Domain name for API request: vpc.tencentcloudapi.com.
This API is used to create a VPN tunnel.
Note:
This API is async. You can call the
DescribeVpcTaskResult
API to query the task result. When the task is completed, you can continue other tasks.
A maximum of 100 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
This document describes the parameters for Signature V1. It's recommended to use the V3 signature, which provides higher security. Note that for Signature V3, the common parameters need to be placed in the HTTP Header. See details.
Parameter Name | Required | Type | Description |
---|---|---|---|
Action | Yes | String | Common parameter. The value used for this API: CreateVpnConnection. |
Version | Yes | String | Common parameter. The value used for this API: 2017-03-12. |
Region | Yes | String | Common parameter. For more information, please see the list of regions supported by the product. |
VpnGatewayId | Yes | String | The ID of the VPN gateway instance. |
CustomerGatewayId | Yes | String | The ID of the customer gateway, such as cgw-2wqq41m9 . You can query the customer gateway by using the DescribeCustomerGateways API. |
VpnConnectionName | Yes | String | Gateway can be named freely, but the maximum length is 60 characters. |
PreShareKey | Yes | String | The pre-shared key. |
VpcId | No | String | VPC instance ID, which can be obtained from the VpcId field in the response of the DescribeVpcs API.This parameter is optional for a CCN-based VPN tunnel. |
SecurityPolicyDatabases.N | No | Array of SecurityPolicyDatabase | The SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}. 10.0.0.5/24 is the VPC internal IP range, and 172.123.10.5/16 is the IDC IP range. The user specifies the IP range in the VPC that can communicate with the IP range in the IDC. |
IKEOptionsSpecification | No | IKEOptionsSpecification | Internet Key Exchange (IKE) configuration. IKE has a self-protection mechanism. The network security protocol is configured by the user. |
IPSECOptionsSpecification | No | IPSECOptionsSpecification | IPSec configuration. The IPSec secure session configuration is provided by Tencent Cloud. |
Tags.N | No | Array of Tag | Bound tags, such as [{"Key": "city", "Value": "shanghai"}]. |
EnableHealthCheck | No | Boolean | Whether the tunnel health check is supported. |
HealthCheckLocalIp | No | String | Local IP address for the health check |
HealthCheckRemoteIp | No | String | Peer IP address for the health check |
RouteType | No | String | Tunnel type. Valid values: STATIC , StaticRoute , and Policy . |
NegotiationType | No | String | Negotiation type. Valid values: active (default value), passive and flowTrigger . |
DpdEnable | No | Integer | Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable) |
DpdTimeout | No | String | DPD timeout period. Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1. |
DpdAction | No | String | The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It’s valid when DpdEnable is 1 . |
Parameter Name | Type | Description |
---|---|---|
VpnConnection | VpnConnection | Tunnel instance object. |
RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
https://vpc.tencentcloudapi.com/?Action=CreateVpnConnection
&VpcId=vpc-gapcv96p
&VpnGatewayId=vpngw-1w9tue3d
&CustomerGatewayId=cgw-qa9sxpy7
&VpnConnectionName=TEST_CONN
&PreShareKey=654321
&SecurityPolicyDatabases.0.LocalCidrBlock=10.8.4.0/24
&SecurityPolicyDatabases.0.RemoteCidrBlock.0=58.211.1.0/24
&IKEOptionsSpecification.DhGroupName=GROUP1
&IKEOptionsSpecification.ExchangeMode=MAIN
&IKEOptionsSpecification.IKEVersion=IKEV1
&IKEOptionsSpecification.LocalAddress=58.211.2.5
&IKEOptionsSpecification.LocalIdentity=ADDRESS
&IKEOptionsSpecification.PropoAuthenAlgorithm=MD5
&IKEOptionsSpecification.PropoEncryAlgorithm=3DES-CBC
&IKEOptionsSpecification.RemoteAddress=1.2.3.4
&IKEOptionsSpecification.RemoteIdentity=ADDRESS
&IPSECOptionsSpecification.EncryptAlgorithm=3DES-CBC
&IPSECOptionsSpecification.IntegrityAlgorith=MD5
&IPSECOptionsSpecification.PfsDhGroup=NULL
&Tags.0.Key=city
&Tags.0.Value=shanghai
&<Common request parameters>
{
"Response": {
"VpnConnection": {
"VpnConnectionId": "vpnr-12ds042",
"VpnConnectionName": "TEST_CONN",
"PreShareKey": "654321",
"VpcId": "vpc-gapcv96p",
"HealthCheckRemoteIp": "",
"NetStatus": "",
"EnableHealthCheck": true,
"EncryptProto": "IKE",
"VpnProto": "IPSEC",
"IPSECOptionsSpecification": {
"PfsDhGroup": "",
"IPSECSaLifetimeTraffic": 1,
"EncryptAlgorithm": "",
"IPSECSaLifetimeSeconds": 1,
"IntegrityAlgorith": ""
},
"SecurityPolicyDatabaseSet": [
{
"LocalCidrBlock": "10.8.4.0/24",
"RemoteCidrBlock": [
"58.211.1.0/24"
]
}
],
"State": "PENGDING",
"HealthCheckLocalIp": "",
"HealthCheckStatus": "",
"VpnGatewayId": "vpngw-1w9tue3d",
"CreatedTime": "2020-09-22 00:00:00",
"CustomerGatewayId": "cgw-qa9sxpy7",
"IKEOptionsSpecification": {
"IKEVersion": "",
"RemoteIdentity": "",
"PropoAuthenAlgorithm": "",
"RemoteAddress": "",
"LocalFqdnName": "",
"LocalIdentity": "",
"LocalAddress": "",
"RemoteFqdnName": "",
"ExchangeMode": "",
"IKESaLifetimeSeconds": 1,
"PropoEncryAlgorithm": "",
"DhGroupName": ""
},
"RouteType": "STATIC"
},
"RequestId": "74883e1b-5901-46de-ae1e-d6e2cf591c5b"
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
Error Code | Description |
---|---|
InvalidParameter.Coexist | The parameters cannot be specified at the same time. |
InvalidParameterValue.Malformed | Invalid input parameter format. |
InvalidParameterValue.TooLong | Invalid parameter value. The parameter value is too long. |
InvalidParameterValue.VpcCidrConflict | Destination IP address range conflicts with CIDR of the current VPC. |
InvalidParameterValue.VpnConnCidrConflict | Destination IP address range conflicts with CIDR block of the current VPC tunnel. |
InvalidParameterValue.VpnConnHealthCheckIpConflict | The destination IP of the probe cannot be within the IP range of the VPC. |
LimitExceeded | Quota limit is reached. |
ResourceInUse | The resource is occupied. |
ResourceNotFound | The resource does not exist. |
UnsupportedOperation | Unsupported operation. |
UnsupportedOperation.InvalidState | Invalid resource status. |
Was this page helpful?