Help Center/ Virtual Private Network/ API Reference/ Application Examples/ Example 5: Creating a Server
Updated on 2024-12-03 GMT+08:00
Online Debugging
CLI Examples
View PDF
Share

Example 5: Creating a Server

Scenario

This section describes how to create a VPN server by calling an API.

Prerequisites

  • You have created a yearly/monthly P2C VPN gateway.
  • You have purchased or uploaded a server certificate in the CCM. For details, see Purchasing an SSL Certificate or Uploading an External Certificate.
  • You have determined the endpoint for calling APIs.
  • You have obtained a user token if you need to use token authentication. In addition, you need to add X-Auth-Token to the request header when calling an API. For details about token authentication, see Authentication.

The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling.

Data Preparation

A VPN server supports two authentication modes: certificate authentication and password authentication.

Table 1 Key parameters in a request for creating a VPN server in certificate authentication mode

Parameter

Description

Example Value

p2c_vgw_id

Specifies the ID of the P2C VPN gateway that has been created.

595210dc-7998-4ba3-aeb9-516fbcf7853c

client_cidr

Specifies a client CIDR block.

100.10.1.0/24

local_subnets

Specifies the list of local CIDR blocks.

192.168.0.0/24,192.168.1.0/24

server_certificate.id

Specifies a server certificate ID, which can be obtained from the CCM.

scs1717051012106

client_ca_certificate.content

Specifies the content of client CA certificates.

-----BEGIN CERTIFICATE-----******-----END CERTIFICATE-----
Table 2 Key parameters in a request for creating a VPN server in password authentication mode

Parameter

Description

Example Value

p2c_vgw_id

Specifies the ID of the P2C VPN gateway that has been created.

dea8c4fb-be5c-4d50-be9a-f9a5f3a9afc6

client_cidr

Specifies a client CIDR block.

100.10.2.0/24

local_subnets

Specifies the list of local CIDR blocks.

192.168.0.0/24,192.168.1.0/24

server_certificate.id

Specifies a server certificate ID, which can be obtained from the CCM.

scs1717051012106

Procedure

  1. Create a VPN server.
    1. Send POST https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers. {p2c_vgw_id} specifies the ID of the created P2C VPN gateway.
    2. Add X-Auth-Token to the request header.
    3. Set parameters in the request body.

      In certificate authentication mode, the input parameters are as follows:

      {
  "vpn_server": {
    "tunnel_protocol": "SSL",
    "client_cidr": "100.10.1.0/24",
    "local_subnets": [
      "192.168.0.0/24",
      "192.168.1.0/24"
    ],
    "client_auth_type": "CERT",
    "server_certificate": {
      "id": "scs1717051012106"
    },
    "client_ca_certificates": [
      {
        "content" : "-----BEGIN CERTIFICATE-----******-----END CERTIFICATE-----"
      }
    ],
    "ssl_options": {
      "protocol": "TCP",
      "port": 443,
      "encryption_algorithm": "AES-128-GCM",
      "is_compressed": false
    }
  }
}

      In password authentication mode, the input parameters are as follows:

      {
  "vpn_server": {
    "tunnel_protocol": "SSL",
    "client_cidr": "100.10.2.0/24",
    "local_subnets": [
      "192.168.0.0/24",
      "192.168.1.0/24"
    ],
    "client_auth_type": "LOCAL_PASSWORD",
    "server_certificate": {
      "id": "scs1717051012106"
    },
    "ssl_options": {
      "protocol": "TCP",
      "port": 443,
      "encryption_algorithm": "AES-128-GCM",
      "is_compressed": false
    }
  }
}
    4. Check the response.

      The request is successful if the following response is displayed. In the response, id specifies the ID of the created VPN server.

      {
    "vpn_server": {
        "id": "0e325fb6-83b9-4004-a343-8b6fc714a5d9"
    },
    "request_id": "bf23a5884def9be4576cff33e4dd78d5"
}
  2. Query VPN server information.
    1. Send GET https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers. {p2c_vgw_id} specifies the ID of the created P2C VPN gateway.
    2. Add X-Auth-Token to the request header.
    3. Check the response.

