更新时间:2024-07-18 GMT+08:00
示例五:创建服务端
操作场景
本章节指导用户通过调用API来创建VPN服务端。
前提条件
- 已成功创建包周期终端入云VPN网关。
- 已在云证书管理服务中购买或上传服务端证书,详情请参见购买SSL证书和上传已有SSL证书。
- 您需要确定调用API的Endpoint。
- 当您使用Token认证方式完成认证鉴权时,需要获取用户Token并在调用接口时增加“X-Auth-Token”到业务接口请求消息头中。Token认证,具体操作请参考认证鉴权章节。
通过IAM服务获取到的Token有效期为24小时,需要使用同一个Token鉴权时,可以先将Token缓存,避免频繁调用。
数据准备
VPN服务端支持两种认证方式,分别为证书认证和口令认证。
参数 |
说明 |
取值样例 |
|---|---|---|
p2c_vgw_id |
终端入云网关ID |
595210dc-7998-4ba3-aeb9-516fbcf7853c |
client_cidr |
客户端网段 |
100.10.1.0/24 |
local_subnets |
本端网段列表 |
192.168.0.0/24,192.168.1.0/24 |
server_certificate.id |
服务端证书ID,为云证书管理服务中的证书ID |
scs1717051012106 |
client_ca_certificate.content |
客户端CA证书内容 |
-----BEGIN CERTIFICATE-----******-----END CERTIFICATE----- |
参数 |
说明 |
取值样例 |
|---|---|---|
p2c_vgw_id |
终端入云网关ID,为预先已创建的网关ID |
dea8c4fb-be5c-4d50-be9a-f9a5f3a9afc6 |
client_cidr |
客户端网段 |
100.10.2.0/24 |
local_subnets |
本端网段列表 |
192.168.0.0/24,192.168.1.0/24 |
server_certificate.id |
服务端证书ID,为云证书管理服务中的证书ID |
scs1717051012106 |
操作步骤
- 创建VPN服务端。
- 发送“POST https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers”,project_id为项目ID。{p2c_vgw_id}为已创建的终端入云VPN网关ID。
- 在Request Header中增加“X-Auth-Token”。
- 在Request Body中传入参数。
{ "vpn_server": { "tunnel_protocol": "SSL", "client_cidr": "100.10.1.0/24", "local_subnets": [ "192.168.0.0/24", "192.168.1.0/24" ], "client_auth_type": "CERT", "server_certificate": { "id": "scs1717051012106" }, "client_ca_certificates": [ { "content" : "-----BEGIN CERTIFICATE-----******-----END CERTIFICATE-----" } ], "ssl_options": { "protocol": "TCP", "port": 443, "encryption_algorithm": "AES-128-GCM", "is_compressed": false } } }口令认证方式传入参数如下:
{ "vpn_server": { "tunnel_protocol": "SSL", "client_cidr": "100.10.2.0/24", "local_subnets": [ "192.168.0.0/24", "192.168.1.0/24" ], "client_auth_type": "LOCAL_PASSWORD", "server_certificate": { "id": "scs1717051012106" }, "ssl_options": { "protocol": "TCP", "port": 443, "encryption_algorithm": "AES-128-GCM", "is_compressed": false } } } - 查看请求响应结果。
{ "vpn_server": { "id": "0e325fb6-83b9-4004-a343-8b6fc714a5d9" }, "request_id": "bf23a5884def9be4576cff33e4dd78d5" }
- 查询VPN服务端
- 发送“GET https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers”,project_id为项目ID。{p2c_vgw_id}为已创建的终端入云VPN网关ID。
- 在Request Header中增加“X-Auth-Token”。
- 查看请求响应结果。
服务端的status为“PENDING_CREATE”说明正在创建中,为"ACTIVE"说明创建完成。
证书认证的服务端响应结果为:
{ "vpn_servers": [ { "id": "b26c9c74-5bb9-4df8-8b98-ecf2051e3482", "p2c_vgw_id": "595210dc-7998-4ba3-aeb9-516fbcf7853c", "client_cidr": "100.10.1.0/24", "local_subnets": [ "192.168.0.0/24", "192.168.1.0/24" ], "client_auth_type": "CERT", "tunnel_protocol": "SSL", "server_certificate": { "id": "scs1717051012106", "name": "test-05304", "issuer": "C=CN,ST=beijing,L=haidian,O=lesaas,OU=root,CN=www.root.huawei.com", "subject": "C=CN,ST=beijing,L=haidian,O=server,OU=server,CN=www.server.huawei.com", "serial_number": "350612543125953290200975245211283057292471206725", "expiration_time": "2024-06-29T06:39:46Z", "signature_algorithm": "SHA256WITHRSA" }, "client_ca_certificates": [ { "id": "7e971612-f720-4d31-88b5-fc6280b88e36", "name": "ca-cert-123e", "issuer": "C=CN,ST=JS,L=NJ,O=NYS,OU=N10,CN=test.huawei.com", "subject": "C=CN,ST=JS,L=NJ,O=NYS,OU=N10,CN=testCA.huawei.com", "serial_number": "1591942200161", "expiration_time": "2033-11-06T11:39:14Z", "signature_algorithm": "SHA256WITHRSA", "created_at": "2024-06-18T12:19:17.978Z", "updated_at": "2024-06-18T12:19:17.978Z" } ], "ssl_options": { "protocol": "TCP", "port": 443, "encryption_algorithm": "AES-128-GCM", "authentication_algorithm": "SHA256", "is_compressed": false }, "status": "ACTIVE", "created_at": "2024-06-18T12:19:17.978Z", "updated_at": "2024-06-18T12:19:17.978Z" } ], "request_id": "68188a14243b1b54d0b45a82d9123b98" }口令认证的服务端响应结果为:
{ "vpn_servers": [ { "id": "0e325fb6-83b9-4004-a343-8b6fc714a5d9", "p2c_vgw_id": "dea8c4fb-be5c-4d50-be9a-f9a5f3a9afc6", "client_cidr": "100.10.2.0/24", "local_subnets": [ "192.168.0.0/24", "192.168.1.0/24" ], "client_auth_type": "LOCAL_PASSWORD", "tunnel_protocol": "SSL", "server_certificate": { "id": "scs1717051012106", "name": "test-05304", "issuer": "C=CN,ST=beijing,L=haidian,O=lesaas,OU=root,CN=www.root.huawei.com", "subject": "C=CN,ST=beijing,L=haidian,O=server,OU=server,CN=www.server.huawei.com", "serial_number": "350612543125953290200975245211283057292471206725", "expiration_time": "2024-06-29T06:39:46Z", "signature_algorithm": "SHA256WITHRSA" }, "client_ca_certificates": [], "ssl_options": { "protocol": "TCP", "port": 443, "encryption_algorithm": "AES-128-GCM", "authentication_algorithm": "SHA256", "is_compressed": false }, "status": "ACTIVE", "created_at": "2024-06-18T12:21:54.889Z", "updated_at": "2024-06-18T12:21:54.889Z" } ], "request_id": "f8e64d41466085f06383dc59ffb28230" }
父主题: 应用示例
