search by keyword

Recent Pages

Documentation
Virtual Private Cloud
    Documentation
    Download PDF

    Modify VPN Tunnel

    Last updated: 2020-06-04 18:17:43
    Download PDF

      Note:

      This is a legacy API which has been hidden and will no longer be updated. We recommend using the new VPC API 3.0 which is standardized and faster.

      1. API Description

      This API (ModifyVpnConnEx) is used to modify VPN tunnel.
      Domain for API request: vpc.api.qcloud.com

      2. Input Parameters

      The following request parameter list only provides API request parameters. Common request parameters need to be added when the API is called. For more information, refer to Common Request Parameters. The Action field for this API is ModifyVpnConnEx.

      Parameter Name Required Type Description
      vpcId Yes string Virtual private cloud ID, which can be vpcId or unVpcId. unVpcId is recommended. For example: vpc-03vihbk9. Can be queried via the API DescribeVpcEx.
      vpnGwId Yes String VPN gateway ID assigned by the system, which can be vpnGwId or unVpnGwId. unVpnGwId is recommended.
      vpnConnId Yes String VPN tunnel ID assigned by the system, which can be vpnConnId or unVpnConnId. unVpnConnId is recommended.
      vpnConnName No String Tunnel name; up to 60 characters.
      preSharedKey No String Pre-shared private key.
      userGwCidrBlock.n No Array CIDR address of the peer IP address range, multiple values can be entered. Specifies the IDC IP address range the VPC can communicate with, later upgraded to spdAcl (finer granularity). Either userGwCidrBlock or spdAcl must be entered.
      spdAcl.n No Array SPD rule group. You can specify which IP address range in the VPC can communicate with which IP address range in your IDC, upgraded from userGwCidrBlock. Either userGwCidrBlock or spdAcl must be entered. See the product instruction for details.
      IKESet.n No Array IKE configuration (Internet Key Exchange). IKE is provided with a self-protection mechanism. The network security protocol is configured by the user.
      IPsecSet.n No Array IPSec configuration. The IPSec secure session configuration is provided by Tencent Cloud. See VPN Connection-IPSec Configuration for details.

      IKE configuration details

      Parameter Name Required Type Description
      IKESet.n.propoEncryAlgorithm No String IKE configuration, encryption algorithm. Available values include 3des-cbc, aes-cbc-128, aes-cbc-192, aes-cbc-256 and des-cbc. The default is 3des-cbc. See the product instruction for details.
      IKESet.n.propoAuthenAlgorithm No String IKE configuration, authentication algorithm. Available values include md5 and sha. The default is md5. See the product instruction for details.
      IKESet.n.exchangeMode No String IKE configuration, negotiation mode. Available values include aggressive and main. The default is main. See the product instruction for details.
      IKESet.n.localIdentity No String IKE configuration, local identity type. Available values include address and fqdn. The default is address. See the product instruction for details.
      IKESet.n.remoteIdentity No String IKE configuration, peered identity type. Available values include address and fqdn. The default is address. See the product instruction for details.
      IKESet.n.localAddress No String IKE configuration, local identity. When address is selected for localIdentity, localAddress is required. localAddress is the public IP of the VPN gateway by default. See the product instruction for details.
      IKESet.n.remoteAddress No String IKE configuration, peered identity. When address is selected for remoteIdentity, remoteAddress is required. See the product instruction for details.
      IKESet.n.localFqdnName No String IKE configuration, local identity. When fqdn is selected for localIdentity, localFqdnName is required. See the product instruction for details.
      IKESet.n.remoteFqdnName No String IKE configuration, peered identity. When fqdn is selected for remoteIdentity, remoteFqdnName is required. See the product instruction for details.
      IKESet.n.dhGroupName No String IKE configuration, DH group, specifies the DH group used for exchanging the private key. Available values include group1, group2, group5, group14 and group24. See the product instruction for details.
      IKESet.n.ikeSaLifetimeSeconds No Int IKE configuration, IKE SA Lifetime, unit: second, sets the lifetime of IKE SA. Value range: 60-604800. See the product instruction for details.
      encryptAlgorithm No String IPsec configuration, encryption algorithm. Available values include 3des-cbc, aes-cbc-128, aes-cbc-192, aes-cbc-256, des-cbc and null. The default is 3des-cbc. See the product instruction for more details.

      IPsec configuration details

      Parameter Name Required Type Description
      IPsecSet.n.integrityAlgorith No String IPsec configuration, authentication algorithm. Available values include md5 and sha. The default is md5. See the product instruction for details.
      IPsecSet.n.ipsecSaLifetimeSeconds No Int IPsec configuration, IPsec SA lifetime(s), unit: second. Value range: 180-604800. See the product instruction for details.
      IPsecSet.n.ipsecSaLifetimeTraffic No Int IPsec configuration, IPsec SA lifetime(KB), unit: KB. Value range: 2560-604800. See the product instruction for details.
      IPsecSet.n.pfsDhGroup No String IPsec configuration, PFS. Available values include null, dh-group1, dh-group14, dh-group2, dh-group24 and dh-group5. The default is null. See the product instruction for details.

      3. Output Parameters

      Parameter Name Type Description
      code Int Error code, 0: Succeeded; other values: Failed
      message String Error message
      data.taskId Int Task ID. The operation result can be queried with taskId.

      4. Error Codes

      The following error code list only provides the business logic error codes for this API. For additional common error codes, refer to VPC Error Codes.

      Error code Description
      InvalidVpc.NotFound VPC does not exist. Please check the information you entered. You can query the VPC via the API DescribeVpcEx.
      InvalidVpnGw.NotFound VPN gateway does not exist. Please check the information you entered. You can query the VPN gateway via the API DescribeVpnGw.
      InvalidVpnGw.NotFound VPN tunnel does not exist.Please check the information you entered.

      5. Example

      Input

      
  https://vpc.api.qcloud.com/v2/index.php?Action=ModifyVpnConnEx
  &<Common request parameters>
  &vpcId=vpc-03vihbk9
  &vpnGwId=vpngw-kfldykuz
  &vpnConnId=vpnx-ol6bcqp0
  &userGwCidrBlock.0=10.100.2.0/24
  &preSharedKey=tencenttest

      Output

      
{
    "code": 0,
    "message": "",
    "data": {
        "vpnGwId": "vpngw-kfldykuz",
        "vpcConnId": "vpnx-ol6bcqp0",
        "taskId": 12614,
        "vpcConnStatus": 2,
        "preSharedKey": "tencenttest",
        "userGwSubnetList": [
            "10.100.2.0\/24"
        ],
        "userGwId": 315
    }
}

      Was this page helpful?

      Confirm

      Was this page helpful?

      • Not at all
      • Not very helpful
      • Somewhat helpful
      • Very helpful
      • Extremely helpful
      Send Feedback
      Hide
      Submit a TicketContact Sales
      Help
      tencent
      Copyright © 2013-2020 Tencent Cloud. All Rights Reserved.
      Terms of ServicePrivacy PolicyCookie Policy