Gateway
Provides a VPN Gateway Vpn Attachment resource. For information about VPN Gateway Vpn Attachment and how to use it, see What is Vpn Attachment.
NOTE: Available since v1.181.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "tf-example";
const _default = new alicloud.vpn.CustomerGateway("default", {
name: name,
ipAddress: "42.104.22.210",
asn: "45014",
description: name,
});
const defaultGatewayVpnAttachment = new alicloud.vpn.GatewayVpnAttachment("default", {
customerGatewayId: _default.id,
networkType: "public",
localSubnet: "0.0.0.0/0",
remoteSubnet: "0.0.0.0/0",
effectImmediately: false,
ikeConfig: {
ikeAuthAlg: "md5",
ikeEncAlg: "des",
ikeVersion: "ikev2",
ikeMode: "main",
ikeLifetime: 86400,
psk: "tf-testvpn2",
ikePfs: "group1",
remoteId: "testbob2",
localId: "testalice2",
},
ipsecConfig: {
ipsecPfs: "group5",
ipsecEncAlg: "des",
ipsecAuthAlg: "md5",
ipsecLifetime: 86400,
},
bgpConfig: {
enable: true,
localAsn: 45014,
tunnelCidr: "169.254.11.0/30",
localBgpIp: "169.254.11.1",
},
healthCheckConfig: {
enable: true,
sip: "192.168.1.1",
dip: "10.0.0.1",
interval: 10,
retry: 10,
policy: "revoke_route",
},
enableDpd: true,
enableNatTraversal: true,
vpnAttachmentName: name,
});Content copied to clipboard
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "tf-example"
default = alicloud.vpn.CustomerGateway("default",
name=name,
ip_address="42.104.22.210",
asn="45014",
description=name)
default_gateway_vpn_attachment = alicloud.vpn.GatewayVpnAttachment("default",
customer_gateway_id=default.id,
network_type="public",
local_subnet="0.0.0.0/0",
remote_subnet="0.0.0.0/0",
effect_immediately=False,
ike_config=alicloud.vpn.GatewayVpnAttachmentIkeConfigArgs(
ike_auth_alg="md5",
ike_enc_alg="des",
ike_version="ikev2",
ike_mode="main",
ike_lifetime=86400,
psk="tf-testvpn2",
ike_pfs="group1",
remote_id="testbob2",
local_id="testalice2",
),
ipsec_config=alicloud.vpn.GatewayVpnAttachmentIpsecConfigArgs(
ipsec_pfs="group5",
ipsec_enc_alg="des",
ipsec_auth_alg="md5",
ipsec_lifetime=86400,
),
bgp_config=alicloud.vpn.GatewayVpnAttachmentBgpConfigArgs(
enable=True,
local_asn=45014,
tunnel_cidr="169.254.11.0/30",
local_bgp_ip="169.254.11.1",
),
health_check_config=alicloud.vpn.GatewayVpnAttachmentHealthCheckConfigArgs(
enable=True,
sip="192.168.1.1",
dip="10.0.0.1",
interval=10,
retry=10,
policy="revoke_route",
),
enable_dpd=True,
enable_nat_traversal=True,
vpn_attachment_name=name)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "tf-example";
var @default = new AliCloud.Vpn.CustomerGateway("default", new()
{
Name = name,
IpAddress = "42.104.22.210",
Asn = "45014",
Description = name,
});
var defaultGatewayVpnAttachment = new AliCloud.Vpn.GatewayVpnAttachment("default", new()
{
CustomerGatewayId = @default.Id,
NetworkType = "public",
LocalSubnet = "0.0.0.0/0",
RemoteSubnet = "0.0.0.0/0",
EffectImmediately = false,
IkeConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIkeConfigArgs
{
IkeAuthAlg = "md5",
IkeEncAlg = "des",
IkeVersion = "ikev2",
IkeMode = "main",
IkeLifetime = 86400,
Psk = "tf-testvpn2",
IkePfs = "group1",
RemoteId = "testbob2",
LocalId = "testalice2",
},
IpsecConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIpsecConfigArgs
{
IpsecPfs = "group5",
IpsecEncAlg = "des",
IpsecAuthAlg = "md5",
IpsecLifetime = 86400,
},
BgpConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentBgpConfigArgs
{
Enable = true,
LocalAsn = 45014,
TunnelCidr = "169.254.11.0/30",
LocalBgpIp = "169.254.11.1",
},
HealthCheckConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentHealthCheckConfigArgs
{
Enable = true,
Sip = "192.168.1.1",
Dip = "10.0.0.1",
Interval = 10,
Retry = 10,
Policy = "revoke_route",
},
EnableDpd = true,
EnableNatTraversal = true,
VpnAttachmentName = name,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "tf-example"
if param := cfg.Get("name"); param != "" {
name = param
}
_, err := vpn.NewCustomerGateway(ctx, "default", &vpn.CustomerGatewayArgs{
Name: pulumi.String(name),
IpAddress: pulumi.String("42.104.22.210"),
Asn: pulumi.String("45014"),
Description: pulumi.String(name),
})
if err != nil {
return err
}
_, err = vpn.NewGatewayVpnAttachment(ctx, "default", &vpn.GatewayVpnAttachmentArgs{
CustomerGatewayId: _default.ID(),
NetworkType: pulumi.String("public"),
LocalSubnet: pulumi.String("0.0.0.0/0"),
RemoteSubnet: pulumi.String("0.0.0.0/0"),
EffectImmediately: pulumi.Bool(false),
IkeConfig: &vpn.GatewayVpnAttachmentIkeConfigArgs{
IkeAuthAlg: pulumi.String("md5"),
IkeEncAlg: pulumi.String("des"),
IkeVersion: pulumi.String("ikev2"),
IkeMode: pulumi.String("main"),
IkeLifetime: pulumi.Int(86400),
Psk: pulumi.String("tf-testvpn2"),
IkePfs: pulumi.String("group1"),
RemoteId: pulumi.String("testbob2"),
LocalId: pulumi.String("testalice2"),
},
IpsecConfig: &vpn.GatewayVpnAttachmentIpsecConfigArgs{
IpsecPfs: pulumi.String("group5"),
IpsecEncAlg: pulumi.String("des"),
IpsecAuthAlg: pulumi.String("md5"),
IpsecLifetime: pulumi.Int(86400),
},
BgpConfig: &vpn.GatewayVpnAttachmentBgpConfigArgs{
Enable: pulumi.Bool(true),
LocalAsn: pulumi.Int(45014),
TunnelCidr: pulumi.String("169.254.11.0/30"),
LocalBgpIp: pulumi.String("169.254.11.1"),
},
HealthCheckConfig: &vpn.GatewayVpnAttachmentHealthCheckConfigArgs{
Enable: pulumi.Bool(true),
Sip: pulumi.String("192.168.1.1"),
Dip: pulumi.String("10.0.0.1"),
Interval: pulumi.Int(10),
Retry: pulumi.Int(10),
Policy: pulumi.String("revoke_route"),
},
EnableDpd: pulumi.Bool(true),
EnableNatTraversal: pulumi.Bool(true),
VpnAttachmentName: pulumi.String(name),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.vpn.CustomerGateway;
import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
import com.pulumi.alicloud.vpn.GatewayVpnAttachment;
import com.pulumi.alicloud.vpn.GatewayVpnAttachmentArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentIkeConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentIpsecConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentBgpConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentHealthCheckConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("tf-example");
var default_ = new CustomerGateway("default", CustomerGatewayArgs.builder()
.name(name)
.ipAddress("42.104.22.210")
.asn("45014")
.description(name)
.build());
var defaultGatewayVpnAttachment = new GatewayVpnAttachment("defaultGatewayVpnAttachment", GatewayVpnAttachmentArgs.builder()