      If the status value of the server is PENDING_CREATE, the server is being created. If the status value of the server is ACTIVE, the server has been created.

      The response in certificate authentication mode is as follows:

      {
    "vpn_servers": [
        {
            "id": "b26c9c74-5bb9-4df8-8b98-ecf2051e3482",
            "p2c_vgw_id": "595210dc-7998-4ba3-aeb9-516fbcf7853c",
            "client_cidr": "100.10.1.0/24",
            "local_subnets": [
                "192.168.0.0/24",
                "192.168.1.0/24"
            ],
            "client_auth_type": "CERT",
            "tunnel_protocol": "SSL",
            "server_certificate": {
                "id": "scs1717051012106",
                "name": "test-05304",
                "issuer": "C=CN,ST=beijing,L=haidian,O=lesaas,OU=root,CN=www.root.huawei.com",
                "subject": "C=CN,ST=beijing,L=haidian,O=server,OU=server,CN=www.server.huawei.com",
                "serial_number": "350612543125953290200975245211283057292471206725",
                "expiration_time": "2024-06-29T06:39:46Z",
                "signature_algorithm": "SHA256WITHRSA"
            },
            "client_ca_certificates": [
                {
                    "id": "7e971612-f720-4d31-88b5-fc6280b88e36",
                    "name": "ca-cert-123e",
                    "issuer": "C=CN,ST=JS,L=NJ,O=NYS,OU=N10,CN=test.huawei.com",
                    "subject": "C=CN,ST=JS,L=NJ,O=NYS,OU=N10,CN=testCA.huawei.com",
                    "serial_number": "1591942200161",
                    "expiration_time": "2033-11-06T11:39:14Z",
                    "signature_algorithm": "SHA256WITHRSA",
                    "created_at": "2024-06-18T12:19:17.978Z",
                    "updated_at": "2024-06-18T12:19:17.978Z"
                }
            ],
            "ssl_options": {
                "protocol": "TCP",
                "port": 443,
                "encryption_algorithm": "AES-128-GCM",
                "authentication_algorithm": "SHA256",
                "is_compressed": false
            },
            "status": "ACTIVE",
            "created_at": "2024-06-18T12:19:17.978Z",
            "updated_at": "2024-06-18T12:19:17.978Z"
        }
    ],
    "request_id": "68188a14243b1b54d0b45a82d9123b98"
}

      The response in password authentication mode is as follows:

      {
    "vpn_servers": [
        {
            "id": "0e325fb6-83b9-4004-a343-8b6fc714a5d9",
            "p2c_vgw_id": "dea8c4fb-be5c-4d50-be9a-f9a5f3a9afc6",
            "client_cidr": "100.10.2.0/24",
            "local_subnets": [
                "192.168.0.0/24",
                "192.168.1.0/24"
            ],
            "client_auth_type": "LOCAL_PASSWORD",
            "tunnel_protocol": "SSL",
            "server_certificate": {
                "id": "scs1717051012106",
                "name": "test-05304",
                "issuer": "C=CN,ST=beijing,L=haidian,O=lesaas,OU=root,CN=www.root.huawei.com",
                "subject": "C=CN,ST=beijing,L=haidian,O=server,OU=server,CN=www.server.huawei.com",
                "serial_number": "350612543125953290200975245211283057292471206725",
                "expiration_time": "2024-06-29T06:39:46Z",
                "signature_algorithm": "SHA256WITHRSA"
            },
            "client_ca_certificates": [],
            "ssl_options": {
                "protocol": "TCP",
                "port": 443,
                "encryption_algorithm": "AES-128-GCM",
                "authentication_algorithm": "SHA256",
                "is_compressed": false
            },
            "status": "ACTIVE",
            "created_at": "2024-06-18T12:21:54.889Z",
            "updated_at": "2024-06-18T12:21:54.889Z"
        }
    ],
    "request_id": "f8e64d41466085f06383dc59ffb28230"
}
Parent topic: Application Examples