Updated on 2024-08-23 GMT+08:00

Creating a VPN Connection

Function

This API is used to create a VPN connection that connects a VPN gateway to a customer gateway.

Calling Method

For details, see Calling APIs.

URI

POST /v5/{project_id}/vpn-connection

Table 1 Parameter description

Parameter

Type

Mandatory

Description

project_id

String

Yes

Specifies a project ID. You can obtain the project ID by referring to Obtaining the Project ID.

Request

  • Request parameters
    Table 2 Request parameters

    Parameter

    Type

    Mandatory

    Description

    vpn_connection

    CreateVpnConnectionRequestBodyContent object

    Yes

    Specifies the VPN connection object.

    Table 3 CreateVpnConnectionRequestBodyContent

    Parameter

    Type

    Mandatory

    Description

    name

    String

    No

    • Specifies the name of a VPN connection. If this parameter is not specified, a name in the format of vpn-**** is automatically generated, for example, vpn-13be.
    • The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.).

    vgw_id

    String

    Yes

    • Specifies a VPN gateway ID.
    • The value is a UUID containing 36 characters. When flavor is set to GM for the VPN gateway, ensure that certificates have been imported for the VPN gateway.

    You can obtain the VPN gateway ID by querying the VPN gateway list.

    vgw_ip

    String

    Yes

    • Function description:
      • When network_type of the VPN gateway is set to public, set vgw_ip to the EIP IDs of the VPN gateway.
      • When network_type of the VPN gateway is set to private, set vgw_ip to the private IP addresses of the VPN gateway.
    • The value is a UUID containing 36 characters or an IPv4 address in dotted decimal notation (for example, 192.168.45.7).

    You can obtain the EIP IDs or private IP addresses of the VPN gateway by querying information about the VPN gateway.

    style

    String

    No

    • Specifies the connection mode.
    • Value range:

      policy: policy-based mode

      static: static routing mode

      bgp: BGP routing mode

      policy-template: policy template mode

    • The default value is static.

    cgw_id

    String

    Yes

    • Specifies a customer gateway ID.
    • The value is a UUID containing 36 characters. When flavor is set to GM for the VPN gateway, ensure that a certificate has been imported for the customer gateway.

    peer_subnets

    Array of String

    No

    • Specifies a customer subnet.
    • Constraints:
      • This parameter is not required when the association mode of the VPN gateway is set to er and style is set to policy or bgp. This parameter is mandatory in other scenarios.
      • Reserved VPC CIDR blocks such as 100.64.0.0/10 and 214.0.0.0/8 cannot be used as customer subnets.
      • A maximum of 50 customer subnets can be configured for each VPN connection.

    tunnel_local_address

    String

    No

    • Specifies the tunnel interface address configured on the VPN gateway in route-based mode, for example, 169.254.76.1/30.
    • Constraints:
      • The first 16 bits must be 169.254, and the value cannot be 169.254.195.xxx.
      • The mask length must be 30, and the address must be in the same CIDR block as the value of tunnel_peer_address.
      • The address needs to be a host address in a CIDR block.

    tunnel_peer_address

    String

    No

    • Specifies the tunnel interface address configured on the customer gateway device in route-based mode, for example, 169.254.76.2/30.
    • Constraints:
      • The first 16 bits must be 169.254, and the value cannot be 169.254.195.xxx.
      • The mask length must be 30, and the address must be in the same CIDR block as the value of tunnel_local_address.
      • The address needs to be a host address in a CIDR block.

    enable_nqa

    Boolean

    No

    • Specifies whether to enable the network quality analysis (NQA) function.
    • The value can be true or false.
    • The default value is false.
    • Set this parameter only when style is set to static.

    psk

    String

    No

    • Specifies a pre-shared key.

      This parameter is mandatory when flavor is not set to GM for the VPN gateway.

