Updated on 2024-12-03 GMT+08:00

Creating a VPN Server

Function

This API is used to create a VPN server.

Calling Method

For details, see Calling APIs.

URI

POST /v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers
Table 1 Parameter description

Parameter

Type

Mandatory

Description

project_id

String

Yes

Specifies a project ID. You can obtain the project ID by referring to Obtaining the Project ID.

p2c_vgw_id

String

Yes

Specifies the ID of a P2C VPN gateway instance.

Table 2 Parameters in the request header

Parameter

Type

Mandatory

Description

X-Client-Token

String

No

  • Specifies the ID of an idempotent request.
  • The value is a UUID containing 36 characters.

Request

  • Request parameters
    Table 3 Request parameters

    Parameter

    Type

    Mandatory

    Description

    vpn_server

    CreateServerRequest

    object

    Yes

    Specifies the to-be-created server object.

    Table 4 CreateServerRequest

    Parameter

    Type

    Mandatory

    Description

    tunnel_protocol

    String

    No

    • Specifies a tunnel protocol.
    • Value range:

      SSL

    • The default value is SSL.

    client_cidr

    String

    Yes

    • Specifies a client CIDR block. A virtual IP address on this CIDR block will be assigned to a client for establishing a connection.
    • The value is in the format of dotted decimal notation/mask, for example, 192.168.1.0/24.
    • Constraints:
      • The client CIDR block cannot conflict with the routes in the default route table of the VPC to which the gateway belongs.
      • The client CIDR block cannot conflict with any local CIDR block of the server.
      • The number of available IP addresses in the client CIDR block must be greater than four times the maximum number of gateway connections.
      • The client CIDR block cannot be 0.0.0.0/8, 127.0.0.0/8, 224.0.0.0/4, 240.0.0.0/4, or 169.254.0.0/16.

    local_subnets

    Array of strings

    Yes

    • Specifies the list of local CIDR blocks. A local CIDR block is a destination CIDR block on the cloud to be accessed by client CIDR blocks through a VPN.
    • The value is in the format of dotted decimal notation/mask, for example, 10.10.1.0/24.
    • Constraints:
      • There must be at least one local CIDR block. By default, a maximum of 20 local CIDR blocks are supported.
      • The local CIDR block cannot be 0.0.0.0/8, 127.0.0.0/8, 224.0.0.0/4, or 240.0.0.0/4.

    client_auth_type

    String

    No

    • Specifies the client authentication mode.
    • Value range:
      • CERT: certificate authentication
      • LOCAL_PASSWORD: password authentication (local)
    • The default value is LOCAL_PASSWORD.

    server_certificate

    server_certificate

    object

    No

    Specifies a server certificate. This parameter is mandatory when SSL is used as the tunnel protocol. It is recommended to use a certificate with a strong cryptographic algorithm, such as RSA-3072 or RSA-4096.

    client_ca_certificates

    Array of client_ca_certificate

    objects

    No

    • Specifies the list of client CA certificates, which are used to authenticate client certificates.
    • Constraints:
      • This parameter is mandatory when SSL is used as the tunnel protocol and the client authentication mode is certificate authentication.
      • When the client authentication mode is certificate authentication, you must upload at least one client CA certificate. A maximum of 10 client CA certificates can be uploaded.

    ssl_options

    ssl_options object

    No

    Specifies SSL options. This parameter is mandatory when SSL is used as the tunnel protocol.

    Table 5 server_certificate

    Parameter

    Type

    Mandatory

    Description

    id

    String

    Yes

    Specifies a certificate ID, which is the ID of a certificated uploaded in the Cloud Certificate Manager (CCM).

    Table 6 client_ca_certificate

    Parameter

    Type

    Mandatory

    Description

    name

    String

    No

    • Specifies a certificate name. If this parameter is left blank, the system automatically generates a certificate name.
    • The value is a string of 1 to 64 characters, which can contain digits, letters, underscores (_), and hyphens (-).

    content

    String

    Yes

    • Specifies the certificate content. It is recommended to use a certificate with a strong cryptographic algorithm, such as RSA-3072 or RSA-4096.
    • Format:

      -----BEGIN CERTIFICATE-----

      *************************************

      *************************************

      -----END CERTIFICATE-----

    Table 7 ssl_options

    Parameter

    Type

    Mandatory

    Description

    protocol

    String

    No

    • Specifies a protocol.
    • Value range: TCP
    • The default value is TCP.

    port

    Integer

    No

    • Specifies a port number.
    • Value range:
      • 443
      • 1194
    • The default value is 443.

    encryption_algorithm

    String

    No

    • Specifies an encryption algorithm.
    • Value range:
      • AES-128-GCM
      • AES-256-GCM
    • The default value is AES-128-GCM.

    is_compressed

    Boolean

    No

    • Specifies whether to compress data.
    • Value range:
      • true
      • false
    • The default value is false.
  • Example requests
    1. Create a VPN server in certificate authentication mode.
    POST https://{Endpoint}/v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers
    
    {
      "vpn_server": {
        "tunnel_protocol": "SSL",
        "client_cidr": "172.16.0.1/24",
        "local_subnets": [
          "10.16.0.0/24",
          "10.16.1.0/24"
        ],
        "client_auth_type": "CERT",
        "server_certificate": {
          "id": "scs*********3922"
        },
        "client_ca_certificates": [
          {
            "name": "client_ca_8sux3d",
            "content": "-----BEGIN CERTIFICATE-----*******-----END CERTIFICATE-----"
          }
        ],
        "ssl_options": {
          "protocol": "TCP",
          "port": 443,
          "encryption_algorithm": "AES-128-GCM",
          "is_compressed": false
        }
      }
    }

    2. Create a VPN server in password authentication mode.

    {
      "vpn_server": {
        "tunnel_protocol": "SSL",
        "client_cidr": "172.16.0.1/24",
        "local_subnets": [
          "10.16.0.0/24",
          "10.16.1.0/24"
        ],
        "client_auth_type": "LOCAL_PASSWORD",
        "server_certificate": {
          "id": "scs1716171403922"
        },
        "ssl_options": {
          "protocol": "TCP",
          "port": 443,
          "encryption_algorithm": "AES-128-GCM",
          "is_compressed": false
        }
      }
    }

Response

  • Response parameters

    Returned status code 201: successful operation

    Table 8 Parameters in the response body

    Parameter

    Type

    Description

    vpn_server

    vpn_server object

    Specifies the VPN server object.

    request_id

    String

    Specifies a request ID.

    Table 9 vpn_server

    Parameter

    Type

    Description

    id

    String

    • Specifies the ID of a VPN server.
    • The value is a UUID containing 36 characters.
  • Example response
    {
      "vpn_server": {
        "id": "2407a20d-0bf7-4530-ba9a-7ffa0cedfa3b"
      },
      "request_id": "b19ba5a0be8f7b7f664b14596f8f35db"
    }

Status Codes

For details, see Status Codes.