Get
Constructors
Properties
attach type- CEN: indicates that the IPsec-VPN connection is associated with a transit router of a Cloud Enterprise Network (CEN) instance.- NO_ASSOCIATED: indicates that the IPsec-VPN connection is not associated with any resource.
Bgp configuration information.- This parameter is supported when you create an vpn attachment in single-tunnel mode.
IPsec connection status- ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.
The creation time of the resource
The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:- true: immediately starts IPsec negotiations after the configuration is complete.- false (default): starts IPsec negotiations when inbound traffic is received.
Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value: true or false (default).> before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
This parameter is supported if you create an vpn attachment in single-tunnel mode.Health check configuration information.
The configurations of Phase 1 negotiations. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
The local internet IP in Tunnel.
Configuration negotiated in the second stage. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
network type- public (default)- private
The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
The ID of the resource group
Configure the tunnel.-You can configure parameters in the tunnel_options_specification array when you create a vpn attachment in dual-tunnel mode.-When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment.
vpn attachment name
The first ID of the resource