    • The value is a string of 8 to 128 characters, which must contain at least three types of the following: uppercase letters, lowercase letters, digits, and special characters (~!@#$%^()-_+={ },./:;).

    policy_rules

    Array of PolicyRule objects

    No

    • Specifies policy rules.
    • A maximum of five policy rules can be specified. Set this parameter only when style is set to policy.

    ikepolicy

    IkePolicy object

    No

    Specifies the Internet Key Exchange (IKE) policy object.

    ipsecpolicy

    IpsecPolicy object

    No

    Specifies the Internet Protocol Security (IPsec) policy object.

    ha_role

    String

    No

    • This parameter is optional when you create a connection for a VPN gateway in active-active mode. When you create a connection for a VPN gateway in active-standby mode, master indicates the active connection, and slave indicates the standby connection.
    • The default value is master.
    • Constraints: In active-active mode, this field must be set to master for the connection established using the active EIP or active private IP address of the VPN gateway, and must be set to slave for the connection established using active EIP 2 or active private IP address 2 of the VPN gateway.

    tags

    Array of VpnResourceTag object

    No

    • Specifies a tag list.
    • A maximum of 20 tags can be specified.
    Table 4 PolicyRule

    Parameter

    Type

    Mandatory

    Description

    rule_index

    Integer

    No

    • Specifies a rule ID, which is used to identify the sequence in which the rule is configured. You are advised not to set this parameter.
    • The value ranges from 0 to 50.
    • The value of rule_index in each policy rule must be unique. The value of rule_index in ResponseVpnConnection may be different from the value of this parameter. This is because if multiple destination CIDR blocks are specified, the VPN service generates a rule for each destination CIDR block.

    source

    String

    No

    • Specifies a source CIDR block.
    • The value of source in each policy rule must be unique.

    destination

    Array of String

    No

    • Specifies a destination CIDR block.

      For example, a destination CIDR block can be 192.168.52.0/24.

    • A maximum of 50 destination CIDR blocks can be configured in each policy rule.
    Table 5 IkePolicy

    Parameter

    Type

    Mandatory

    Description

    ike_version

    String

    No

    • Specifies the IKE version.
    • Value range:

      When flavor is set to GM for the VPN gateway, the value can only be v1.

      In other scenarios, the value can be v1 or v2.

    • Default value:

      When flavor is set to GM for the VPN gateway, the default value is v1.

      In other scenarios, the default value is v2.

    phase1_negotiation_mode

    String

    No

    • Specifies the negotiation mode.
    • Value range:

      When flavor is set to GM for the VPN gateway, the value can only be main.

      In other scenarios, the value can be main or aggressive.

      main: ensures high security during negotiation.

      aggressive: ensures fast negotiation and a high negotiation success rate.

    • The default value is main.
    • This parameter is mandatory only when the IKE version is v1.

    authentication_algorithm

    String

    No

    • Specifies an authentication algorithm.
    • Value range:

      When flavor is set to GM for the VPN gateway, the value can only be sm3.

      In other scenarios, the value can be sha2-512, sha2-384, sha2-256, sha1, or md5.

      Exercise caution when using sha1 and md5 as they have low security.

    • Default value:

      When flavor is set to GM for the VPN gateway, the default value is sm3.

      In other scenarios, the default value is sha2-256.

    encryption_algorithm

    String

    No

    • Specifies an encryption algorithm.
    • Value range:

      When flavor is set to GM for the VPN gateway, the value can only be sm4.

      In other scenarios, the value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, aes-128, or 3des.

      Exercise caution when using 3des as it has low security.

    • Default value:

      When flavor is set to GM for the VPN gateway, the default value is sm4.

      In other scenarios, the default value is aes-128.

    dh_group

    String

    No

    • Specifies the DH group used for key exchange in phase 1.

      You do not need to set this parameter when flavor is set to GM for the VPN gateway.

    • The value can be group1, group2, group5, group14, group15, group16, group19, group20, or group21.

      Exercise caution when using group1, group2, group5, or group14 as they have low security.

    • The default value is group15.

    authentication_method

    String

    No

    • Specifies the authentication method used during IKE negotiation.
    • Value range:

      pre-share: pre-shared key

      digital-envelope-v2: SM digital envelope

    • Default value: pre-share

    lifetime_seconds

    Integer

    No

    • Specifies the security association (SA) lifetime. When the lifetime expires, an IKE SA is automatically updated.
    • The value ranges from 60 to 604800, in seconds.
    • The default value is 86400.

    local_id_type

    String

    No

    • Specifies the local ID type.

