Creating a VPN Server

Function

This API is used to create a VPN server.

Calling Method

For details, see Calling APIs.

URI

Request

• Request parameters

  Table 3 Request parameters

  Parameter	Type	Mandatory	Description
  vpn_server	CreateServerRequest object	Yes	Specifies the to-be-created server object.

  Table 4 CreateServerRequest

  Parameter	Type	Mandatory	Description
  tunnel_protocol	String	No	Specifies a tunnel protocol. Value range: SSL The default value is SSL.
  client_cidr	String	Yes	Specifies a client CIDR block. A virtual IP address on this CIDR block will be assigned to a client for establishing a connection. The value is in the format of dotted decimal notation/mask, for example, 192.168.1.0/24. Constraints: The client CIDR block cannot conflict with the routes in the default route table of the VPC to which the gateway belongs. The client CIDR block cannot conflict with any local CIDR block of the server. The number of available IP addresses in the client CIDR block must be greater than four times the maximum number of gateway connections. The client CIDR block cannot be 0.0.0.0/8, 127.0.0.0/8, 224.0.0.0/4, 240.0.0.0/4, or 169.254.0.0/16.
  local_subnets	Array of strings	Yes	Specifies the list of local CIDR blocks. A local CIDR block is a destination CIDR block on the cloud to be accessed by client CIDR blocks through a VPN. The value is in the format of dotted decimal notation/mask, for example, 10.10.1.0/24. Constraints: There must be at least one local CIDR block. By default, a maximum of 20 local CIDR blocks are supported. The local CIDR block cannot be 0.0.0.0/8, 127.0.0.0/8, 224.0.0.0/4, or 240.0.0.0/4.
  client_auth_type	String	No	Specifies the client authentication mode. Value range: CERT: certificate authentication LOCAL_PASSWORD: password authentication (local) The default value is LOCAL_PASSWORD.
  server_certificate	server_certificate object	No	Specifies a server certificate. This parameter is mandatory when SSL is used as the tunnel protocol. It is recommended to use a certificate with a strong cryptographic algorithm, such as RSA-3072 or RSA-4096.
  client_ca_certificates	Array of client_ca_certificate objects	No	Specifies the list of client CA certificates, which are used to authenticate client certificates. Constraints: This parameter is mandatory when SSL is used as the tunnel protocol and the client authentication mode is certificate authentication. When the client authentication mode is certificate authentication, you must upload at least one client CA certificate. A maximum of 10 client CA certificates can be uploaded.
  ssl_options	ssl_options object	No	Specifies SSL options. This parameter is mandatory when SSL is used as the tunnel protocol.

  Table 5 server_certificate

  Parameter	Type	Mandatory	Description
  id	String	Yes	Specifies a certificate ID, which is the ID of a certificated uploaded in the Cloud Certificate Manager (CCM).

  Table 6 client_ca_certificate

  Parameter	Type	Mandatory	Description
  name	String	No	Specifies a certificate name. If this parameter is left blank, the system automatically generates a certificate name. The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), and hyphens (-).
  content	String	Yes	Specifies the certificate content. It is recommended to use a certificate with a strong cryptographic algorithm, such as RSA-3072 or RSA-4096. Format: -----BEGIN CERTIFICATE----- ************************************* ************************************* -----END CERTIFICATE-----

  Table 7 ssl_options

  Parameter	Type	Mandatory	Description
  protocol	String	No	Specifies a protocol. Value range: TCP The default value is TCP.
  port	Integer	No	Specifies a port number. Value range: 443 1194 The default value is 443.
  encryption_algorithm	String	No	Specifies an encryption algorithm. Value range: AES-128-GCM AES-256-GCM The default value is AES-128-GCM.
  is_compressed	Boolean	No	Specifies whether to compress data. Value range: true false The default value is false.

• Example requests
  1. Create a VPN server in certificate authentication mode.

  POST https://{Endpoint}/v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers
  
  {
    "vpn_server": {
      "tunnel_protocol": "SSL",
      "client_cidr": "172.16.0.1/24",
      "local_subnets": [
        "10.16.0.0/24",
        "10.16.1.0/24"
      ],
      "client_auth_type": "CERT",
      "server_certificate": {
        "id": "scs*********3922"
      },
      "client_ca_certificates": [
        {
          "name": "client_ca_8sux3d",
          "content": "-----BEGIN CERTIFICATE-----*******-----END CERTIFICATE-----"
        }
      ],
      "ssl_options": {
        "protocol": "TCP",
        "port": 443,
        "encryption_algorithm": "AES-128-GCM",
        "is_compressed": false
      }
    }
  }

  2. Create a VPN server in password authentication mode.

  {
    "vpn_server": {
      "tunnel_protocol": "SSL",
      "client_cidr": "172.16.0.1/24",
      "local_subnets": [
        "10.16.0.0/24",
        "10.16.1.0/24"
      ],
      "client_auth_type": "LOCAL_PASSWORD",
      "server_certificate": {
        "id": "scs1716171403922"
      },
      "ssl_options": {
        "protocol": "TCP",
        "port": 443,
        "encryption_algorithm": "AES-128-GCM",
        "is_compressed": false
      }
    }
  }

Response

• Response parameters

  Returned status code 201: successful operation

  Table 8 Parameters in the response body

  Parameter	Type	Description
  vpn_server	vpn_server object	Specifies the VPN server object.
  request_id	String	Specifies a request ID.

  Table 9 vpn_server

  Parameter	Type	Description
  id	String	Specifies the ID of a VPN server. The value is a UUID containing 36 characters.

• Example response

  {
    "vpn_server": {
      "id": "2407a20d-0bf7-4530-ba9a-7ffa0cedfa3b"
    },
    "request_id": "b19ba5a0be8f7b7f664b14596f8f35db"
  }

Status Codes

For details, see Status Codes.