Updating a VPN Gateway

Function

This API is used to update a VPN gateway with a specified gateway ID.

Calling Method

For details, see Calling APIs.

URI

PUT /v5/{project_id}/vpn-gateways/{vgw_id}

Request

• Request parameters

  Table 2 Request parameters

  Parameter	Type	Mandatory	Description
  vpn_gateway	UpdateVgwRequestBodyContent object	Yes	Specifies the VPN gateway object.

  Table 3 UpdateVgwRequestBodyContent

  Parameter	Type	Mandatory	Description
  name	String	No	Specifies the name of a VPN gateway. The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.).
  local_subnets	Array of String	No	Specifies a local subnet. This subnet is a cloud-side subnet that needs to communicate with an on-premises network through a VPN. For example, a local subnet can be 192.168.52.0/24. You can set this parameter only when attachment_type is set to vpc. A maximum of 50 local subnets can be configured for each VPN gateway.
  eip_id_1	String	No	Specifies the ID of the new EIP, which is used as the first EIP of the VPN gateway in active-active mode or the active EIP of the VPN gateway in active-standby mode. Before binding a new EIP, unbind the original EIP from the VPN gateway by referring to Updating an EIP. The value is a UUID containing 36 characters. You can set this parameter only when network_type is set to public.
  eip_id_2	String	No	Specifies the ID of the new EIP, which is used as the second EIP of the VPN gateway in active-active mode or the standby EIP of the VPN gateway in active-standby mode. Before binding a new EIP, unbind the original EIP from the VPN gateway by referring to Updating an EIP. The value is a UUID containing 36 characters. You can set this parameter only when network_type is set to public.
  policy_template	PolicyTemplate object	No	Configures a policy template. This parameter is used to update the policy template of a VPN gateway whose specification is Professional1-NonFixedIP or Professional2-NonFixedIP.

  Table 4 PolicyTemplate

  Parameter	Type	Description
  ike_policy	IkePolicy object	Specifies the IKE policy object.
  ipsec_policy	IpsecPolicy object	Specifies the IPsec policy object.

  Table 5 IkePolicy

  Parameter	Type	Description
  encryption_algorithm	String	Specifies an encryption algorithm. The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, or aes-128.
  dh_group	String	Specifies the DH group used for key exchange in phase 1. The value can be group14, group15, group16, group19, group20, group21, or disable.
  authentication_algorithm	String	Specifies an authentication algorithm. The value can be sha2-512, sha2-384, or sha2-256.
  lifetime_seconds	Integer	Specifies the SA lifetime. When the lifetime expires, an IKE SA is automatically updated. The value ranges from 60 to 604800, in seconds.

  Table 6 IpsecPolicy

  Parameter	Type	Description
  authentication_algorithm	String	Specifies an authentication algorithm. The value can be sha2-512, sha2-384, or sha2-256.
  encryption_algorithm	String	Specifies an encryption algorithm. The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, or aes-128.
  pfs	String	Specifies the DH key group used by PFS. The value can be group14, group15, group16, group19, group20, group21, or disable.
  lifetime_seconds	Integer	Specifies the lifetime of a tunnel established over an IPsec connection. The value ranges from 30 to 604800, in seconds.

• Example requests
  1. Updating a VPN gateway that does not support access via non-fixed IP addresses

     PUT https://{Endpoint}/v5/{project_id}/vpn-gateways/{vgw_id}
     
     {
         "vpn_gateway": {
             "name": "vpngw-4321",
             "local_subnets": [
                 "192.168.0.0/24"
             ],
             "eip_id_1": "f1469b4a-****-****-****-bb7de91cf493",
             "eip_id_2": "6ad8e297-****-****-****-da0f885ccb98"
         }
     }

  2. Updating the policy template of a VPN gateway that supports access via non-fixed IP addresses

     PUT https://{Endpoint}/v5/{project_id}/vpn-gateways/{vgw_id}
     {
         "vpn_gateway":{
             "policy_template":{
                 "ike_policy":{
                     "authentication_algorithm":"sha2-256",
                     "encryption_algorithm":"aes-128-gcm-16",
                     "dh_group":"group21",
                     "lifetime_seconds":86400
                 },
                 "ipsec_policy":{
                     "authentication_algorithm":"sha2-256",
                     "encryption_algorithm":"aes-128-gcm-16",
                     "pfs":"disable",
                     "lifetime_seconds":3600
                 }
             }
         }
     }

Response

• Response parameters

  Returned status code 200: successful operation

  Table 7 Parameters in the response body

  Parameter	Type	Description
  vpn_gateway	ResponseVpnGateway object	Specifies the VPN gateway object.
  request_id	String	Specifies a request ID.