      You do not need to set this parameter when flavor is set to GM for the VPN gateway.

    • Value range:
      • ip
      • fqdn
    • The default value is ip.

    local_id

    String

    No

    • Specifies the local ID.

      You do not need to set this parameter when flavor is set to GM for the VPN gateway.

    • The value can contain a maximum of 255 case-sensitive characters, including letters, digits, and special characters (excluding & < > [ ] \). Spaces are not supported. Set this parameter when local_id_type is set to fqdn. The value must be the same as that of peer_id on the peer device.

    peer_id_type

    String

    No

    • Specifies the peer ID type.

      You do not need to set this parameter when flavor is set to GM for the VPN gateway.

    • Value range:
      • ip
      • fqdn
    • The default value is ip.

    peer_id

    String

    No

    • Specifies the peer ID.

      You do not need to set this parameter when flavor is set to GM for the VPN gateway.

    • The value can contain a maximum of 255 case-sensitive characters, including letters, digits, and special characters (excluding & < > [ ] \). Spaces are not supported. Set this parameter when peer_id_type is set to fqdn. The value must be the same as that of local_id on the peer device.

    dpd

    Dpd object

    No

    Specifies the dead peer detection (DPD) object.

    Table 6 Dpd

    Parameter

    Type

    Mandatory

    Description

    timeout

    Integer

    No

    • Specifies the interval for retransmitting DPD packets.
    • The value ranges from 2 to 60, in seconds.
    • The default value is 15.

    interval

    Integer

    No

    • Specifies the DPD idle timeout period.
    • The value ranges from 10 to 3600, in seconds.
    • The default value is 30.

    msg

    String

    No

    • Specifies the format of DPD packets.
    • Value range:

      seq-hash-notify: indicates that the payload of DPD packets is in the sequence of hash-notify.

      seq-notify-hash: indicates that the payload of DPD packets is in the sequence of notify-hash.

    • The default value is seq-hash-notify.
    Table 7 IpsecPolicy

    Parameter

    Type

    Mandatory

    Description

    authentication_algorithm

    String

    No

    • Specifies an authentication algorithm.
    • Value range:

      When flavor is set to GM for the VPN gateway, the value can only be sm3.

      In other scenarios, the value can be sha2-512, sha2-384, sha2-256, sha1, or md5.

      Exercise caution when using sha1 and md5 as they have low security.

    • Default value:

      When flavor is set to GM for the VPN gateway, the default value is sm3.

      In other scenarios, the default value is sha2-256.

    encryption_algorithm

    String

    No

    • Specifies an encryption algorithm.
    • Value range:

      When flavor is set to GM for the VPN gateway, the value can only be sm4.

      In other scenarios, the value can be aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, aes-128, or 3des.

      Exercise caution when using 3des as it has low security.

    • Default value:

      When flavor is set to GM for the VPN gateway, the default value is sm4.

      In other scenarios, the default value is aes-128.

    pfs

    String

    No

    • Specifies the DH key group used by Perfect Forward Secrecy (PFS).

      You do not need to set this parameter when flavor is set to GM for the VPN gateway.

    • The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable.

      Exercise caution when using group1, group2, group5, or group14 as they have low security.

    • The default value is group15.

    transform_protocol

    String

    No

    • Specifies the transfer protocol.
    • Value range:

      esp: encapsulating security payload protocol

    • The default value is esp.

    lifetime_seconds

    Integer

    No

    • Specifies the lifetime of a tunnel established over an IPsec connection.
    • The value ranges from 30 to 604800, in seconds.
    • The default value is 3600.

    encapsulation_mode

    String

    No

    • Specifies the packet encapsulation mode.
    • Value range:

      tunnel: encapsulates packets in tunnel mode.

