Creates an SSL server.
Usage notes
- CreateSslVpnServer is an asynchronous operation. After a request is sent, the system returns a request ID and runs the task in the background. You can call the DescribeVpnGateway operation to query the status of the task.
- If the VPN gateway is in the updating state, the SSL server is being created.
- If the VPN gateway is in the active state, the SSL server is created.
- You cannot repeatedly call the CreateSslVpnServer operation for the same VPN gateway within the specified period of time.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | CreateSslVpnServer | The operation that you want to perform. Set the value to CreateSslVpnServer. |
ClientToken | String | No | 02fb3da4-130e-11e9-8e44-0016e04115b | The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses request ID as the client token. The request ID may be different for each request. |
RegionId | String | Yes | cn-shanghai | The region ID of the VPN gateway. You can call the DescribeRegions operation to query the most recent list of regions. |
VpnGatewayId | String | Yes | vpn-bp1hgim8by0kc9nga**** | The ID of the VPN gateway. |
Name | String | No | sslvpnname | The name of the SSL server. The name must be 1 to 100 characters in length, and cannot start with |
ClientIpPool | String | Yes | 192.168.1.0/24 | The client CIDR block. The CIDR block that is allocated to the virtual network interface of the client. It is not the CIDR block where the client resides. When the client accesses the destination network by using an SSL-VPN connection, the VPN gateway allocates an IP address from the client CIDR block to the client. Note This CIDR block cannot conflict with the CIDR block specified by LocalSubnet. |
LocalSubnet | String | Yes | 10.0.0.0/8 | The local CIDR block. The CIDR block to be accessed by the client through the SSL-VPN connection. This value can be the CIDR block of a virtual private cloud (VPC), a vSwitch, a data center that is connected to a VPC through an Express Connect circuit, or Object Storage Service (OSS). |
Proto | String | No | UDP | The protocol that is used by the SSL server. Valid values:
|
Cipher | String | No | AES-128-CBC | The encryption algorithm that is used in the SSL-VPN connection. Valid values:
|
Port | Integer | No | 1194 | The port that is used by the SSL server. Valid values of port numbers: 1 to 65535. Default value: 1194. The following ports are not supported: 22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, and 4500. |
Compress | Boolean | No | false | Specifies whether to enable data compression. Valid values:
|
EnableMultiFactorAuth | Boolean | No | false | Specifies whether to enable two-factor authentication. Valid values:
Note To enable two-factor authentication, make sure that the VPN gateway was created after 00:00:00 (UTC+8), March 5, 2020. Otherwise, two-factor authentication is not supported. |
IDaaSInstanceId | String | No | idaas-cn-hangzhou-p**** | The ID of the Identity as a Service (IDaaS) instance. |
IDaaSRegionId | String | No | cn-hangzhou | The ID of the region where the IDaaS instance is created. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
SslVpnServerId | String | vss-bp18q7hzj6largv4v**** | The ID of the SSL server. |
RequestId | String | E98A9651-7098-40C7-8F85-C818D1EBBA85 | The request ID. |
Name | String | test | The name of the SSL server. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=CreateSslVpnServer
&ClientIpPool=192.168.1.0/24
&LocalSubnet=10.0.0.0/8
&RegionId=cn-shanghai
&VpnGatewayId=vpn-bp1hgim8by0kc9nga****
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<CreateSslVpnServerResponse>
<RequestId>E98A9651-7098-40C7-8F85-C818D1EBBA85</RequestId>
<SslVpnServerId>vss-bp18q7hzj6largv4v****</SslVpnServerId>
<Name>test</Name>
</CreateSslVpnServerResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "E98A9651-7098-40C7-8F85-C818D1EBBA85",
"SslVpnServerId" : "vss-bp18q7hzj6largv4v****",
"Name" : "test"
}
Error codes
HttpCode | Error code | Error message | Description |
---|---|---|---|
400 | Resource.QuotaFull | The quota of resource is full | The resource quota is exhausted. |
400 | InvalidName | The name is not valid | The format of the name is invalid. |
400 | VpnGateway.Configuring | The specified service is configuring. | The operation is not allowed when the specified service is being configured. Try again later. |
400 | VpnGateway.FinancialLocked | The specified service is financial locked. | The service is suspended due to overdue payments. Top up your account first. |
400 | VpnRouteEntry.Conflict | The specified route entry has conflict. | The specified route conflicts with an existing route. |
400 | SslVpnServer.AddRouteError | Add route error whose destination is client IP pool, please check vpc route entry and relevant quota. | The system failed to add the route that points to the client CIDR block. View the VPC route and quota. |
400 | ClientIpPool.NetmaskInvalid | The netmask length of client IP pool must be greater than or equal to 16 and less than or equal to 29. | The mask length of the client IP address pool must be from 16 to 29. |
400 | ClientIpPool.SubnetInvalid | The specified client IP pool cannot be used. | The client CIDR block is unavailable. |
400 | MissingParameter.IDaaSInstanceId | The input parameter IDaaSInstanceId is mandatory when enable multi-factor authentication. | You must set the IDaaSInstanceId parameter when you enable two-factor authentication. |
400 | OperationFailed.NoRamPermission | Vpn Service has no permission to operate your IDaaS instances. | The VPN service does not have the permissions to manage your IDaaS instance. |
400 | QuotaExceeded.VpnRouteEntry | The number of route entries to the VPN gateway in the VPC routing table has reached the quota limit. | The number of routes that point to the VPN gateway in the VPC route table reaches the quota. |
400 | SystemBusy | The system is busy. Please try again later. | The system is unavailable. Try again later. |
400 | SslVpnServerPort.Illegal | The server port is not in the range of [1-65535]. | The port of the SSL-VPN server must be from 1 to 65535. |
403 | Forbbiden.SubUser | User not authorized to operate on the specified resource as your account is created by another user. | You are unauthorized to perform this operation on the specified resource. You can apply for the required permissions and try again. |
403 | Forbidden | User not authorized to operate on the specified resource. | You are unauthorized to perform this operation on the specified resource. You can apply for the required permissions and try again. |
404 | InvalidRegionId.NotFound | The specified region is not found during access authentication. | The specified area is not found during authentication. |
404 | InvalidVpnGatewayInstanceId.NotFound | The specified vpn gateway instance id does not exist. | The specified VPN gateway does not exist. Check whether the specified VPN gateway is valid. |
For a list of error codes, see Service error codes.