information for second phase negotiation: IpsecConfig.IpsecEncAlg: The encryption algorithm negotiated in the second stage, the value is:aes, aes192, aes256, des or 3des, default value:aes. IpsecConfig. IpsecAuthAlg: The authentication algorithm negotiated in the second stage, the value is:md5 or sha1, default value:md5. IpsecConfig. IpsecPfs: forward messages of all protocols. The Diffie-Hellman key exchange algorithm used in the second stage negotiation, with the value:group1, group2, group5, group14 or group24, default value:group2. IpsecConfig. IpsecLifetime: The life cycle of SA negotiated in the second stage. The value range is 0~86400, the unit is seconds, the default value is:86400. |
| RegionId | BODY | string | Yes | cn-qingdao-env66-d01 | the region ID where the IPsec connection is located. You can obtain the region ID by calling the DescribeRegions interface. |
| HealthCheckConfig | BODY | string | No | {"enable":"true","dip":"192.168.xx. 2","sip":"192.168.xx. 2","interval":"3","retry":"3"} | health check configuration information: HealthCheckConfig.enable: whether to turn on health check, value:true or false(default). HealthCheckConfig.dip: the destination IP address of the health check. HealthCheckConfig.sip: the source IP address of the health check. HealthCheckConfig.interval: the retry interval of health check, in seconds. HealthCheckConfig.retry: the number of retries for health check. |
| ClientToken | BODY | string | No | 02fb3da4-130e-11e9-8e44-001**** | client token, used to ensure the idempotence of the request. The parameter value is generated by the client. It must be unique between different requests, and the maximum value does not exceed 64 ASCII characters. |
| IkeConfig | BODY | string | No | {"IkeVersion":"ikev1","IkeMode":"main","IkeEncAlg":"aes","IkeAuthAlg":"sha1","IkePfs":"group2","IkeLifetime":86400} | configuration information for the first phase negotiation: IkeConfig.Psk: used for authentication between IPsec VPN gateway and user gateway. It is generated randomly by default, or you can specify the key manually. The length is limited to 100 characters. IkeConfig.IkeVersion: The version of the IKE protocol. Value:ikev1 or ikev2, default value:ikev1. IkeConfig.IkeMode:IKE V1 version of the negotiation mode. Value:main or aggressive, default value:main. IkeConfig.IkeEncAlg: The encryption algorithm negotiated in the first stage, the value:aes, aes192, aes256, des or 3des, default value:aes. IkeConfig.IkeAuthAlg: The authentication algorithm negotiated in the first stage, the value is:md5 or sha1, default value:md5. IkeConfig.IkePfs: The Diffie-Hellman key exchange algorithm used in the first phase of negotiation, the value:group1, group2, group5, group14 or group24, default value:group2. IkeConfig.IkeLifetime: The life cycle of SA negotiated in the first stage. The value range is 0~86400, the unit is seconds, the default value is:86400. IkeConfig.LocalIdIPsec: the identifier of the VPN gateway, the length is limited to 100 characters, and the default value is the public IP address of the VPN gateway. IkeConfig.RemoteId: the identification of the user gateway, the length is limited to 100 characters, and the default value is the public IP address of the user gateway. |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| RequestID | string | 1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC | Request id |
Example
Successful Response example
{
"RequestID":"1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}