    • The default value is tunnel.
    Table 8 VpnResourceTag

    Parameter

    Type

    Mandatory

    Description

    key

    String

    Yes

    • Specifies a tag key.
    • The value is a string of 1 to 128 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).

    value

    String

    Yes

    • Specifies a tag value.
    • The value is a string of 0 to 255 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).
  • Example requests
    1. Create a VPN connection in static routing mode.
      POST https://{Endpoint}/v5/{project_id}/vpn-connection
      
      {
          "vpn_connection": {
              "vgw_id": "b32d91a4-demo-a8df-va86-e907174eb11d",
              "vgw_ip": "0c464dad-demo-a8df-va86-c22bb0eb0bde",
              "cgw_id": "5247ae10-demo-a8df-va86-dd36659a7f5d",
              "peer_subnets": [
                  "192.168.44.0/24"
              ],
              "psk": "abcd****"
          }
      }
    2. Create a VPN connection in policy-based mode.
      POST https://{Endpoint}/v5/{project_id}/vpn-connection
      
      {
          "vpn_connection": {
              "vgw_id": "b32d91a4-demo-a8df-va86-e907174eb11d",
              "vgw_ip": "0c464dad-demo-a8df-va86-c22bb0eb0bde",
              "style": "policy",
              "cgw_id": "5247ae10-demo-a8df-va86-dd36659a7f5d",
              "peer_subnets": [
                  "192.168.44.0/24"
              ],
              "psk": "abcd****",
              "policy_rules": [{
                  "rule_index": 1,
                  "source": "10.0.0.0/24",
                  "destination": [
                      "192.168.0.0/24"
                  ]
              }]
          }
      }
    3. Create a VPN connection in BGP routing mode.
      POST https://{Endpoint}/v5/{project_id}/vpn-connection
      
      {
          "vpn_connection": {
              "name": "vpn-1655",
              "vgw_id": "b32d91a4-demo-a8df-va86-e907174eb11d",
              "vgw_ip": "0c464dad-demo-a8df-va86-c22bb0eb0bde",
              "style": "bgp",
              "cgw_id": "5247ae10-demo-a8df-va86-dd36659a7f5d",
              "peer_subnets": [
                  "192.168.44.0/24"
              ],
              "tunnel_local_address": "169.254.56.225/30",
              "tunnel_peer_address": "169.254.56.226/30",
              "psk": "abcd****",
              "ikepolicy": {
                  "ike_version": "v2",
                  "authentication_algorithm": "sha2-512",
                  "encryption_algorithm": "aes-256",
                  "dh_group": "group16",
                  "lifetime_seconds": 172800,
                  "local_id_type": "fqdn",
                  "local_id": "123***",
                  "peer_id_type": "fqdn",
                  "peer_id": "456***",
                  "dpd": {
                      "timeout": 30,
                      "interval": 60,
                      "msg": "seq-notify-hash"
                  }
              },
              "ipsecpolicy": {
                  "authentication_algorithm": "sha2-512",
                  "encryption_algorithm": "aes-256",
                  "pfs": "group16",
                  "transform_protocol": "esp",
                  "lifetime_seconds": 7200,
                  "encapsulation_mode": "tunnel"
              }
          }
      }

Response

  • Response parameters

    Returned status code 201: successful operation

    Table 9 Parameters in the response body

    Parameter

    Type

    Description

    vpn_connection

    ResponseVpnConnection object

    Specifies the VPN connection object.

    request_id

    String

    Specifies a request ID.

    Table 10 ResponseVpnConnection

    Parameter

    Type

    Description

    id

    String

    • Specifies a VPN connection ID.
    • The value is a UUID containing 36 characters.

    name

    String

    • Specifies a VPN connection name. If no VPN connection name is specified, the system automatically generates one.
    • The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), and hyphens (-).

    vgw_id

    String

    • Specifies a VPN gateway ID.
    • The value is a UUID containing 36 characters.

    vgw_ip

    String

    • Specifies an EIP ID or private IP address of the VPN gateway.
    • The value is a UUID containing 36 characters or an IPv4 address in dotted decimal notation (for example, 192.168.45.7).

    style

    String

    • Specifies the connection mode.
    • Value range:

      POLICY: policy-based mode

      STATIC: static routing mode

      BGP: BGP routing mode

    cgw_id

    String

    • Specifies a customer gateway ID.
    • The value is a UUID containing 36 characters.

