Help & DocumentationVirtual Private CloudAPI DocumentationVPC API 2017APIs for VPN GatewayAPIs for VPN TunnelModify VPN Tunnel
1. API Description
This API (ModifyVpnConnEx) is used to modify VPN tunnel.
Domain for API request: vpc.api.qcloud.com
2. Input Parameters
The following request parameter list only provides API request parameters. Common request parameters need to be added when the API is called. For more information, refer to Common Request Parameters. The Action field for this API is ModifyVpnConnEx.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| vpcId | Yes | string | Virtual private cloud ID, which can be vpcId or unVpcId. unVpcId is recommended. For example: vpc-03vihbk9. Can be queried via the API DescribeVpcEx. |
| vpnGwId | Yes | String | VPN gateway ID assigned by the system, which can be vpnGwId or unVpnGwId. unVpnGwId is recommended. |
| vpnConnId | Yes | String | VPN tunnel ID assigned by the system, which can be vpnConnId or unVpnConnId. unVpnConnId is recommended. |
| vpnConnName | No | String | Tunnel name; up to 60 characters. |
| preSharedKey | No | String | Pre-shared private key. |
| userGwCidrBlock.n | No | Array | CIDR address of the peer IP address range, multiple values can be entered. Specifies the IDC IP address range the VPC can communicate with, later upgraded to spdAcl (finer granularity). Either userGwCidrBlock or spdAcl must be entered. |
| spdAcl.n | No | Array | SPD rule group. You can specify which IP address range in the VPC can communicate with which IP address range in your IDC, upgraded from userGwCidrBlock. Either userGwCidrBlock or spdAcl must be entered. See the product instruction for details. |
| IKESet.n | No | Array | IKE configuration (Internet Key Exchange). IKE is provided with a self-protection mechanism. The network security protocol is configured by the user. |
| IPsecSet.n | No | Array | IPSec configuration. The IPSec secure session configuration is provided by Tencent Cloud. See VPN Connection-IPSec Configuration for details. |
IKE configuration details
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| IKESet.n.propoEncryAlgorithm | No | String | IKE configuration, encryption algorithm. Available values include 3des-cbc, aes-cbc-128, aes-cbc-192, aes-cbc-256 and des-cbc. The default is 3des-cbc. See the product instruction for details. |
| IKESet.n.propoAuthenAlgorithm | No | String | IKE configuration, authentication algorithm. Available values include md5 and sha. The default is md5. See the product instruction for details. |
| IKESet.n.exchangeMode | No | String | IKE configuration, negotiation mode. Available values include aggressive and main. The default is main. See the product instruction for details. |
| IKESet.n.localIdentity | No | String | IKE configuration, local identity type. Available values include address and fqdn. The default is address. See the product instruction for details. |
| IKESet.n.remoteIdentity | No | String | IKE configuration, peered identity type. Available values include address and fqdn. The default is address. See the product instruction for details. |
| IKESet.n.localAddress | No | String | IKE configuration, local identity. When address is selected for localIdentity, localAddress is required. localAddress is the public IP of the VPN gateway by default. See the product instruction for details. |
| IKESet.n.remoteAddress | No | String | IKE configuration, peered identity. When address is selected for remoteIdentity, remoteAddress is required. See the product instruction for details. |
| IKESet.n.localFqdnName | No | String | IKE configuration, local identity. When fqdn is selected for localIdentity, localFqdnName is required. See the product instruction for details. |
| IKESet.n.remoteFqdnName | No | String | IKE configuration, peered identity. When fqdn is selected for remoteIdentity, remoteFqdnName is required. See the product instruction for details. |
| IKESet.n.dhGroupName | No | String | IKE configuration, DH group, specifies the DH group used for exchanging the private key. Available values include group1, group2, group5, group14 and group24. See the product instruction for details. |
| IKESet.n.ikeSaLifetimeSeconds | No | Int | IKE configuration, IKE SA Lifetime, unit: second, sets the lifetime of IKE SA. Value range: 60-604800. See the product instruction for details. |
| encryptAlgorithm | No | String | IPsec configuration, encryption algorithm. Available values include 3des-cbc, aes-cbc-128, aes-cbc-192, aes-cbc-256, des-cbc and null. The default is 3des-cbc. See the product instruction for more details. |
IPsec configuration details
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| IPsecSet.n.integrityAlgorith | No | String | IPsec configuration, authentication algorithm. Available values include md5 and sha. The default is md5. See the product instruction for details. |
| IPsecSet.n.ipsecSaLifetimeSeconds | No | Int | IPsec configuration, IPsec SA lifetime(s), unit: second. Value range: 180-604800. See the product instruction for details. |
| IPsecSet.n.ipsecSaLifetimeTraffic | No | Int | IPsec configuration, IPsec SA lifetime(KB), unit: KB. Value range: 2560-604800. See the product instruction for details. |
| IPsecSet.n.pfsDhGroup | No | String | IPsec configuration, PFS. Available values include null, dh-group1, dh-group14, dh-group2, dh-group24 and dh-group5. The default is null. See the product instruction for details. |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| code | Int | Error code, 0: Succeeded; other values: Failed |
| message | String | Error message |
| data.taskId | Int | Task ID. The operation result can be queried with taskId. |
4. Error Codes
The following error code list only provides the business logic error codes for this API. For additional common error codes, refer to VPC Error Codes.
| Error code | Description |
|---|---|
| InvalidVpc.NotFound | VPC does not exist. Please check the information you entered. You can query the VPC via the API DescribeVpcEx. |
| InvalidVpnGw.NotFound | VPN gateway does not exist. Please check the information you entered. You can query the VPN gateway via the API DescribeVpnGw. |
| InvalidVpnGw.NotFound | VPN tunnel does not exist.Please check the information you entered. |
5. Example
Input
https://vpc.api.qcloud.com/v2/index.php?Action=ModifyVpnConnEx &<Common request parameters> &vpcId=vpc-03vihbk9 &vpnGwId=vpngw-kfldykuz &vpnConnId=vpnx-ol6bcqp0 &userGwCidrBlock.0=10.100.2.0/24 &preSharedKey=tencenttest
Output
{
"code": 0,
"message": "",
"data": {
"vpnGwId": "vpngw-kfldykuz",
"vpcConnId": "vpnx-ol6bcqp0",
"taskId": 12614,
"vpcConnStatus": 2,
"preSharedKey": "tencenttest",
"userGwSubnetList": [
"10.100.2.0\/24"
],
"userGwId": 315
}
}
