tencent cloud

Feedback

CreateVpnConnection

Last updated: 2023-08-23 14:11:10

1. API Description

Domain name for API request: vpc.tencentcloudapi.com.

This API is used to create a VPN tunnel.

Note:

This API is async. You can call the DescribeVpcTaskResult API to query the task result. When the task is completed, you can continue other tasks.

A maximum of 100 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: CreateVpnConnection.
Version Yes String Common Params. The value used for this API: 2017-03-12.
Region No String Common Params. This parameter is not required for this API.
VpnGatewayId Yes String The ID of the VPN gateway instance.
CustomerGatewayId Yes String The ID of the customer gateway, such as cgw-2wqq41m9. You can query the customer gateway by using the DescribeCustomerGateways API.
VpnConnectionName Yes String Gateway can be named freely, but the maximum length is 60 characters.
PreShareKey Yes String The pre-shared key.
VpcId No String VPC instance ID, which can be obtained from the VpcId field in the response of the DescribeVpcs API.
This parameter is optional for a CCN-based VPN tunnel.
SecurityPolicyDatabases.N No Array of SecurityPolicyDatabase The SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}. 10.0.0.5/24 is the VPC internal IP range, and 172.123.10.5/16 is the IDC IP range. The user specifies the IP range in the VPC that can communicate with the IP range in the IDC.
IKEOptionsSpecification No IKEOptionsSpecification Internet Key Exchange (IKE) configuration. IKE has a self-protection mechanism. The network security protocol is configured by the user.
IPSECOptionsSpecification No IPSECOptionsSpecification IPSec configuration. The IPSec secure session configuration is provided by Tencent Cloud.
Tags.N No Array of Tag Bound tags, such as [{"Key": "city", "Value": "shanghai"}].
EnableHealthCheck No Boolean Whether the tunnel health check is supported. The default value is False.
HealthCheckLocalIp No String Local IP of health check. It defaults to a random IP within 169.254.128.0/17.
HealthCheckRemoteIp No String Peer IP of health check. It defaults to a random IP within 169.254.128.0/17.
RouteType No String Tunnel type. Valid values: STATIC, StaticRoute, and Policy.
NegotiationType No String Negotiation type. Valid values: active (default value), passive and flowTrigger.
DpdEnable No Integer Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable)
DpdTimeout No String DPD timeout period. Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
DpdAction No String The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It’s valid when DpdEnable is 1.

3. Output Parameters

Parameter Name Type Description
VpnConnection VpnConnection Tunnel instance object.
RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

4. Example

Example1 Creating a VPN tunnel

This example shows you how to create a VPN tunnel.

Input Example

POST / HTTP/1.1
Host: vpc.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: CreateVpnConnection
<Common request parameters>

{
    "VpnConnectionName": "TEST_CONN",
    "PreShareKey": "654321",
    "VpcId": "vpc-gapcv96p",
    "Tags": [
        {
            "Value": "shanghai",
            "Key": "city"
        }
    ],
    "IPSECOptionsSpecification": {
        "PfsDhGroup": "NULL",
        "EncryptAlgorithm": "3DES-CBC",
        "IntegrityAlgorith": "MD5"
    },
    "SecurityPolicyDatabases": [
        {
            "LocalCidrBlock": "10.8.4.0/24",
            "RemoteCidrBlock": [
                "58.211.1.0/24"
            ]
        }
    ],
    "VpnGatewayId": "vpngw-1w9tue3d",
    "CustomerGatewayId": "cgw-qa9sxpy7",
    "IKEOptionsSpecification": {
        "IKEVersion": "IKEV1",
        "RemoteIdentity": "ADDRESS",
        "PropoAuthenAlgorithm": "MD5",
        "RemoteAddress": "1.2.3.4",
        "LocalIdentity": "ADDRESS",
        "LocalAddress": "58.211.2.5",
        "ExchangeMode": "MAIN",
        "PropoEncryAlgorithm": "3DES-CBC",
        "DhGroupName": "GROUP1"
    }
}