.customerGatewayId(default_.id())
.networkType("public")
.localSubnet("0.0.0.0/0")
.remoteSubnet("0.0.0.0/0")
.effectImmediately(false)
.ikeConfig(GatewayVpnAttachmentIkeConfigArgs.builder()
.ikeAuthAlg("md5")
.ikeEncAlg("des")
.ikeVersion("ikev2")
.ikeMode("main")
.ikeLifetime(86400)
.psk("tf-testvpn2")
.ikePfs("group1")
.remoteId("testbob2")
.localId("testalice2")
.build())
.ipsecConfig(GatewayVpnAttachmentIpsecConfigArgs.builder()
.ipsecPfs("group5")
.ipsecEncAlg("des")
.ipsecAuthAlg("md5")
.ipsecLifetime(86400)
.build())
.bgpConfig(GatewayVpnAttachmentBgpConfigArgs.builder()
.enable(true)
.localAsn(45014)
.tunnelCidr("169.254.11.0/30")
.localBgpIp("169.254.11.1")
.build())
.healthCheckConfig(GatewayVpnAttachmentHealthCheckConfigArgs.builder()
.enable(true)
.sip("192.168.1.1")
.dip("10.0.0.1")
.interval(10)
.retry(10)
.policy("revoke_route")
.build())
.enableDpd(true)
.enableNatTraversal(true)
.vpnAttachmentName(name)
.build());
}
}Content copied to clipboard
configuration:
name:
type: string
default: tf-example
resources:
default:
type: alicloud:vpn:CustomerGateway
properties:
name: ${name}
ipAddress: 42.104.22.210
asn: '45014'
description: ${name}
defaultGatewayVpnAttachment:
type: alicloud:vpn:GatewayVpnAttachment
name: default
properties:
customerGatewayId: ${default.id}
networkType: public
localSubnet: 0.0.0.0/0
remoteSubnet: 0.0.0.0/0
effectImmediately: false
ikeConfig:
ikeAuthAlg: md5
ikeEncAlg: des
ikeVersion: ikev2
ikeMode: main
ikeLifetime: 86400
psk: tf-testvpn2
ikePfs: group1
remoteId: testbob2
localId: testalice2
ipsecConfig:
ipsecPfs: group5
ipsecEncAlg: des
ipsecAuthAlg: md5
ipsecLifetime: 86400
bgpConfig:
enable: true
localAsn: 45014
tunnelCidr: 169.254.11.0/30
localBgpIp: 169.254.11.1
healthCheckConfig:
enable: true
sip: 192.168.1.1
dip: 10.0.0.1
interval: 10
retry: 10
policy: revoke_route
enableDpd: true
enableNatTraversal: true
vpnAttachmentName: ${name}Content copied to clipboard
Import
VPN Gateway Vpn Attachment can be imported using the id, e.g.
$ pulumi import alicloud:vpn/gatewayVpnAttachment:GatewayVpnAttachment example <id>Content copied to clipboard
Properties
Link copied to clipboard
Bgp configuration information. See bgp_config below.
Link copied to clipboard
The ID of the customer gateway. From version 1.196.0, customer_gateway_id can be modified.
Link copied to clipboard
Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
Link copied to clipboard
Allow NAT penetration.
Link copied to clipboard
Health check configuration information. See health_check_config below.
Link copied to clipboard
Configuration negotiated in the second stage. See ike_config below.
Link copied to clipboard
The VPN gateway IP.
Link copied to clipboard
Configuration negotiated in the second stage. See ipsec_config below.
Link copied to clipboard
The CIDR block of the virtual private cloud (VPC).
Link copied to clipboard
The network type of the IPsec connection. Valid values: public, private.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The CIDR block of the on-premises data center.
Link copied to clipboard
The name of the vpn attachment.