Modify VPN Tunnel

Last updated: 2018-08-30 11:09:44

1. API Description

This API (ModifyVpnConnEx) is used to modify VPN tunnel.
Domain for API request: vpc.api.qcloud.com

2. Input Parameters

The following request parameter list only provides API request parameters. Common request parameters need to be added when the API is called. For more information, refer to Common Request Parameters. The Action field for this API is ModifyVpnConnEx.

Parameter Name Required Type Description
vpcId Yes string Virtual private cloud ID, which can be vpcId or unVpcId. unVpcId is recommended. For example: vpc-03vihbk9. Can be queried via the API DescribeVpcEx.
vpnGwId Yes String VPN gateway ID assigned by the system, which can be vpnGwId or unVpnGwId. unVpnGwId is recommended. For example: vpngw-dystbrkv. Can be queried via the API DescribeVpnGw.
vpnConnId Yes String VPN tunnel ID assigned by the system, which can be vpnConnId or unVpnConnId. unVpnConnId is recommended. For example: vpnx-ol6bcqp0. Can be queried via the API DescribeVpnConn.
vpnConnName No String Tunnel name; up to 60 characters.
preSharedKey No String Pre-shared private key.
userGwCidrBlock.n No Array CIDR address of the peer IP address range, multiple values can be entered. Specifies the IDC IP address range the VPC can communicate with, later upgraded to spdAcl (finer granularity). Either userGwCidrBlock or spdAcl must be entered.
spdAcl.n No Array SPD rule group. You can specify which IP address range in the VPC can communicate with which IP address range in your IDC, upgraded from userGwCidrBlock. Either userGwCidrBlock or spdAcl must be entered. See the product instruction for details.
IKESet.n No Array IKE configuration (Internet Key Exchange). IKE is provided with a self-protection mechanism. The network security protocol is configured by the user. See VPN Connection-IKE Configuration for details.
IPsecSet.n No Array IPSec configuration. The IPSec secure session configuration is provided by Tencent Cloud. See VPN Connection-IPSec Configuration for details.

IKE configuration details

Parameter Name Required Type Description
IKESet.n.propoEncryAlgorithm No String IKE configuration, encryption algorithm. Available values include 3des-cbc, aes-cbc-128, aes-cbc-192, aes-cbc-256 and des-cbc. The default is 3des-cbc. See the product instruction for details.
IKESet.n.propoAuthenAlgorithm No String IKE configuration, authentication algorithm. Available values include md5 and sha. The default is md5. See the product instruction for details.
IKESet.n.exchangeMode No String IKE configuration, negotiation mode. Available values include aggressive and main. The default is main. See the product instruction for details.
IKESet.n.localIdentity No String IKE configuration, local identity type. Available values include address and fqdn. The default is address. See the product instruction for details.
IKESet.n.remoteIdentity No String IKE configuration, peered identity type. Available values include address and fqdn. The default is address. See the product instruction for details.
IKESet.n.localAddress No String IKE configuration, local identity. When address is selected for localIdentity, localAddress is required. localAddress is the public IP of the VPN gateway by default. See the product instruction for details.
IKESet.n.remoteAddress No String IKE configuration, peered identity. When address is selected for remoteIdentity, remoteAddress is required. See the product instruction for details.
IKESet.n.localFqdnName No String IKE configuration, local identity. When fqdn is selected for localIdentity, localFqdnName is required. See the product instruction for details.
IKESet.n.remoteFqdnName No String IKE configuration, peered identity. When fqdn is selected for remoteIdentity, remoteFqdnName is required. See the product instruction for details.
IKESet.n.dhGroupName No String IKE configuration, DH group, specifies the DH group used for exchanging the private key. Available values include group1, group2, group5, group14 and group24. See the product instruction for details.
IKESet.n.ikeSaLifetimeSeconds No Int IKE configuration, IKE SA Lifetime, unit: second, sets the lifetime of IKE SA. Value range: 60-604800. See the product instruction for details.
encryptAlgorithm No String IPsec configuration, encryption algorithm. Available values include 3des-cbc, aes-cbc-128, aes-cbc-192, aes-cbc-256, des-cbc and null. The default is 3des-cbc. See the product instruction for more details.

IPsec configuration details

Parameter Name Required Type Description
IPsecSet.n.integrityAlgorith No String IPsec configuration, authentication algorithm. Available values include md5 and sha. The default is md5. See the product instruction for details.
IPsecSet.n.ipsecSaLifetimeSeconds No Int IPsec configuration, IPsec SA lifetime(s), unit: second. Value range: 180-604800. See the product instruction for details.
IPsecSet.n.ipsecSaLifetimeTraffic No Int IPsec configuration, IPsec SA lifetime(KB), unit: KB. Value range: 2560-604800. See the product instruction for details.
IPsecSet.n.pfsDhGroup No String IPsec configuration, PFS. Available values include null, dh-group1, dh-group14, dh-group2, dh-group24 and dh-group5. The default is null. See the product instruction for details.

3. Output Parameters

Parameter Name Type Description
code Int Error code, 0: Succeeded; other values: Failed
message String Error message
data.taskId Int Task ID. The operation result can be queried with taskId. For more information, refer to API for Querying Task Execution Result.

4. Error Codes

The following error code list only provides the business logic error codes for this API. For additional common error codes, refer to VPC Error Codes.

Error code Description
InvalidVpc.NotFound VPC does not exist. Please check the information you entered. You can query the VPC via the API DescribeVpcEx.
InvalidVpnGw.NotFound VPN gateway does not exist. Please check the information you entered. You can query the VPN gateway via the API DescribeVpnGw.
InvalidVpnGw.NotFound VPN tunnel does not exist.Please check the information you entered. You can query the VPN tunnel via the API DescribeVpnConn.

5. Example

Input


  https://vpc.api.qcloud.com/v2/index.php?Action=ModifyVpnConnEx
  &<Common request parameters>
  &vpcId=vpc-03vihbk9
  &vpnGwId=vpngw-kfldykuz
  &vpnConnId=vpnx-ol6bcqp0
  &userGwCidrBlock.0=10.100.2.0/24
  &preSharedKey=tencenttest

Output


{
    "code": 0,
    "message": "",
    "data": {
        "vpnGwId": "vpngw-kfldykuz",
        "vpcConnId": "vpnx-ol6bcqp0",
        "taskId": 12614,
        "vpcConnStatus": 2,
        "preSharedKey": "tencenttest",
        "userGwSubnetList": [
            "10.100.2.0\/24"
        ],
        "userGwId": 315
    }
}