All Products
Search
Document Center

:DownloadVpnConnectionConfig

最終更新日:Aug 15, 2023

Downloads the configurations of the peer gateway device of an IPsec-VPN connection.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter

Type

Required

Example

Description

Action String Yes DownloadVpnConnectionConfig

The operation that you want to perform. Set the value to DownloadVpnConnectionConfig.

RegionId String Yes cn-shanghai

The ID of the region where the IPsec-VPN connection is created.

You can call the DescribeRegions operation to query the most recent region list.

VpnConnectionId String Yes vco-bp1bbi27hojx80nck****

The ID of the IPsec-VPN connection.

Response parameters

Parameter

Type

Example

Description

RequestId String 0C68048B-0F70-40DA-B8AE-1B79B5CF62E3

The request ID.

VpnConnectionConfig Object

The configurations of the peer gateway device.

Remote String 116.62.XX.XX

The identifier of the VPN gateway.

Local String 139.196.XX.XX

The identifier of the customer gateway.

RemoteSubnet String 192.168.0.0/16

The CIDR block on the virtual private cloud (VPC) side.

LocalSubnet String 10.0.0.0/8

The CIDR block on the data center side.

IkeConfig Object

The configurations of Phase 1 negotiations.

RemoteId String 116.62.XX.XX

The identifier of the VPN gateway. FQDN and IP formats are supported. The default value is the IP address of the VPN gateway.

IkeLifetime Long 86400

The lifetime in the IKE phase. Unit: seconds.

IkeEncAlg String aes

The encryption algorithm in the IKE phase.

LocalId String 139.196.XX.XX

The identifier of the customer gateway. FQDN and IP formats are supported. The default value is the IP address of the customer gateway.

IkeMode String main

The IKE negotiation mode. Valid values:

  • main: This mode offers higher security during negotiations.
  • aggressive: This mode is faster and has a higher success rate.
IkeVersion String ikev1

The IKE version.

IkePfs String group2

The DH group in the IKE phase.

Psk String pgw6dy7d1i8i****

The pre-shared key.

IkeAuthAlg String sha1

The authentication algorithm in the IKE phase.

IpsecConfig Object

The configurations of Phase 2 negotiations.

IpsecAuthAlg String sha1

The authentication algorithm in the IPsec phase.

IpsecEncAlg String aes

The encryption algorithm in the IPsec phase.

IpsecLifetime Long 86400

The lifetime in the IPsec phase. Unit: seconds.

IpsecPfs String group2

The DH group in the IPsec phase.

TunnelsConfig Array of TunnelConfig

The tunnel configuration of the peer gateway device.

Parameters in TunnelsConfig are returned only if the IPsec-VPN connection is in dual-tunnel mode.

TunnelConfig
TunnelId String tun-opsqc4d97wni27****

The tunnel ID.

Local String 47.21.XX.XX

The identifier of the tunnel on the data center side.

Remote String 47.24.XX.XX

The identifier of the tunnel on the Alibaba Cloud side.

IkeConfig Object

The configurations of Phase 1 negotiations.

Psk String pgw6dy7d1i8i****

The pre-shared key.

IkeVersion String ikev1

The IKE version.

IkeMode String main

The IKE negotiation mode. Valid values:

  • main: This mode offers higher security during negotiations.
  • aggressive: This mode is faster and has a higher success rate.
IkeEncAlg String aes

The encryption algorithm in the IKE phase.

IkeAuthAlg String sha1

The authentication algorithm in the IKE phase.

IkePfs String group2

The DH group in the IKE phase.

IkeLifetime Long 86400

The lifetime in the IKE phase. Unit: seconds.

LocalId String 47.21.XX.XX

The identifier of the tunnel on the data center side.

RemoteId String 47.24.XX.XX

The identifier of the tunnel on the Alibaba Cloud side.

IpsecConfig Object

The configurations of Phase 2 negotiations.

IpsecAuthAlg String sha1

The authentication algorithm in the IPsec phase.

IpsecEncAlg String aes

The encryption algorithm in the IPsec phase.

IpsecPfs String group2

The DH group in the IPsec phase.

IpsecLifetime Long 86400

The lifetime in the IPsec phase. Unit: seconds.

Examples

Sample requests

https://vpc.aliyuncs.com/?Action=DownloadVpnConnectionConfig
&RegionId=cn-shanghai
&VpnConnectionId=vco-bp1bbi27hojx80nck****
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DownloadVpnConnectionConfigResponse>
    <RequestId>0C68048B-0F70-40DA-B8AE-1B79B5CF62E3</RequestId>
    <VpnConnectionConfig>
        <Remote>116.62.XX.XX</Remote>
        <Local>139.196.XX.XX</Local>
        <RemoteSubnet>192.168.0.0/16</RemoteSubnet>
        <LocalSubnet>10.0.0.0/8</LocalSubnet>
        <IkeConfig>
            <RemoteId>139.196.XX.XX</RemoteId>
            <IkeLifetime>86400</IkeLifetime>
            <IkeEncAlg>aes</IkeEncAlg>
            <LocalId>116.62.XX.XX</LocalId>
            <IkeMode>main</IkeMode>
            <IkeVersion>ikev1</IkeVersion>
            <IkePfs>group2</IkePfs>
            <Psk>pgw6dy7d1i8i****</Psk>
            <IkeAuthAlg>sha1</IkeAuthAlg>
        </IkeConfig>
        <IpsecConfig>
            <IpsecAuthAlg>sha1</IpsecAuthAlg>
            <IpsecLifetime>86400</IpsecLifetime>
            <IpsecEncAlg>aes</IpsecEncAlg>
            <IpsecPfs>group2</IpsecPfs>
        </IpsecConfig>
    </VpnConnectionConfig>
</DownloadVpnConnectionConfigResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "0C68048B-0F70-40DA-B8AE-1B79B5CF62E3",
  "VpnConnectionConfig" : {
    "Remote" : "116.62.XX.XX",
    "Local" : "139.196.XX.XX",
    "RemoteSubnet" : "192.168.0.0/16",
    "LocalSubnet" : "10.0.0.0/8",
    "IkeConfig" : {
      "RemoteId" : "139.196.XX.XX",
      "IkeLifetime" : 86400,
      "IkeEncAlg" : "aes",
      "LocalId" : "116.62.XX.XX",
      "IkeMode" : "main",
      "IkeVersion" : "ikev1",
      "IkePfs" : "group2",
      "Psk" : "pgw6dy7d1i8i****",
      "IkeAuthAlg" : "sha1"
    },
    "IpsecConfig" : {
      "IpsecAuthAlg" : "sha1",
      "IpsecLifetime" : 86400,
      "IpsecEncAlg" : "aes",
      "IpsecPfs" : "group2"
    }
  }
}

Error codes

HttpCode

Error code

Error message

Description

403 Forbbiden.SubUser User not authorized to operate on the specified resource as your account is created by another user. You are unauthorized to perform this operation on the specified resource. You can apply for the required permissions and try again.
403 Forbidden User not authorized to operate on the specified resource. You are unauthorized to perform this operation on the specified resource. You can apply for the required permissions and try again.
404 InvalidVpnConnectionInstanceId.NotFound The specified vpn connection instance id does not exist. The specified IPsec connection does not exist. Check whether the ID of the IPsec connection is valid.

For a list of error codes, see Service error codes.