Updating a VPN Gateway
Function
This API is used to update a VPN gateway with a specified gateway ID.
Calling Method
For details, see Calling APIs.
URI
PUT /v5/{project_id}/vpn-gateways/{vgw_id}
Parameter |
Type |
Mandatory |
Description |
---|---|---|---|
project_id |
String |
Yes |
Specifies a project ID. You can obtain the project ID by referring to Obtaining the Project ID. |
vgw_id |
String |
Yes |
Specifies the ID of a VPN gateway instance. |
Request
- Request parameters
Table 2 Request parameters Parameter
Type
Mandatory
Description
vpn_gateway
UpdateVgwRequestBodyContent object
Yes
Specifies the VPN gateway object.
Table 3 UpdateVgwRequestBodyContent Parameter
Type
Mandatory
Description
name
String
No
- Specifies the name of a VPN gateway.
- The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.).
local_subnets
Array of String
No
- Specifies an IPv4 local subnet. This subnet is a cloud-side subnet that needs to communicate with an on-premises network through a VPN. An example subnet is 192.168.52.0/24.
- This parameter can be set only when attachment_type is set to vpc and ip_version is set to ipv4. A maximum of 50 local subnets can be configured for each VPN gateway.
local_subnets_v6
Array of String
No
- Specifies an IPv6 local subnet. This subnet is a cloud-side subnet that needs to communicate with an on-premises customer subnet through a VPN. An example subnet is 16af:cacc:1097::/48.
- This parameter can be set only when attachment_type is set to vpc and ip_version is set to ipv6. A maximum of 50 local subnets can be configured for each VPN gateway.
eip_id_1
String
No
- Specifies the ID of the new EIP, which is used as the first EIP of the VPN gateway in active-active mode or the active EIP of the VPN gateway in active/standby mode. Before binding a new EIP, unbind the original EIP from the VPN gateway by referring to Updating an EIP.
- The value is a UUID containing 36 characters. You can set this parameter only when network_type is set to public.
eip_id_2
String
No
- Specifies the ID of the new EIP, which is used as the second EIP of the VPN gateway in active-active mode or the standby EIP of the VPN gateway in active/standby mode. Before binding a new EIP, unbind the original EIP from the VPN gateway by referring to Updating an EIP.
- The value is a UUID containing 36 characters. You can set this parameter only when network_type is set to public.
policy_template
PolicyTemplate object
No
- Configures a policy template.
- This parameter is used to update the policy template of a VPN gateway whose specification is Professional1-NonFixedIP or Professional2-NonFixedIP.
Table 4 PolicyTemplate Parameter
Type
Description
ike_policy
IkePolicy object
Specifies the IKE policy object.
ipsec_policy
IpsecPolicy object
Specifies the IPsec policy object.
Table 5 IkePolicy Parameter
Type
Description
encryption_algorithm
String
- Specifies an encryption algorithm.
- The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, or aes-128.
dh_group
String
- Specifies the DH group used for key exchange in phase 1.
- The value can be group14, group15, group16, group19, group20, group21, or disable.
authentication_algorithm
String
- Specifies an authentication algorithm.
- The value can be sha2-512, sha2-384, or sha2-256.
lifetime_seconds
Integer
- Specifies the SA lifetime. When the lifetime expires, an IKE SA is automatically updated.
- The value ranges from 60 to 604800, in seconds.
Table 6 IpsecPolicy Parameter
Type
Description
authentication_algorithm
String
- Specifies an authentication algorithm.
- The value can be sha2-512, sha2-384, or sha2-256.
encryption_algorithm
String
- Specifies an encryption algorithm.
- The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, or aes-128.
pfs
String
- Specifies the DH key group used by PFS.
- The value can be group14, group15, group16, group19, group20, group21, or disable.
lifetime_seconds
Integer
- Specifies the lifetime of a tunnel established over an IPsec connection.
- The value ranges from 30 to 604800, in seconds.
- Example requests
- Updating a VPN gateway that does not support access via non-fixed IP addresses
PUT https://{Endpoint}/v5/{project_id}/vpn-gateways/{vgw_id} { "vpn_gateway": { "name": "vpngw-4321", "local_subnets": [ "192.168.0.0/24" ], "eip_id_1": "f1469b4a-demo-a8df-va86-bb7de91cf493", "eip_id_2": "6ad8e297-demo-a8df-va86-da0f885ccb98" } }
- Updating the policy template of a VPN gateway that supports access via non-fixed IP addresses
PUT https://{Endpoint}/v5/{project_id}/vpn-gateways/{vgw_id} { "vpn_gateway":{ "policy_template":{ "ike_policy":{ "authentication_algorithm":"sha2-256", "encryption_algorithm":"aes-128-gcm-16", "dh_group":"group21", "lifetime_seconds":86400 }, "ipsec_policy":{ "authentication_algorithm":"sha2-256", "encryption_algorithm":"aes-128-gcm-16", "pfs":"disable", "lifetime_seconds":3600 } } } }
- Updating a VPN gateway that does not support access via non-fixed IP addresses
Response
- Response parameters
Returned status code 200: successful operation
Table 7 Parameters in the response body Parameter
Type
Description
vpn_gateway
ResponseVpnGateway object
Specifies the VPN gateway object.