  Table 8 ResponseVpnGateway

  Parameter	Type	Description
  id	String	Specifies a VPN gateway ID. The value is a UUID containing 36 characters.
  name	String	Specifies a VPN gateway name. If no VPN gateway name is specified, the system automatically generates one. The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), and hyphens (-).
  network_type	String	Specifies the network type of the VPN gateway. The value can be public or private. The default value is public.
  attachment_type	String	Specifies the association mode. The value can be vpc or er.
  certificate_id	String	Specifies the certificate ID. The value is a UUID containing 36 characters.
  er_id	String	Specifies the ID of the enterprise router instance to which the VPN gateway connects. This parameter is available only when attachment_type is set to er.
  vpc_id	String	When attachment_type is set to vpc, vpc_id specifies the ID of the service VPC associated with the VPN gateway. When attachment_type is set to er, vpc_id specifies the ID of the access VPC used by the VPN gateway.
  local_subnets	Array of String	Specifies a local subnet. This subnet is a cloud-side subnet that needs to communicate with an on-premises network through a VPN. For example, a local subnet can be 192.168.52.0/24. This parameter is available only when attachment_type is set to vpc.
  connect_subnet	String	Specifies the ID of the VPC subnet used by the VPN gateway.
  bgp_asn	Long	Specifies the BGP AS number of the VPN gateway.
  flavor	String	Specifies the specifications of the VPN gateway. Value range: Basic: The maximum forwarding bandwidth is 100 Mbit/s. Professional1: The maximum forwarding bandwidth is 300 Mbit/s. Professional1-NonFixedIP: The maximum forwarding bandwidth is 300 Mbit/s. Professional2: The maximum forwarding bandwidth is 1 Gbit/s. Professional2-NonFixedIP: The maximum forwarding bandwidth is 1 Gbit/s. GM: The maximum forwarding bandwidth is 500 Mbit/s.
  availability_zone_ids	Array of String	Specifies the AZ where the VPN gateway is deployed. This parameter is available when an AZ is specified. If no AZ is specified, this parameter is available only when the VPN gateway is in ACTIVE state.
  connection_number	Integer	Specifies the maximum number of VPN connections supported for the VPN gateway.
  used_connection_number	Integer	Specifies the number of VPN connections that have been used by the VPN gateway.
  used_connection_group	Integer	Specifies the number of VPN connection groups that have been used by the VPN gateway. A connection group consists of two connections between a customer gateway and a VPN gateway. By default, 10 VPN connection groups are included free of charge with the purchase of a VPN gateway.
  enterprise_project_id	String	Specifies an enterprise project ID. The value is a UUID containing 36 characters. If no enterprise project ID is specified during VPN gateway creation, 0 is returned, indicating that the resource belongs to the default enterprise project. Note that 0 is not the ID of an existing enterprise project.
  eip1	ResponseEip object	Specifies the first EIP of the VPN gateway in the active-active mode or the active EIP of the VPN gateway in the active-standby mode. This parameter is available when the VPN gateway is in ACTIVE state.
  eip2	ResponseEip object	Specifies the second EIP of the VPN gateway in the active-active mode or the standby EIP of the VPN gateway in the active-standby mode. This parameter is available when the VPN gateway is in ACTIVE state.
  created_at	String	Specifies the time when the VPN gateway is created. This parameter is available when the VPN gateway is in ACTIVE state.
  updated_at	String	Specifies the last update time. This parameter is available when the VPN gateway is in ACTIVE state.
  access_vpc_id	String	Specifies the ID of the access VPC used by the VPN gateway. The value is a UUID containing 36 characters.
  access_subnet_id	String	Specifies the ID of the subnet in the access VPC used by the VPN gateway. The value is a UUID containing 36 characters.
  access_private_ip_1	String	Specifies a private IP address used by the VPN gateway to connect to a customer gateway when the network type is private network. This address is the first private IP address of the VPN gateway in active-active mode or the active private IP address of the VPN gateway in the active-standby mode. An example is 192.168.52.9. This parameter is available only when network_type is set to private.
  access_private_ip_2	String	Specifies a private IP address used by the VPN gateway to connect to a customer gateway when the network type is private network. This address is the second private IP address of the VPN gateway in active-active mode or the standby private IP address of the VPN gateway in the active-standby mode. An example is 192.168.52.9. This parameter is available only when network_type is set to private.
  ha_mode	String	Specifies the HA mode of the gateway. The value can be active-active or active-standby. Value range: active-active, active-standby
  policy_template	PolicyTemplate object	Indicates a policy template. This parameter is returned only for a VPN gateway that supports access via non-fixed IP addresses.
  tags	Array of VpnResourceTag objects	Specifies a tag list.

