Creating a VPN Server
Function
This API is used to create a VPN server.
Calling Method
For details, see Calling APIs.
URI
Parameter |
Type |
Mandatory |
Description |
---|---|---|---|
project_id |
String |
Yes |
Specifies a project ID. You can obtain the project ID by referring to Obtaining the Project ID. |
p2c_vgw_id |
String |
Yes |
Specifies the ID of a P2C VPN gateway instance. |
Parameter |
Type |
Mandatory |
Description |
---|---|---|---|
X-Client-Token |
String |
No |
|
Request
- Request parameters
Table 3 Request parameters Parameter
Type
Mandatory
Description
vpn_server
object
Yes
Specifies the to-be-created server object.
Table 4 CreateServerRequest Parameter
Type
Mandatory
Description
tunnel_protocol
String
No
client_cidr
String
Yes
- Specifies a client CIDR block. A virtual IP address on this CIDR block will be assigned to a client for establishing a connection.
- The value is in the format of dotted decimal notation/mask, for example, 192.168.1.0/24.
- Constraints:
- The client CIDR block cannot conflict with the routes in the default route table of the VPC to which the gateway belongs.
- The client CIDR block cannot conflict with any local CIDR block of the server.
- The number of available IP addresses in the client CIDR block must be greater than four times the maximum number of gateway connections.
- The client CIDR block cannot be 0.0.0.0/8, 127.0.0.0/8, 224.0.0.0/4, 240.0.0.0/4, or 169.254.0.0/16.
local_subnets
Array of strings
Yes
- Specifies the list of local CIDR blocks. A local CIDR block is a destination CIDR block on the cloud to be accessed by client CIDR blocks through a VPN.
- The value is in the format of dotted decimal notation/mask, for example, 10.10.1.0/24.
- Constraints:
- There must be at least one local CIDR block. By default, a maximum of 20 local CIDR blocks are supported.
- The local CIDR block cannot be 0.0.0.0/8, 127.0.0.0/8, 224.0.0.0/4, or 240.0.0.0/4.
client_auth_type
String
No
- Specifies the client authentication mode.
- Value range:
- CERT: certificate authentication
- LOCAL_PASSWORD: password authentication (local)
- The default value is LOCAL_PASSWORD.
server_certificate
object
No
Specifies a server certificate. This parameter is mandatory when SSL is used as the tunnel protocol. It is recommended to use a certificate with a strong cryptographic algorithm, such as RSA-3072 or RSA-4096.
client_ca_certificates
Array of client_ca_certificate
objects
No
- Specifies the list of client CA certificates, which are used to authenticate client certificates.
- Constraints:
- This parameter is mandatory when SSL is used as the tunnel protocol and the client authentication mode is certificate authentication.
- When the client authentication mode is certificate authentication, you must upload at least one client CA certificate. A maximum of 10 client CA certificates can be uploaded.
ssl_options
ssl_options object
No
Specifies SSL options. This parameter is mandatory when SSL is used as the tunnel protocol.
dns_servers
Array of strings
No
- Specifies the DNS server list. A maximum of two DNS servers are supported.
- The value is in dotted decimal notation, for example, 172.16.1.1.
Table 5 server_certificate Parameter
Type
Mandatory
Description
id
String
Yes
Specifies a certificate ID, which is the ID of a certificated uploaded in the Cloud Certificate Manager (CCM).
Table 6 client_ca_certificate Parameter
Type
Mandatory
Description
name
String
No
- Specifies a certificate name. If this parameter is left blank, the system automatically generates a certificate name.
- The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), and hyphens (-).
content
String
Yes
Table 7 ssl_options Parameter
Type
Mandatory
Description
protocol
String
No
- Specifies a protocol.
- Value range: TCP
- The default value is TCP.
port
Integer
No
- Specifies a port number.
- Value range:
- 443
- 1194
- The default value is 443.
encryption_algorithm
String
No
- Specifies an encryption algorithm.
- Value range:
- AES-128-GCM
- AES-256-GCM
- The default value is AES-128-GCM.
is_compressed
Boolean
No
- Specifies whether to compress data.
- Value range:
- true
- false
- The default value is false.
- Example requests
1. Create a VPN server in certificate authentication mode.
POST https://{Endpoint}/v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers { "vpn_server": { "tunnel_protocol": "SSL", "client_cidr": "172.16.0.1/24", "local_subnets": [ "10.16.0.0/24", "10.16.1.0/24" ], "client_auth_type": "CERT", "server_certificate": { "id": "scs*********3922" }, "client_ca_certificates": [ { "name": "client_ca_8sux3d", "content": "-----BEGIN CERTIFICATE-----*******-----END CERTIFICATE-----" } ], "ssl_options": { "protocol": "TCP", "port": 443, "encryption_algorithm": "AES-128-GCM", "is_compressed": false } } }
2. Create a VPN server in password authentication mode.
{ "vpn_server": { "tunnel_protocol": "SSL", "client_cidr": "172.16.0.1/24", "local_subnets": [ "10.16.0.0/24", "10.16.1.0/24" ], "client_auth_type": "LOCAL_PASSWORD", "server_certificate": { "id": "scs1716171403922" }, "ssl_options": { "protocol": "TCP", "port": 443, "encryption_algorithm": "AES-128-GCM", "is_compressed": false } } }
Response
- Response parameters
Returned status code 201: successful operation
Table 8 Parameters in the response body Parameter
Type
Description
vpn_server
vpn_server object
Specifies the VPN server object.
request_id
String
Specifies a request ID.
- Example response
{ "vpn_server": { "id": "2407a20d-0bf7-4530-ba9a-7ffa0cedfa3b" }, "request_id": "b19ba5a0be8f7b7f664b14596f8f35db" }
Status Codes
For details, see Status Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.