request_id
String
Specifies a request ID.
Table 8 ResponseVpnGateway Parameter
Type
Description
id
String
- Specifies a VPN gateway ID.
- The value is a UUID containing 36 characters.
name
String
- Specifies the name of a VPN gateway.
- The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), and hyphens (-).
network_type
String
- Specifies the network type of the VPN gateway.
- The value can be public or private.
- The default value is public.
attachment_type
String
- Specifies the association mode.
- The value can be vpc or er.
ip_version
String
- Specifies the IP protocol version of the VPN gateway.
- The value is ipv4 or ipv6.
certificate_id
String
- Specifies a certificate ID.
- The value is a UUID containing 36 characters.
er_id
String
Specifies the ID of the enterprise router instance to which the VPN gateway connects. This parameter is available only when attachment_type is set to er.
vpc_id
String
- When attachment_type is set to vpc, vpc_id specifies the ID of the service VPC associated with the VPN gateway.
- When attachment_type is set to er, vpc_id specifies the ID of the access VPC used by the VPN gateway.
local_subnets
Array of String
Specifies a local subnet. This subnet is a cloud-side subnet that needs to communicate with an on-premises network through a VPN. An example subnet is 192.168.52.0/24. This parameter is returned only when attachment_type is set to vpc and ip_version is set to ipv4.
local_subnets_v6
Array of String
Specifies an IPv6 local subnet. This subnet is a cloud-side subnet that needs to communicate with an on-premises network through a VPN. An example subnet is 16af:cacc:1097::/48. This parameter is returned only when attachment_type is set to vpc and ip_version is set to ipv6.
connect_subnet
String
Specifies the ID of the VPC subnet used by the VPN gateway.
bgp_asn
Long
Specifies the BGP AS number of the VPN gateway.
flavor
String
- Specifies the specification of the VPN gateway.
- Value range:
Basic: The maximum forwarding bandwidth is 100 Mbit/s.
Professional1: The maximum forwarding bandwidth is 300 Mbit/s.
Professional1-NonFixedIP: The maximum forwarding bandwidth is 300 Mbit/s.
Professional2: The maximum forwarding bandwidth is 1 Gbit/s.
Professional2-NonFixedIP: The maximum forwarding bandwidth is 1 Gbit/s.
GM: The maximum forwarding bandwidth is 500 Mbit/s.
availability_zone_ids
Array of String
Specifies the AZ where the VPN gateway is deployed. This parameter is available when an AZ is specified. If no AZ is specified, this parameter is available only when the VPN gateway is in ACTIVE state.
connection_number
Integer
Specifies the maximum number of VPN connections supported for the VPN gateway.
used_connection_number
Integer
Specifies the number of VPN connections that have been used by the VPN gateway.
used_connection_group
Integer
Specifies the number of VPN connection groups that have been used by the VPN gateway. A connection group consists of two connections between a customer gateway and a VPN gateway. By default, 10 VPN connection groups are included free of charge with the purchase of a VPN gateway.
enterprise_project_id
String
eip1
ResponseEip object
Specifies the first EIP of the VPN gateway in the active-active mode or the active EIP of the VPN gateway in the active/standby mode. This parameter is available when the VPN gateway is in ACTIVE state.
eip2
ResponseEip object
Specifies the second EIP of the VPN gateway in the active-active mode or the standby EIP of the VPN gateway in the active/standby mode. This parameter is available when the VPN gateway is in ACTIVE state.
created_at
String
- Specifies the time when the VPN gateway is created. This parameter is available when the VPN gateway is in ACTIVE state.
- The UTC time format is yyyy-MM-ddTHH:mm:ssZ.
updated_at
String
- Specifies the last update time. This parameter is available when the VPN gateway is in ACTIVE state.
- The UTC time format is yyyy-MM-ddTHH:mm:ssZ.
access_vpc_id
String
- Specifies the ID of the access VPC used by the VPN gateway.