  Table 9 ResponseEip

  Parameter	Type	Description
  id	String	Specifies an EIP ID. The value is a UUID containing 36 characters. If the default enterprise project is used, 0 is returned.
  ip_version	Integer	Specifies the EIP version. The value can only be 4, indicating IPv4 address.
  ip_billing_info	String	Specifies the EIP order information. This parameter is available only for yearly/monthly EIPs. The value is in the format of order_id:product_id:region_id:project_id, for example: CS22********LIBIV:00301-******-0--0:br-iaas-odin1:0605768a************c006c7e484aa
  type	String	Specifies the EIP type. For the value range, see the type field in Table 6 in Assigning an EIP.
  ip_address	String	Specifies an EIP, that is, a public IPv4 address. The value is an IPv4 address, for example, 88.***.***.11.
  charge_mode	String	Specifies the bandwidth billing mode of an EIP. Value range: bandwidth: billed by bandwidth traffic: billed by traffic
  bandwidth_id	String	Specifies the bandwidth ID of an EIP. The value is a UUID containing 36 characters.
  bandwidth_size	Integer	Specifies the bandwidth (Mbit/s) of an EIP. The maximum EIP bandwidth varies according to regions and depends on the EIP service. You can submit a service ticket to increase the maximum EIP bandwidth under your account. The value ranges from 1 to 1000. For details, see the EIP documentation.
  bandwidth_name	String	Specifies the bandwidth name of an EIP. The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.).
  bandwidth_billing_info	String	Specifies the EIP bandwidth order information. This parameter is available only for yearly/monthly EIPs. The value is in the format of order_id:product_id:region_id:project_id, for example: CS22********LIBIV:00301-******-0--0:br-iaas-odin1:0605768a************c006c7e484aa

  Table 10 PolicyTemplate

  Parameter	Type	Description
  ike_policy	IkePolicy object	Specifies the IKE policy object.
  ipsec_policy	IpsecPolicy object	Specifies the IPsec policy object.

  Table 11 IkePolicy

  Parameter	Type	Description
  encryption_algorithm	String	Specifies an encryption algorithm. The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, or aes-128.
  dh_group	String	Specifies the DH group used for key exchange in phase 1. The value can be group14, group15, group16, group19, group20, group21, or disable.
  authentication_algorithm	String	Specifies an authentication algorithm. The value can be sha2-512, sha2-384, or sha2-256.
  lifetime_seconds	Integer	Specifies the SA lifetime. When the lifetime expires, an IKE SA is automatically updated. The value ranges from 60 to 604800, in seconds.

  Table 12 IpsecPolicy

  Parameter	Type	Description
  authentication_algorithm	String	Specifies an authentication algorithm. The value can be sha2-512, sha2-384, or sha2-256.
  encryption_algorithm	String	Specifies an encryption algorithm. The value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, or aes-128.
  pfs	String	Specifies the DH key group used by PFS. The value can be group14, group15, group16, group19, group20, group21, or disable.
  lifetime_seconds	Integer	Specifies the lifetime of a tunnel established over an IPsec connection. The value ranges from 30 to 604800, in seconds.

  Table 13 VpnResourceTag

  Parameter	Type	Description
  key	String	Specifies a tag key. The value is a string of 1 to 128 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).
  value	String	Specifies a tag value. The value is a string of 0 to 255 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).

• Example responses
  1. Response to the request for updating a VPN gateway that does not support access via non-fixed IP addresses

