All Products
Search
Document Center

:CreateVpnGateway

最終更新日:Aug 09, 2023

Creates a VPN gateway.

Usage notes

  • Before you create a VPN gateway, we recommend that you understand its limits. For more information, see Limits on VPN gateways.

  • VPN gateways in some regions support only IPsec-VPN connections in dual-tunnel mode. When you call CreateVpnGateway in these regions, you must specify VSwitchId and DisasterRecoveryVSwitchId in addition to the required parameters. For more information about the regions and zones that support the dual-tunnel mode, see Upgrade a VPN gateway to enable the dual-tunnel mode.

  • CreateVpnGateway is asynchronous. After a request is sent, the system returns a request ID and runs the task in the background. You can call DescribeVpnGateway to query the status of the task.

    • If the VPN gateway is in the provisioning state, the VPN gateway is being created.

    • If the VPN gateway is in the active state, the VPN gateway is created.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter

Type

Required

Example

Description

Action

String

Yes

CreateVpnGateway

The operation that you want to perform. Set the value to CreateVpnGateway.

RegionId

String

Yes

cn-hangzhou

The region ID of the VPN gateway. You can call the DescribeRegions operation to query the most recent region list.

Name

String

No

MYVPN

The name of the VPN gateway. The default value is the ID of the VPN gateway.

The name must be 2 to 100 characters in length and cannot start with http:// or https://. It must start with a letter and can contain letters, digits, underscores (_), hyphens (-), and periods (.). Other special characters are not supported.

VpcId

String

Yes

vpc-bp1ub1yt9cvakoelj****

The ID of the virtual private cloud (VPC) where you want to create the VPN gateway.

InstanceChargeType

String

No

Example value for the Alibaba Cloud China site: PREPAY. Example value for the Alibaba Cloud International site: POSTPAY.

The billing method of the VPN gateway. Set the value to POSTPAY, which specifies the pay-as-you-go billing method.

Period

Integer

No

1

The subscription duration. Unit: months. Valid values: 1 to 9, 12, 24, and 36.

AutoPay

Boolean

No

false

Specifies whether to enable automatic payment for the VPN gateway. Valid values:

  • true

  • false (default)

Bandwidth

Integer

Yes

5

The maximum bandwidth of the VPN gateway. Unit: Mbit/s.

  • If you want to create a public VPN gateway, valid values are 10, 100, 200, 500, and 1000.

  • If you want to create a private VPN gateway, valid values are 200 and 1000.

Note

In some regions, the maximum bandwidth supported by a VPN gateway is 200 Mbit/s. For more information, see Limits on VPN gateways.

EnableIpsec

Boolean

No

true

Specifies whether to enable the IPsec-VPN feature. Valid values:

  • true (default)

  • false

EnableSsl

Boolean

No

false

Specifies whether to enable the SSL-VPN feature for the VPN gateway. Valid values:

  • true

  • false (default)

SslConnections

Integer

No

5

The maximum number of clients that can be connected at the same time. Valid values: 5 (default), 10, 20, 50, 100, 200, 500, and 1000.

VSwitchId

String

No

vsw-bp1j5miw2bae9s2vt****

The vSwitch with which you want to associate the VPN gateway.

  • If you call this operation in a region that supports the dual-tunnel mode, this parameter is required. You must specify a vSwitch and specify DisasterRecoveryVSwitchId.

  • If you call this operation in a region that supports the single-tunnel mode and do not specify a vSwitch, the system automatically specifies a vSwitch.

VpnType

String

No

Normal

The type of the VPN gateway. Valid values:

  • Normal (default)

ClientToken

String

No

02fb3da4****

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters.

Note

If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.

NetworkType

String

No

public

The network type of the VPN gateway. Valid values:

  • public (default)

  • private

DisasterRecoveryVSwitchId

String

No

vsw-p0wiz7obm0tbimu4r****

The second vSwitch with which you want to associate the VPN gateway.

  • If you call this operation in a region that supports the dual-tunnel mode, this parameter is required.

  • You need to specify two vSwitches in different zones from the VPC associated with the VPN gateway to implement disaster recovery across zones.

  • For a region that supports only one zone, disaster recovery across zones is not supported. We recommend that you specify two vSwitches in the zone to implement high availability. You can specify the same vSwitch.

For more information about the regions and zones that support the dual-tunnel mode, see Upgrade a VPN gateway to enable the dual-tunnel mode.

Response parameters

Parameter

Type

Example

Description

VpnGatewayId

String

vpn-uf68lxhgr7ftbqr3p****

The ID of the VPN gateway.

RequestId

String

EB2C156A-41F8-49CC-A756-D55AFC8BFD69

The request ID.

Name

String

MYVPN

The name of the VPN gateway.

OrderId

Long

208240895400460

The order ID.

If automatic payment is disabled, you must manually complete the payment for the VPN gateway in the Alibaba Cloud Management console.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateVpnGateway
&RegionId=cn-hangzhou
&Name=MYVPN
&VpcId=vpc-bp1ub1yt9cvakoelj****
&InstanceChargeType=PREPAY
&Period=1
&AutoPay=false
&Bandwidth=5
&EnableIpsec=true
&EnableSsl=true
&SslConnections=5
&VSwitchId=vsw-bp1j5miw2bae9s2vt****
&VpnType=Normal
&ClientToken=02fb3da4****
&NetworkType=public
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateVpnGatewayResponse>
    <VpnGatewayId>vpn-uf68lxhgr7ftbqr3p****</VpnGatewayId>
    <RequestId>EB2C156A-41F8-49CC-A756-D55AFC8BFD69</RequestId>
    <Name>MYVPN</Name>
    <OrderId>208240895400460</OrderId>
</CreateVpnGatewayResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "VpnGatewayId" : "vpn-uf68lxhgr7ftbqr3p****",
  "RequestId" : "EB2C156A-41F8-49CC-A756-D55AFC8BFD69",
  "Name" : "MYVPN",
  "OrderId" : 208240895400460
}

Error codes

HttpCode

Error code

Error message

Description

400

Resource.QuotaFull

The quota of resource is full

The resource quota is exhausted.

400

OperationFailed.SslNotSupport

Enable ssl vpn with private networkType is unsupported.

You cannot enable the SSL feature for a private VPN gateway.

400

Forbidden.TagKey.Duplicated

The specified tag key already exists.

The tag resources are duplicate.

400

SizeLimitExceeded.TagNum

The maximum number of tags is exceeded.

The number of tags has reached the upper limit.

400

InvalidParameter.TagValue

The specified parameter TagValue is invalid.

The specified tag value is invalid.

400

InvalidParameter.TagKey

The specified parameter TagKey is invalid.

The specified tag key is invalid.

400

Duplicated.TagKey

The specified parameter TagKey is duplicated.

The specified tag key already exists.

400

InternalError

The request processing has failed due to some unknown error, exception or failure.

An internal error has occurred.

404

InvalidRegionId.NotFound

The specified region is not found during access authentication.

The specified area is not found during authentication.

For a list of error codes, see Service error codes.