Updated on 2024-04-03 GMT+08:00

Querying a Specified VPN Connection

Function

This API is used to query a VPN connection with a specified connection ID.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/vpn-connection/{vpn_connection_id}

Table 1 Parameter description

Parameter

Type

Mandatory

Description

project_id

String

Yes

Specifies a project ID. You can obtain the project ID by referring to Obtaining the Project ID.

vpn_connection_id

String

Yes

Specifies a VPN connection ID.

Request

  • Request parameters

    None

  • Example request
    GET https://{Endpoint}/v5/{project_id}/vpn-connection/{vpn_connection_id}

Response

  • Response parameters

    Returned status code 200: successful operation

    Table 2 Parameters in the response body

    Parameter

    Type

    Description

    vpn_connection

    ResponseVpnConnection object

    Specifies the VPN connection object.

    request_id

    String

    Specifies a request ID.

    Table 3 ResponseVpnConnection

    Parameter

    Type

    Description

    id

    String

    • Specifies a VPN connection ID.
    • The value is a UUID containing 36 characters.

    name

    String

    • Specifies a VPN connection name. If no VPN connection name is specified, the system automatically generates one.
    • The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.).

    status

    String

    • Specifies the status of the VPN connection.
    • Value range:

      ERROR: abnormal

      ACTIVE: normal

      DOWN: not connected

      PENDING_CREATE: creating

      PENDING_UPDATE: updating

      PENDING_DELETE: deleting

      FREEZED: frozen

      UNKNOWN: unknown

    vgw_id

    String

    • Specifies a VPN gateway ID.
    • The value is a UUID containing 36 characters.

    vgw_ip

    String

    • Specifies an EIP ID or private IP address of the VPN gateway.
    • The value is a UUID containing 36 characters or an IPv4 address in dotted decimal notation (for example, 192.168.45.7).

    style

    String

    • Specifies the connection mode.
    • Value range:

      POLICY: policy-based mode

      STATIC: static routing mode

      BGP: BGP routing mode

      POLICY-TEMPLATE: policy template mode

    cgw_id

    String

    • Specifies a customer gateway ID.
    • The value is a UUID containing 36 characters.

    peer_subnets

    Array of String

    Specifies a customer subnet. This parameter is not returned when the association mode of the VPN gateway is ER and style is BGP or POLICY.

    tunnel_local_address

    String

    Specifies the tunnel interface address configured on the VPN gateway in route-based mode. This parameter is valid only when style is STATIC or BGP.

    tunnel_peer_address

    String

    Specifies the tunnel interface address configured on the customer gateway device in route-based mode. This parameter is valid only when style is STATIC or BGP.

    enable_nqa

    Boolean

    • Specifies whether NQA is enabled. This parameter is returned only when style is STATIC.
    • The value can be true or false.

    policy_rules

    Array of PolicyRule objects

    Specifies policy rules, which are returned only when style is set to POLICY.

    ikepolicy

    IkePolicy object

    Specifies the IKE policy object.

    ipsecpolicy

    IpsecPolicy object

    Specifies the IPsec policy object.

    created_at

    String

    Specifies the time when the VPN connection is created.

    updated_at

    String

    Specifies the last update time.

    enterprise_project_id

    String

    • Specifies an enterprise project ID.
    • The value is a UUID containing 36 characters. The value must be the same as the enterprise project ID of the VPN gateway specified by vgw_id.

    connection_monitor_id

    String

    • Specifies the ID of a VPN connection monitor.
    • The value is a UUID containing 36 characters.

    ha_role

    String

    • For a VPN gateway in active-standby mode, master indicates the active connection, and slave indicates the standby connection. For a VPN gateway in active-active mode, the value of ha_role can only be master.
    • The default value is master.

    tags

    Array of VpnResourceTag objects

    Specifies a tag list.

    Table 4 PolicyRule

    Parameter

    Type

    Description

    rule_index

    Integer

    • Specifies a rule ID.
    • The value ranges from 0 to 50.

    source

    String

    Specifies a source CIDR block.

    destination

    Array of String

    Specifies a destination CIDR block. For example, a destination CIDR block can be 192.168.52.0/24. A maximum of 50 destination CIDR blocks can be returned for each policy rule.