     {
         "vpn_gateway": {
             "id": "620d99b8-****-****-****-200b868f2d7d",
             "name": "vpngw-4321",
             "attachment_type": "vpc",
             "network_type": "public",
             "vpc_id": "cb4a631d-****-****-****-ca3fa348c36c",
             "local_subnets": [
                 "192.168.0.0/24"
             ],
             "connect_subnet": "f5741286-****-****-****-2c82bd9ee114",
             "bgp_asn": 64512,
             "flavor": "Professional1",
             "availability_zone_ids": ["cn-south-1f", "cn-south-1e"],
             "connection_number": 200,
             "used_connection_number": 0,
             "used_connection_group": 0,
             "enterprise_project_id": "0",
             "eip1": {
                 "id": "f1469b4a-****-****-****-bb7de91cf493",
                 "ip_version": 4,
                 "type": "5_bgp",
                 "ip_address": "88.***.***.102",
                 "charge_mode": "bandwidth",
                 "bandwidth_id": "cff40e5e-****-****-****-7366077bf097",
                 "bandwidth_size": 300,
                 "bandwidth_name": "vpngw-bandwidth-1391"
             },
             "eip2": {
                 "id": "6ad8e297-****-****-****-da0f885ccb98",
                 "ip_version": 4,
                 "type": "5_bgp",
                 "ip_address": "88.***.***.188",
                 "charge_mode": "bandwidth",
                 "bandwidth_id": "d290f1ee-****-****-****-d701748f0851",
                 "bandwidth_size": 300,
                 "bandwidth_name": "vpngw-bandwidth-1392"
             },
     	"created_at": "2022-09-15T08:56:09.386Z",
             "updated_at": "2022-09-15T11:13:13.677Z",
             "access_vpc_id": "0cf79a3f-****-****-****-d7ace626b0fa",
             "access_subnet_id": "f5741286-****-****-****-2c82bd9ee114",
             "ha_mode": "active-active"
         },
         "request_id": "33a2b77a-65f9-4fa0-90bd-4bd42038eb41"
     }

  2. Response to the request for updating a VPN gateway that supports access via non-fixed IP addresses

     {
         "vpn_gateway":{
             "id":"620d99b8-****-****-****-200b868f2d7d",
             "name":"vpngw-4321",
             "attachment_type":"vpc",
             "network_type":"public",
             "vpc_id":"cb4a631d-****-****-****-ca3fa348c36c",
             "local_subnets":[
                 "192.168.0.0/24"
             ],
             "connect_subnet":"f5741286-****-****-****-2c82bd9ee114",
             "bgp_asn":64512,
             "flavor":"Professional1",
             "availability_zone_ids":[
                 "cn-south-1f",
                 "cn-south-1e"
             ],
             "connection_number":200,
             "used_connection_number":0,
             "used_connection_group":0,
             "enterprise_project_id":"0",
             "eip1":{
                 "id":"f1469b4a-****-****-****-bb7de91cf493",
                 "ip_version":4,
                 "type":"5_bgp",
                 "ip_address":"88.***.***.102",
                 "charge_mode":"bandwidth",
                 "bandwidth_id":"cff40e5e-****-****-****-7366077bf097",
                 "bandwidth_size":300,
                 "bandwidth_name":"vpngw-bandwidth-1391"
             },
             "eip2":{
                 "id":"6ad8e297-****-****-****-da0f885ccb98",
                 "ip_version":4,
                 "type":"5_bgp",
                 "ip_address":"88.***.***.188",
                 "charge_mode":"bandwidth",
                 "bandwidth_id":"d290f1ee-****-****-****-d701748f0851",
                 "bandwidth_size":300,
                 "bandwidth_name":"vpngw-bandwidth-1392"
             },
             "created_at":"2022-09-15T08:56:09.386Z",
             "updated_at":"2022-09-15T11:13:13.677Z",
             "access_vpc_id":"0cf79a3f-****-****-****-d7ace626b0fa",
             "access_subnet_id":"f5741286-****-****-****-2c82bd9ee114",
             "ha_mode":"active-active",
             "policy_template":{
                 "ike_policy":{
                     "authentication_algorithm":"sha2-256",
                     "encryption_algorithm":"aes-128-gcm-16",
                     "dh_group":"group21",
                     "lifetime_seconds":86400
                 },
                 "ipsec_policy":{
                     "authentication_algorithm":"sha2-256",
                     "encryption_algorithm":"aes-128-gcm-16",
                     "pfs":"disable",
                     "lifetime_seconds":3600
                 }
             }
         },
         "request_id":"33a2b77a-65f9-4fa0-90bd-4bd42038eb41"
     }

  3. Response returned when a VPN gateway being created fails to be updated

     {
         "error_code":"VPN.0003",
         "error_msg":"resource (type=GATEWAY, ID=ff9bdca6-****-****-****-e4bcc1ea52bc) is not ready, currently CREATING",
         "request_id": "abafe41c-7744-41af-bf3d-4452872af799"
     }

Status Codes

For details, see Status Codes.