Output Example

{
    "Response": {
        "VpnConnection": {
            "VpcId": "vpc-kozprpc9",
            "VpnConnectionId": "vpnx-p0j11j28",
            "VpnConnectionName": "test-con",
            "VpnGatewayId": "vpngw-ecvft20x",
            "CustomerGatewayId": "cgw-7lhl5331",
            "State": "PENDING",
            "PreShareKey": "123456",
            "NegotiationType": "",
            "DpdEnable": -1,
            "DpdTimeout": "",
            "DpdAction": "",
            "VpnProto": "IPSEC",
            "EncryptProto": "IKE",
            "RouteType": "STATIC",
            "CreatedTime": "0000-00-00 00:00:00",
            "NetStatus": "",
            "SecurityPolicyDatabaseSet": [],
            "IKEOptionsSpecification": {
                "PropoEncryAlgorithm": "AES-CBC-256",
                "PropoAuthenAlgorithm": "SHA",
                "ExchangeMode": "AGGRESSIVE",
                "LocalIdentity": "ADDRESS",
                "RemoteIdentity": "ADDRESS",
                "LocalAddress": "122.152.199.99",
                "RemoteAddress": "39.97.38.104",
                "LocalFqdnName": "",
                "RemoteFqdnName": "",
                "DhGroupName": "GROUP2",
                "IKESaLifetimeSeconds": 86400,
                "IKEVersion": "IKEV1"
            },
            "IPSECOptionsSpecification": {
                "EncryptAlgorithm": "AES-CBC-256",
                "IntegrityAlgorith": "SHA1",
                "IPSECSaLifetimeSeconds": 3600,
                "IPSECSaLifetimeTraffic": 1843200,
                "PfsDhGroup": "NULL"
            },
            "EnableHealthCheck": false,
            "HealthCheckLocalIp": "",
            "HealthCheckRemoteIp": "",
            "HealthCheckStatus": "",
            "TagSet": []
        },
        "RequestId": "4b71dd4d-a3ee-4ac1-b99a-99d65f6443fd"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
InvalidParameter.Coexist The parameters cannot be specified at the same time.
InvalidParameterValue.Duplicate The input parameter already exists.
InvalidParameterValue.Empty Missing parameters.
InvalidParameterValue.Malformed Invalid input parameter format.
InvalidParameterValue.TagDuplicateKey Duplicate tag keys.
InvalidParameterValue.TagDuplicateResourceType Duplicate tag resource type.
InvalidParameterValue.TagInvalidKey Invalid tag key.
InvalidParameterValue.TagInvalidKeyLen Invalid tag key length.
InvalidParameterValue.TagInvalidVal Invalid tag key.
InvalidParameterValue.TagKeyNotExists The tag key does not exist.
InvalidParameterValue.TagNotAllocatedQuota Tags are not assigned quotas.
InvalidParameterValue.TagNotExisted The tag and value do not exist.
InvalidParameterValue.TagNotSupportTag Unsupported tag.
InvalidParameterValue.TagResourceFormatError 'The tag resource format error.
InvalidParameterValue.TagTimestampExceeded Exceeded the quota of tag timestamp.
InvalidParameterValue.TagValNotExists The tag value does not exist.
InvalidParameterValue.TooLong Invalid parameter value. The parameter value is too long.
InvalidParameterValue.VpcCidrConflict Destination IP address range conflicts with CIDR of the current VPC.
InvalidParameterValue.VpnConnCidrConflict Destination IP address range conflicts with CIDR block of the current VPC tunnel.
InvalidParameterValue.VpnConnHealthCheckIpConflict The destination IP of the probe cannot be within the IP range of the VPC.
LimitExceeded Quota limit is reached.
LimitExceeded.TagKeyExceeded Reached the upper limit of tag keys.
LimitExceeded.TagKeyPerResourceExceeded Reached the upper limit of tags keys per resource.
LimitExceeded.TagNotEnoughQuota Insufficient tag quota.
LimitExceeded.TagQuota Exceeded the tag quota. Unable to create resources.
LimitExceeded.TagQuotaExceeded Reached the upper limit of tag quota.
LimitExceeded.TagTagsExceeded Reached the number limit of tag keys.
ResourceInUse The resource is occupied.
ResourceNotFound The resource does not exist.
UnsupportedOperation Unsupported operation.
UnsupportedOperation.InvalidState Invalid resource status.
UnsupportedOperation.TagAllocate Tags are being assigned.
UnsupportedOperation.TagFree Tags are being released.
UnsupportedOperation.TagNotPermit Unauthorized for this tag.
UnsupportedOperation.TagSystemReservedTagKey The specified tag key is reserved for system usage.