    Table 5 IkePolicy

    Parameter

    Type

    Description

    ike_version

    String

    • Specifies the IKE version.
    • The value can be v1 or v2.

    phase1_negotiation_mode

    String

    • Specifies the negotiation mode. This parameter is available only when the IKE version is v1.
    • Value range:

      main: ensures high security during negotiation.

      aggressive: ensures fast negotiation and a high negotiation success rate.

    authentication_algorithm

    String

    • Specifies an authentication algorithm.
    • The value can be sha2-512, sha2-384, sha2-256, sha1, or md5.

    encryption_algorithm

    String

    • Specifies an encryption algorithm.
    • The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, aes-128, or 3des.

    dh_group

    String

    • Specifies the DH group used for key exchange in phase 1.
    • The value can be group1, group2, group5, group14, group15, group16, group19, group20, or group21.

    authentication_method

    String

    • Specifies the authentication method used during IKE negotiation.
    • Value range:

      pre-share: pre-shared key

    lifetime_seconds

    Integer

    • Specifies the SA lifetime. When the lifetime expires, an IKE SA is automatically updated.
    • The value ranges from 60 to 604800, in seconds.

    local_id_type

    String

    • Specifies the local ID type.
    • The value can be ip or fqdn.

    local_id

    String

    Specifies the local ID. When local_id_type is set to ip, the VPN gateway IP address corresponding to the VPN connection is returned. When local_id_type is set to fqdn, the local ID specified during VPN connection creation or update is returned.

    peer_id_type

    String

    • Specifies the peer ID type.
    • The value can be ip or fqdn.

    peer_id

    String

    Specifies the peer ID. When peer_id_type is set to ip, the IP address of the customer gateway is returned. When peer_id_type is set to fqdn, the peer ID specified during VPN connection creation or update is returned.

    dpd

    Dpd object

    Specifies the DPD object.

    Table 6 Dpd

    Parameter

    Type

    Description

    timeout

    Integer

    • Specifies the interval for retransmitting DPD packets.
    • The value ranges from 2 to 60, in seconds.

    interval

    Integer

    • Specifies the DPD idle timeout period.
    • The value ranges from 10 to 3600, in seconds.

    msg

    String

    • Specifies the format of DPD packets.
    • Value range:

      seq-hash-notify: indicates that the payload of DPD packets is in the sequence of hash-notify.

      seq-notify-hash: indicates that the payload of DPD packets is in the sequence of notify-hash.

    Table 7 IpsecPolicy

    Parameter

    Type

    Description

    authentication_algorithm

    String

    • Specifies an authentication algorithm.
    • The value can be sha2-512, sha2-384, sha2-256, sha1, or md5.

    encryption_algorithm

    String

    • Specifies an encryption algorithm.
    • The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, aes-128, or 3des.

    pfs

    String

    • Specifies the DH key group used by PFS.
    • The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable.

    transform_protocol

    String

    • Specifies the transfer protocol.
    • Value range:

      esp: encapsulating security payload protocol

    lifetime_seconds

    Integer

    • Specifies the lifetime of a tunnel established over an IPsec connection.
    • The value ranges from 30 to 604800, in seconds.

    encapsulation_mode

    String

    • Specifies the packet encapsulation mode.
    • Value range:

      tunnel: encapsulates packets in tunnel mode.

    Table 8 VpnResourceTag

    Parameter

    Type

    Description

    key

    String

    • Specifies a tag key.
    • The value is a string of 1 to 128 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).

    value

    String

    • Specifies a tag value.
    • The value is a string of 0 to 255 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).
  • Example response
    {
        "vpn_connection": {
            "id": "98c5af8a-demo-a8df-va86-ae2280a6f4c3",
            "name": "vpn-1655",
            "status": "DOWN",
            "vgw_id": "b32d91a4-demo-a8df-va86-e907174eb11d",
            "vgw_ip": "0c464dad-demo-a8df-va86-c22bb0eb0bde",
            "style": "POLICY",
            "cgw_id": "5247ae10-demo-a8df-va86-dd36659a7f5d",
            "peer_subnets": ["192.168.0.0/24"],
            "tunnel_local_address": "169.254.56.225/30",
            "tunnel_peer_address": "169.254.56.226/30",
            "policy_rules": [{
                "rule_index": 1,
                "source": "10.0.0.0/24",
                "destination": [
                    "192.168.0.0/24"
                ]
            }],
            "ikepolicy": {
                "ike_version": "v2",
                "authentication_algorithm": "sha2-256",
                "encryption_algorithm": "aes-128",
                "dh_group": "group15",
                "authentication_method": "pre-share",
                "lifetime_seconds": 86400,
                "local_id_type": "ip",
                "local_id": "10.***.***.134",
                "peer_id_type": "ip",
                "peer_id": "88.***.***.164",
                "dpd": {
                    "timeout": 15,
                    "interval": 30,
                    "msg": "seq-hash-notify"
                }
            },
            "ipsecpolicy": {
                "authentication_algorithm": "sha2-256",
                "encryption_algorithm": "aes-128",
                "pfs": "group15",
                "transform_protocol": "esp",
                "lifetime_seconds": 3600,
                "encapsulation_mode": "tunnel"
            },
            "created_at": "2022-11-26T13:41:34.626Z",
            "updated_at": "2022-11-26T13:41:34.626Z",
            "enterprise_project_id": "0",
            "ha_role":"master"
        },
        "request_id": "f91082d4-6d49-479c-ad1d-4e552a9f5cae"
    }

Status Codes

For details, see Status Codes.