    peer_subnets

    Array of String

    Specifies a customer subnet. This parameter is not returned when the association mode of the VPN gateway is ER and style is BGP or POLICY.

    tunnel_local_address

    String

    Specifies the tunnel interface address configured on the VPN gateway in route-based mode. This parameter is valid only when style is STATIC or BGP.

    tunnel_peer_address

    String

    Specifies the tunnel interface address configured on the customer gateway device in route-based mode. This parameter is valid only when style is STATIC or BGP.

    enable_nqa

    Boolean

    • Specifies whether NQA is enabled. This parameter is returned only when style is STATIC.
    • The value can be true or false.

    policy_rules

    Array of PolicyRule objects

    Specifies policy rules, which are returned only when style is set to POLICY.

    ikepolicy

    IkePolicy object

    Specifies the IKE policy object.

    ipsecpolicy

    IpsecPolicy object

    Specifies the IPsec policy object.

    created_at

    String

    • Specifies the time when the VPN connection is created.
    • The UTC time format is yyyy-MM-ddTHH:mm:ss.SSSZ.

    updated_at

    String

    • Specifies the last update time.
    • The UTC time format is yyyy-MM-ddTHH:mm:ss.SSSZ.

    enterprise_project_id

    String

    • Specifies an enterprise project ID.
    • The value is a UUID containing 36 characters. The value must be the same as the enterprise project ID of the VPN gateway specified by vgw_id.

    ha_role

    String

    • For a VPN gateway in active-standby mode, master indicates the active connection, and slave indicates the standby connection. For a VPN gateway in active-active mode, the value of ha_role can only be master.
    • The default value is master.

    tags

    Array of VpnResourceTag objects

    Specifies a tag list.

    Table 11 PolicyRule

    Parameter

    Type

    Description

    rule_index

    Integer

    • Specifies a rule ID.
    • The value ranges from 0 to 50.

    source

    String

    Specifies a source CIDR block.

    destination

    Array of String

    Specifies a destination CIDR block. For example, a destination CIDR block can be 192.168.52.0/24. A maximum of 50 destination CIDR blocks can be returned for each policy rule.

    Table 12 IkePolicy

    Parameter

    Type

    Description

    ike_version

    String

    • Specifies the IKE version.
    • The value can be v1 or v2.

    phase1_negotiation_mode

    String

    • Specifies the negotiation mode. This parameter is available only when the IKE version is v1.
    • Value range:

      main: ensures high security during negotiation.

      aggressive: ensures fast negotiation and a high negotiation success rate.

    authentication_algorithm

    String

    • Specifies an authentication algorithm.
    • The value can be sm3, sha2-512, sha2-384, sha2-256, sha1, or md5.

    encryption_algorithm

    String

    • Specifies an encryption algorithm.
    • The value can be sm4, aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, aes-128, or 3des.

    dh_group

    String

    • Specifies the DH group used for key exchange in phase 1. This parameter is not available when flavor is set to GM for the VPN gateway.
    • The value can be group1, group2, group5, group14, group15, group16, group19, group20, or group21.

    authentication_method

    String

    • Specifies the authentication method used during IKE negotiation.
    • Value range:

      pre-share: pre-shared key

      digital-envelope-v2: SM digital envelope

    lifetime_seconds

    Integer

    • Specifies the SA lifetime. When the lifetime expires, an IKE SA is automatically updated.
    • The value ranges from 60 to 604800, in seconds.

    local_id_type

    String

    • Specifies the local ID type. This parameter is not available when flavor is set to GM for the VPN gateway.
    • Value range:
      • ip
      • fqdn

    local_id

    String

    Specifies the local ID. When local_id_type is set to ip, the VPN gateway IP address corresponding to the VPN connection is returned. When local_id_type is set to fqdn, the local ID specified during VPN connection creation or update is returned.