- The value is a UUID containing 36 characters.
access_subnet_id
String
- Specifies the ID of the subnet in the access VPC used by the VPN gateway.
- The value is a UUID containing 36 characters.
access_private_ip_1
String
Specifies a private IP address used by the VPN gateway to connect to a customer gateway when the network type is private network. This address is the first private IP address of the VPN gateway in active-active mode or the active private IP address of the VPN gateway in the active/standby mode.
An example is 192.168.52.9. This parameter is available only when network_type is set to private.
access_private_ip_2
String
Specifies a private IP address used by the VPN gateway to connect to a customer gateway when the network type is private network. This address is the second private IP address of the VPN gateway in active-active mode or the standby private IP address of the VPN gateway in the active/standby mode.
An example is 192.168.52.9. This parameter is available only when network_type is set to private.
ha_mode
String
- Specifies the HA mode of the gateway. The value can be active-active or active-standby.
- Value range: active-active, active-standby
policy_template
PolicyTemplate object
Indicates a policy template. This parameter is returned only for a VPN gateway that supports access via non-fixed IP addresses.
tags
Array of VpnResourceTag objects
Specifies a tag list.
Table 9 ResponseEip Parameter
Type
Description
id
String
- Specifies an EIP ID.
- The value is a UUID containing 36 characters. If the default enterprise project is used, 0 is returned.
ip_version
Integer
- Specifies the EIP version.
- The value can only be 4, indicating IPv4 address.
ip_billing_info
String
- Specifies the EIP order information. This parameter is available only for yearly/monthly EIPs.
- The value is in the format of order_id:product_id:region_id:project_id, for example:
CS22********LIBIV:00301-******-0--0:br-iaas-odin1:0605768a************c006c7e484aa
type
String
- Specifies the EIP type.
- For the value range, see the type field in Table 6 in Assigning an EIP.
ip_address
String
- Specifies an EIP, that is, a public IPv4 address.
- The value is an IPv4 address, for example, 88.***.***.11.
charge_mode
String
bandwidth_id
String
- Specifies the bandwidth ID of an EIP.
- The value is a UUID containing 36 characters.
bandwidth_size
Integer
- Specifies the bandwidth (Mbit/s) of an EIP. The maximum EIP bandwidth varies according to regions and depends on the EIP service. You can submit a service ticket to increase the maximum EIP bandwidth under your account.
- The value ranges from 1 to 1000. For details, see the EIP documentation.
bandwidth_name
String
- Specifies the bandwidth name of an EIP.
- The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.).
bandwidth_billing_info
String
- Specifies the EIP bandwidth order information. This parameter is available only for yearly/monthly EIPs.
- The value is in the format of order_id:product_id:region_id:project_id, for example:
CS22********LIBIV:00301-******-0--0:br-iaas-odin1:0605768a************c006c7e484aa
share_type
String
Table 10 PolicyTemplate Parameter
Type
Description
ike_policy
IkePolicy object
Specifies the IKE policy object.
ipsec_policy
IpsecPolicy object
Specifies the IPsec policy object.
Table 11 IkePolicy Parameter
Type
Description
encryption_algorithm
String
- Specifies an encryption algorithm.
- The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, or aes-128.
dh_group
String
- Specifies the DH group used for key exchange in phase 1.
- The value can be group14, group15, group16, group19, group20, group21, or disable.
authentication_algorithm
String
- Specifies an authentication algorithm.
- The value can be sha2-512, sha2-384, or sha2-256.
lifetime_seconds
Integer
- Specifies the SA lifetime. When the lifetime expires, an IKE SA is automatically updated.
- The value ranges from 60 to 604800, in seconds.
Table 12 IpsecPolicy Parameter
Type
Description
authentication_algorithm
String
- Specifies an authentication algorithm.
- The value can be sha2-512, sha2-384, or sha2-256.
encryption_algorithm
String
- Specifies an encryption algorithm.
- The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, or aes-128.
pfs
String
- Specifies the DH key group used by PFS.
- The value can be group14, group15, group16, group19, group20, group21, or disable.
lifetime_seconds
Integer
- Specifies the lifetime of a tunnel established over an IPsec connection.
- The value ranges from 30 to 604800, in seconds.
Table 13 VpnResourceTag Parameter
Type
Description
key
String
- Specifies a tag key.
- The value is a string of 1 to 128 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).
value
String
- Specifies a tag value.
- The value is a string of 0 to 255 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).
