Querying a Specified VPN Connection
Function
This API is used to query a VPN connection with a specified connection ID.
Calling Method
For details, see Calling APIs.
URI
GET /v5/{project_id}/vpn-connection/{vpn_connection_id}
Parameter |
Type |
Mandatory |
Description |
---|---|---|---|
project_id |
String |
Yes |
Specifies a project ID. You can obtain the project ID by referring to Obtaining the Project ID. |
vpn_connection_id |
String |
Yes |
Specifies a VPN connection ID. |
Request
Response
- Response parameters
Returned status code 200: successful operation
Table 2 Parameters in the response body Parameter
Type
Description
vpn_connection
ResponseVpnConnection object
Specifies the VPN connection object.
request_id
String
Specifies a request ID.
Table 3 ResponseVpnConnection Parameter
Type
Description
id
String
- Specifies a VPN connection ID.
- The value is a UUID containing 36 characters.
name
String
- Specifies a VPN connection name. If no VPN connection name is specified, the system automatically generates one.
- The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.).
status
String
vgw_id
String
- Specifies a VPN gateway ID.
- The value is a UUID containing 36 characters.
vgw_ip
String
- Specifies an EIP ID or private IP address of the VPN gateway.
- The value is a UUID containing 36 characters or an IPv4 address in dotted decimal notation (for example, 192.168.45.7).
style
String
cgw_id
String
- Specifies a customer gateway ID.
- The value is a UUID containing 36 characters.
peer_subnets
Array of String
Specifies a customer subnet. This parameter is not returned when the association mode of the VPN gateway is ER and style is BGP or POLICY.
tunnel_local_address
String
Specifies the tunnel interface address configured on the VPN gateway in route-based mode. This parameter is valid only when style is STATIC or BGP.
tunnel_peer_address
String
Specifies the tunnel interface address configured on the customer gateway device in route-based mode. This parameter is valid only when style is STATIC or BGP.
enable_nqa
Boolean
- Specifies whether NQA is enabled. This parameter is returned only when style is STATIC.
- The value can be true or false.
policy_rules
Array of PolicyRule objects
Specifies policy rules, which are returned only when style is set to POLICY.
ikepolicy
IkePolicy object
Specifies the IKE policy object.
ipsecpolicy
IpsecPolicy object
Specifies the IPsec policy object.
created_at
String
Specifies the time when the VPN connection is created.
updated_at
String
Specifies the last update time.
enterprise_project_id
String
- Specifies an enterprise project ID.
- The value is a UUID containing 36 characters. The value must be the same as the enterprise project ID of the VPN gateway specified by vgw_id.
connection_monitor_id
String
- Specifies the ID of a VPN connection monitor.
- The value is a UUID containing 36 characters.
ha_role
String
- For a VPN gateway in active-standby mode, master indicates the active connection, and slave indicates the standby connection. For a VPN gateway in active-active mode, the value of ha_role can only be master.
- The default value is master.
tags
Array of VpnResourceTag objects
Specifies a tag list.
Table 4 PolicyRule Parameter
Type
Description
rule_index
Integer
- Specifies a rule ID.
- The value ranges from 0 to 50.
source
String
Specifies a source CIDR block.
destination
Array of String
Specifies a destination CIDR block. For example, a destination CIDR block can be 192.168.52.0/24. A maximum of 50 destination CIDR blocks can be returned for each policy rule.
Table 5 IkePolicy Parameter
Type
Description
ike_version
String
- Specifies the IKE version.
- The value can be v1 or v2.
phase1_negotiation_mode
String
authentication_algorithm
String
- Specifies an authentication algorithm.
- The value can be sha2-512, sha2-384, sha2-256, sha1, or md5.
encryption_algorithm
String
- Specifies an encryption algorithm.
- The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, aes-128, or 3des.
dh_group
String
- Specifies the DH group used for key exchange in phase 1.
- The value can be group1, group2, group5, group14, group15, group16, group19, group20, or group21.
authentication_method
String
lifetime_seconds
Integer
- Specifies the SA lifetime. When the lifetime expires, an IKE SA is automatically updated.
- The value ranges from 60 to 604800, in seconds.
local_id_type
String
- Specifies the local ID type.
- The value can be ip or fqdn.
local_id
String
Specifies the local ID. When local_id_type is set to ip, the VPN gateway IP address corresponding to the VPN connection is returned. When local_id_type is set to fqdn, the local ID specified during VPN connection creation or update is returned.
peer_id_type
String
- Specifies the peer ID type.
- The value can be ip or fqdn.
peer_id
String
Specifies the peer ID. When peer_id_type is set to ip, the IP address of the customer gateway is returned. When peer_id_type is set to fqdn, the peer ID specified during VPN connection creation or update is returned.
dpd
Dpd object
Specifies the DPD object.
Table 6 Dpd Parameter
Type
Description
timeout
Integer
- Specifies the interval for retransmitting DPD packets.
- The value ranges from 2 to 60, in seconds.
interval
Integer
- Specifies the DPD idle timeout period.
- The value ranges from 10 to 3600, in seconds.
msg
String
Table 7 IpsecPolicy Parameter
Type
Description
authentication_algorithm
String
- Specifies an authentication algorithm.
- The value can be sha2-512, sha2-384, sha2-256, sha1, or md5.
encryption_algorithm
String
- Specifies an encryption algorithm.
- The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, aes-128, or 3des.
pfs
String
- Specifies the DH key group used by PFS.
- The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable.
transform_protocol
String
lifetime_seconds
Integer
- Specifies the lifetime of a tunnel established over an IPsec connection.
- The value ranges from 30 to 604800, in seconds.
encapsulation_mode
String
Table 8 VpnResourceTag Parameter
Type
Description
key
String
- Specifies a tag key.
- The value is a string of 1 to 128 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).
value
String
- Specifies a tag value.
- The value is a string of 0 to 255 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).
- Example response
{ "vpn_connection": { "id": "98c5af8a-demo-a8df-va86-ae2280a6f4c3", "name": "vpn-1655", "status": "DOWN", "vgw_id": "b32d91a4-demo-a8df-va86-e907174eb11d", "vgw_ip": "0c464dad-demo-a8df-va86-c22bb0eb0bde", "style": "POLICY", "cgw_id": "5247ae10-demo-a8df-va86-dd36659a7f5d", "peer_subnets": ["192.168.0.0/24"], "tunnel_local_address": "169.254.56.225/30", "tunnel_peer_address": "169.254.56.226/30", "policy_rules": [{ "rule_index": 1, "source": "10.0.0.0/24", "destination": [ "192.168.0.0/24" ] }], "ikepolicy": { "ike_version": "v2", "authentication_algorithm": "sha2-256", "encryption_algorithm": "aes-128", "dh_group": "group15", "authentication_method": "pre-share", "lifetime_seconds": 86400, "local_id_type": "ip", "local_id": "10.***.***.134", "peer_id_type": "ip", "peer_id": "88.***.***.164", "dpd": { "timeout": 15, "interval": 30, "msg": "seq-hash-notify" } }, "ipsecpolicy": { "authentication_algorithm": "sha2-256", "encryption_algorithm": "aes-128", "pfs": "group15", "transform_protocol": "esp", "lifetime_seconds": 3600, "encapsulation_mode": "tunnel" }, "created_at": "2022-11-26T13:41:34.626Z", "updated_at": "2022-11-26T13:41:34.626Z", "enterprise_project_id": "0", "ha_role":"master" }, "request_id": "f91082d4-6d49-479c-ad1d-4e552a9f5cae" }
Status Codes
For details, see Status Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.