    This parameter is not available when flavor is set to GM for the VPN gateway.

    peer_id_type

    String

    • Specifies the peer ID type. This parameter is not available when flavor is set to GM for the VPN gateway.
    • Value range:
      • ip
      • fqdn

    peer_id

    String

    Specifies the peer ID. When peer_id_type is set to ip, the IP address of the customer gateway is returned. When peer_id_type is set to fqdn, the peer ID specified during VPN connection creation or update is returned.

    This parameter is not available when flavor is set to GM for the VPN gateway.

    dpd

    Dpd object

    Specifies the DPD object.

    Table 13 Dpd

    Parameter

    Type

    Description

    timeout

    Integer

    • Specifies the interval for retransmitting DPD packets.
    • The value ranges from 2 to 60, in seconds.

    interval

    Integer

    • Specifies the DPD idle timeout period.
    • The value ranges from 10 to 3600, in seconds.

    msg

    String

    • Specifies the format of DPD packets.
    • Value range:

      seq-hash-notify: indicates that the payload of DPD packets is in the sequence of hash-notify.

      seq-notify-hash: indicates that the payload of DPD packets is in the sequence of notify-hash.

    Table 14 IpsecPolicy

    Parameter

    Type

    Description

    authentication_algorithm

    String

    • Specifies an authentication algorithm.
    • The value can be sm3, sha2-512, sha2-384, sha2-256, sha1, or md5.

    encryption_algorithm

    String

    • Specifies an encryption algorithm.
    • The value can be sm4, aes-256-gcm-16, aes-128-gcm-16, aes-256, aes-192, aes-128, or 3des.

    pfs

    String

    • Specifies the DH key group used by PFS. This parameter is not available when flavor is set to GM for the VPN gateway.
    • The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable.

    transform_protocol

    String

    • Specifies the transfer protocol.
    • Value range:

      esp: encapsulating security payload protocol

    lifetime_seconds

    Integer

    • Specifies the lifetime of a tunnel established over an IPsec connection.
    • The value ranges from 30 to 604800, in seconds.

    encapsulation_mode

    String

    • Specifies the packet encapsulation mode.
    • Value range:

      tunnel: encapsulates packets in tunnel mode.

    Table 15 VpnResourceTag

    Parameter

    Type

    Description

    key

    String

    • Specifies a tag key.
    • The value is a string of 1 to 128 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).

    value

    String

    • Specifies a tag value.
    • The value is a string of 0 to 255 characters that can contain digits, letters, Spanish characters, Portuguese characters, spaces, and special characters (_ . : = + - @).
  • Example responses
    1. Response to the request for creating a VPN connection in static routing mode
      {
          "vpn_connection": {
              "id": "98c5af8a-6ee2-4482-99a2-ae2280a6f4c3",
              "name": "vpn-b2cb",
              "vgw_id": "b32d91a4-demo-a8df-va86-e907174eb11d",
              "vgw_ip": "0c464dad-demo-a8df-va86-c22bb0eb0bde",
              "style": "STATIC",
              "cgw_id": "5247ae10-demo-a8df-va86-dd36659a7f5d",
              "peer_subnets": ["192.168.44.0/24"],
              "tunnel_local_address": "169.254.56.225/30",
              "tunnel_peer_address": "169.254.56.226/30",
              "enable_nqa": false,
              "ikepolicy": {
                  "ike_version": "v2",
                  "authentication_algorithm": "sha2-256",
                  "encryption_algorithm": "aes-128",
                  "dh_group": "group15",
                  "authentication_method": "pre-share",
                  "lifetime_seconds": 86400,
                  "local_id_type": "ip",
                  "local_id": "10.***.***.134",
                  "peer_id_type": "ip",
                  "peer_id": "88.***.***.164",
                  "dpd": {
                      "timeout": 15,
                      "interval": 30,
                      "msg": "seq-hash-notify"
                  }
              },
              "ipsecpolicy": {
                  "authentication_algorithm": "sha2-256",
                  "encryption_algorithm": "aes-128",
                  "pfs": "group15",
                  "transform_protocol": "esp",
                  "lifetime_seconds": 3600,
                  "encapsulation_mode": "tunnel"
              },
              "created_at": "2022-11-26T13:41:34.626Z",
              "updated_at": "2022-11-26T13:41:34.626Z",
              "enterprise_project_id": "0",
              "ha_role":"master"
          },
          "request_id": "f91082d4-6d49-479c-ad1d-4e552a9f5cae"
      }
    2. Response to the request for creating a connection in policy-based mode
      {
          "vpn_connection": {
              "id": "98c5af8a-demo-a8df-va86-ae2280a6f4c3",
              "name": "vpn-799d",
              "vgw_id": "b32d91a4-demo-a8df-va86-e907174eb11d",
              "vgw_ip": "0c464dad-demo-a8df-va86-c22bb0eb0bde",
              "style": "POLICY",
              "cgw_id": "5247ae10-demo-a8df-va86-dd36659a7f5d",
              "peer_subnets": ["192.168.44.0/24"],
              "tunnel_local_address": "169.254.56.225/30",
              "tunnel_peer_address": "169.254.56.226/30",
              "policy_rules": [{
                  "rule_index": 1,
                  "source": "10.0.0.0/24",
                  "destination": [
                      "192.168.44.0/24"
                  ]
              }],
              "ikepolicy": {
                  "ike_version": "v2",
                  "authentication_algorithm": "sha2-256",
                  "encryption_algorithm": "aes-128",
                  "dh_group": "group15",
                  "authentication_method": "pre-share",
                  "lifetime_seconds": 86400,
                  "local_id_type": "ip",
                  "local_id": "10.***.***.134",
                  "peer_id_type": "ip",
                  "peer_id": "88.***.***.164",
                  "dpd": {
                      "timeout": 15,
                      "interval": 30,
                      "msg": "seq-hash-notify"
                  }
              },
              "ipsecpolicy": {
                  "authentication_algorithm": "sha2-256",
                  "encryption_algorithm": "aes-128",
                  "pfs": "group15",
                  "transform_protocol": "esp",
                  "lifetime_seconds": 3600,
                  "encapsulation_mode": "tunnel"
              },
              "created_at": "2022-11-26T13:41:34.626Z",
              "updated_at": "2022-11-26T13:41:34.626Z",
              "enterprise_project_id": "0",
              "ha_role":"master"
          },
          "request_id": "f91082d4-6d49-479c-ad1d-4e552a9f5cae"
      }
    3. Response to the request for creating a VPN connection in BGP routing mode
      {
          "vpn_connection": {
              "id": "98c5af8a-demo-a8df-va86-ae2280a6f4c3",
              "name": "vpn-1655",
              "vgw_id": "b32d91a4-demo-a8df-va86-e907174eb11d",
              "vgw_ip": "0c464dad-demo-a8df-va86-c22bb0eb0bde",
              "style": "BGP",
              "cgw_id": "5247ae10-demo-a8df-va86-dd36659a7f5d",
              "peer_subnets": ["192.168.44.0/24"],
              "tunnel_local_address": "169.254.56.225/30",
              "tunnel_peer_address": "169.254.56.226/30",
              "ikepolicy": {
                  "ike_version": "v2",
                  "authentication_algorithm": "sha2-512",
                  "encryption_algorithm": "aes-256",
                  "dh_group": "group16",
                  "authentication_method": "pre-share",
                  "lifetime_seconds": 172800,
                  "local_id_type": "fqdn",
                  "local_id": "123***",
                  "peer_id_type": "fqdn",
                  "peer_id": "456***",
                  "dpd": {
                      "timeout": 30,
                      "interval": 60,
                      "msg": "seq-notify-hash"
                  }
              },
              "ipsecpolicy": {
                  "authentication_algorithm": "sha2-512",
                  "encryption_algorithm": "aes-256",
                  "pfs": "group16",
                  "transform_protocol": "esp",
                  "lifetime_seconds": 7200,
                  "encapsulation_mode": "tunnel"
              },
              "created_at": "2022-11-26T13:41:34.626Z",
              "updated_at": "2022-11-26T13:41:34.626Z",
              "enterprise_project_id": "0",
              "ha_role":"master"
          },
          "request_id": "f91082d4-6d49-479c-ad1d-4e552a9f5cae"
      }

Status Codes

For details, see Status Codes.