- Example responses
- Response to the request for updating a VPN gateway that does not support access via non-fixed IP addresses
{ "vpn_gateway": { "id": "620d99b8-demo-a8df-va86-200b868f2d7d", "name": "vpngw-4321", "attachment_type": "vpc", "network_type": "public", "ip_version": "ipv4", "vpc_id": "cb4a631d-demo-a8df-va86-ca3fa348c36c", "local_subnets": [ "192.168.0.0/24" ], "connect_subnet": "f5741286-demo-a8df-va86-2c82bd9ee114", "bgp_asn": 64512, "flavor": "Professional1", "availability_zone_ids": ["cn-south-1f", "cn-south-1e"], "connection_number": 200, "used_connection_number": 0, "used_connection_group": 0, "enterprise_project_id": "0", "eip1": { "id": "f1469b4a-demo-a8df-va86-bb7de91cf493", "ip_version": 4, "type": "5_bgp", "ip_address": "88.***.***.102", "charge_mode": "bandwidth", "bandwidth_id": "cff40e5e-demo-a8df-va86-7366077bf097", "bandwidth_size": 300, "bandwidth_name": "vpngw-bandwidth-1391" }, "eip2": { "id": "6ad8e297-demo-a8df-va86-da0f885ccb98", "ip_version": 4, "type": "5_bgp", "ip_address": "88.***.***.188", "charge_mode": "bandwidth", "bandwidth_id": "d290f1ee-demo-a8df-va86-d701748f0851", "bandwidth_size": 300, "bandwidth_name": "vpngw-bandwidth-1392" }, "created_at": "2022-09-15T08:56:09.386Z", "updated_at": "2022-09-15T11:13:13.677Z", "access_vpc_id": "0cf79a3f-demo-a8df-va86-d7ace626b0fa", "access_subnet_id": "f5741286-demo-a8df-va86-2c82bd9ee114", "ha_mode": "active-active" }, "request_id": "33a2b77a-65f9-4fa0-90bd-4bd42038eb41" }
- Response to the request for updating a VPN gateway that supports access via non-fixed IP addresses
{ "vpn_gateway":{ "id":"620d99b8-demo-a8df-va86-200b868f2d7d", "name":"vpngw-4321", "attachment_type":"vpc", "network_type":"public", "ip_version": "ipv4", "vpc_id":"cb4a631d-demo-a8df-va86-ca3fa348c36c", "local_subnets":[ "192.168.0.0/24" ], "connect_subnet":"f5741286-demo-a8df-va86-2c82bd9ee114", "bgp_asn":64512, "flavor":"Professional1", "availability_zone_ids":[ "cn-south-1f", "cn-south-1e" ], "connection_number":200, "used_connection_number":0, "used_connection_group":0, "enterprise_project_id":"0", "eip1":{ "id":"f1469b4a-demo-a8df-va86-bb7de91cf493", "ip_version":4, "type":"5_bgp", "ip_address":"88.***.***.102", "charge_mode":"bandwidth", "bandwidth_id":"cff40e5e-demo-a8df-va86-7366077bf097", "bandwidth_size":300, "bandwidth_name":"vpngw-bandwidth-1391" }, "eip2":{ "id":"6ad8e297-demo-a8df-va86-da0f885ccb98", "ip_version":4, "type":"5_bgp", "ip_address":"88.***.***.188", "charge_mode":"bandwidth", "bandwidth_id":"d290f1ee-demo-a8df-va86-d701748f0851", "bandwidth_size":300, "bandwidth_name":"vpngw-bandwidth-1392" }, "created_at":"2022-09-15T08:56:09.386Z", "updated_at":"2022-09-15T11:13:13.677Z", "access_vpc_id":"0cf79a3f-demo-a8df-va86-d7ace626b0fa", "access_subnet_id":"f5741286-demo-a8df-va86-2c82bd9ee114", "ha_mode":"active-active", "policy_template":{ "ike_policy":{ "authentication_algorithm":"sha2-256", "encryption_algorithm":"aes-128-gcm-16", "dh_group":"group21", "lifetime_seconds":86400 }, "ipsec_policy":{ "authentication_algorithm":"sha2-256", "encryption_algorithm":"aes-128-gcm-16", "pfs":"disable", "lifetime_seconds":3600 } } }, "request_id":"33a2b77a-65f9-4fa0-90bd-4bd42038eb41" }
- Response returned when a VPN gateway being created fails to be updated
{ "error_code":"VPN.0003", "error_msg":"resource (type=GATEWAY, ID=ff9bdca6-demo-a8df-va86-e4bcc1ea52bc) is not ready, currently CREATING", "request_id": "abafe41c-7744-41af-bf3d-4452872af799" }
- Response to the request for updating a VPN gateway that does not support access via non-fixed IP addresses
Status Codes
For details, see Status Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot