Vpn
The tunnel options for a single VPN tunnel.
Constructors
Properties
The action to take after DPD timeout occurs. Specify `restart` to restart the IKE initiation. Specify `clear` to end the IKE session. Valid Values: `clear` | `none` | `restart` Default: `clear`
The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: `30`
Turn on or off tunnel endpoint lifecycle control feature.
The IKE versions that are permitted for the VPN tunnel. Valid values: `ikev1` | `ikev2`
Options for logging VPN tunnel activity.
One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: `2` | `14` | `15` | `16` | `17` | `18` | `19` | `20` | `21` | `22` | `23` | `24`
One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: `AES128` | `AES256` | `AES128-GCM-16` | `AES256-GCM-16`
One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: `SHA1` | `SHA2-256` | `SHA2-384` | `SHA2-512`
The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: `28800`
One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: `2` | `5` | `14` | `15` | `16` | `17` | `18` | `19` | `20` | `21` | `22` | `23` | `24`
One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: `AES128` | `AES256` | `AES128-GCM-16` | `AES256-GCM-16`
One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: `SHA1` | `SHA2-256` | `SHA2-384` | `SHA2-512`
The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for `Phase1LifetimeSeconds`. Default: `3600`
The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).
The percentage of the rekey window (determined by `RekeyMarginTimeSeconds`) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: `100`
The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for `RekeyFuzzPercentage`. Constraints: A value between 60 and half of `Phase2LifetimeSeconds`. Default: `270`
The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: `1024`
The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify `start` for AWS to initiate the IKE negotiation. Valid Values: `add` | `start` Default: `add`
The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. Constraints: A size /30 CIDR block from the `169.254.0.0/16` range. The following CIDR blocks are reserved and cannot be used:
The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. Constraints: A size /126 CIDR block from the local `fd00::/8` range.