tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Virtual Private Cloud
    Documentation
    Download PDF

    CreateVpnConnection

    Last updated: 2022-03-31 16:50:52
    Download PDF

    1. API Description

    Domain name for API request: vpc.tencentcloudapi.com.

    This API is used to create a VPN tunnel.

    Note:

    This API is async. You can call the DescribeVpcTaskResult API to query the task result. When the task is completed, you can continue other tasks.

    A maximum of 100 requests can be initiated per second for this API.

    We recommend you to use API Explorer
    Try it
    API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

    2. Input Parameters

    The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
    This document describes the parameters for Signature V1. It's recommended to use the V3 signature, which provides higher security. Note that for Signature V3, the common parameters need to be placed in the HTTP Header. See details.

    Parameter Name Required Type Description
    Action Yes String Common parameter. The value used for this API: CreateVpnConnection.
    Version Yes String Common parameter. The value used for this API: 2017-03-12.
    Region Yes String Common parameter. For more information, please see the list of regions supported by the product.
    VpnGatewayId Yes String The ID of the VPN gateway instance.
    CustomerGatewayId Yes String The ID of the customer gateway, such as cgw-2wqq41m9. You can query the customer gateway by using the DescribeCustomerGateways API.
    VpnConnectionName Yes String Gateway can be named freely, but the maximum length is 60 characters.
    PreShareKey Yes String The pre-shared key.
    VpcId No String VPC instance ID, which can be obtained from the VpcId field in the response of the DescribeVpcs API.
    This parameter is optional for a CCN-based VPN tunnel.
    SecurityPolicyDatabases.N No Array of SecurityPolicyDatabase The SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}. 10.0.0.5/24 is the VPC internal IP range, and 172.123.10.5/16 is the IDC IP range. The user specifies the IP range in the VPC that can communicate with the IP range in the IDC.
    IKEOptionsSpecification No IKEOptionsSpecification Internet Key Exchange (IKE) configuration. IKE has a self-protection mechanism. The network security protocol is configured by the user.
    IPSECOptionsSpecification No IPSECOptionsSpecification IPSec configuration. The IPSec secure session configuration is provided by Tencent Cloud.
    Tags.N No Array of Tag Bound tags, such as [{"Key": "city", "Value": "shanghai"}].
    EnableHealthCheck No Boolean Whether the tunnel health check is supported.
    HealthCheckLocalIp No String Local IP address for the health check
    HealthCheckRemoteIp No String Peer IP address for the health check
    RouteType No String Tunnel type. Valid values: STATIC, StaticRoute, and Policy.
    NegotiationType No String Negotiation type. Valid values: active (default value), passive and flowTrigger.
    DpdEnable No Integer Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable)
    DpdTimeout No String DPD timeout period. Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
    DpdAction No String The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It’s valid when DpdEnable is 1.

    3. Output Parameters

    Parameter Name Type Description
    VpnConnection VpnConnection Tunnel instance object.
    RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

    4. Example

    Example1 Creating a VPN tunnel

    Input Example

    https://vpc.tencentcloudapi.com/?Action=CreateVpnConnection
&VpcId=vpc-gapcv96p
&VpnGatewayId=vpngw-1w9tue3d
&CustomerGatewayId=cgw-qa9sxpy7
&VpnConnectionName=TEST_CONN
&PreShareKey=654321
&SecurityPolicyDatabases.0.LocalCidrBlock=10.8.4.0/24
&SecurityPolicyDatabases.0.RemoteCidrBlock.0=58.211.1.0/24
&IKEOptionsSpecification.DhGroupName=GROUP1
&IKEOptionsSpecification.ExchangeMode=MAIN
&IKEOptionsSpecification.IKEVersion=IKEV1
&IKEOptionsSpecification.LocalAddress=58.211.2.5
&IKEOptionsSpecification.LocalIdentity=ADDRESS
&IKEOptionsSpecification.PropoAuthenAlgorithm=MD5
&IKEOptionsSpecification.PropoEncryAlgorithm=3DES-CBC
&IKEOptionsSpecification.RemoteAddress=1.2.3.4
&IKEOptionsSpecification.RemoteIdentity=ADDRESS
&IPSECOptionsSpecification.EncryptAlgorithm=3DES-CBC
&IPSECOptionsSpecification.IntegrityAlgorith=MD5
&IPSECOptionsSpecification.PfsDhGroup=NULL
&Tags.0.Key=city
&Tags.0.Value=shanghai
&<Common request parameters>

    Output Example

    {
  "Response": {
    "VpnConnection": {
      "VpnConnectionId": "vpnr-12ds042",
      "VpnConnectionName": "TEST_CONN",
      "PreShareKey": "654321",
      "VpcId": "vpc-gapcv96p",
      "HealthCheckRemoteIp": "",
      "NetStatus": "",
      "EnableHealthCheck": true,
      "EncryptProto": "IKE",
      "VpnProto": "IPSEC",
      "IPSECOptionsSpecification": {
        "PfsDhGroup": "",
        "IPSECSaLifetimeTraffic": 1,
        "EncryptAlgorithm": "",
        "IPSECSaLifetimeSeconds": 1,
        "IntegrityAlgorith": ""
      },
      "SecurityPolicyDatabaseSet": [
        {
          "LocalCidrBlock": "10.8.4.0/24",
          "RemoteCidrBlock": [
            "58.211.1.0/24"
          ]
        }
      ],
      "State": "PENGDING",
      "HealthCheckLocalIp": "",
      "HealthCheckStatus": "",
      "VpnGatewayId": "vpngw-1w9tue3d",
      "CreatedTime": "2020-09-22 00:00:00",
      "CustomerGatewayId": "cgw-qa9sxpy7",
      "IKEOptionsSpecification": {
        "IKEVersion": "",
        "RemoteIdentity": "",
        "PropoAuthenAlgorithm": "",
        "RemoteAddress": "",
        "LocalFqdnName": "",
        "LocalIdentity": "",
        "LocalAddress": "",
        "RemoteFqdnName": "",
        "ExchangeMode": "",
        "IKESaLifetimeSeconds": 1,
        "PropoEncryAlgorithm": "",
        "DhGroupName": ""
      },
      "RouteType": "STATIC"
    },
    "RequestId": "74883e1b-5901-46de-ae1e-d6e2cf591c5b"
  }
}

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    InvalidParameter.Coexist The parameters cannot be specified at the same time.
    InvalidParameterValue.Malformed Invalid input parameter format.
    InvalidParameterValue.TooLong Invalid parameter value. The parameter value is too long.
    InvalidParameterValue.VpcCidrConflict Destination IP address range conflicts with CIDR of the current VPC.
    InvalidParameterValue.VpnConnCidrConflict Destination IP address range conflicts with CIDR block of the current VPC tunnel.
    InvalidParameterValue.VpnConnHealthCheckIpConflict The destination IP of the probe cannot be within the IP range of the VPC.
    LimitExceeded Quota limit is reached.
    ResourceInUse The resource is occupied.
    ResourceNotFound The resource does not exist.
    UnsupportedOperation Unsupported operation.
    UnsupportedOperation.InvalidState Invalid resource status.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Contact Us
    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    Submit a Ticket
    7x24 Phone Support
    tencent
    Copyright © 2013-2022 Tencent Cloud. All Rights Reserved.
    Privacy PolicyLegalCookie Policy