Creates an SSL server.

Usage notes

  • CreateSslVpnServer is an asynchronous operation. After a request is sent, the system returns a request ID and runs the task in the background. You can call the DescribeVpnGateway operation to query the status of the task.
    • If the VPN gateway is in the updating state, the SSL server is being created.
    • If the VPN gateway is in the active state, the SSL server is created.
  • You cannot repeatedly call the CreateSslVpnServer operation for the same VPN gateway within the specified period of time.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateSslVpnServer

The operation that you want to perform. Set the value to CreateSslVpnServer.

ClientToken String No 02fb3da4-130e-11e9-8e44-0016e04115b

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.

Note If you do not specify this parameter, the system automatically uses request ID as the client token. The request ID may be different for each request.
RegionId String Yes cn-shanghai

The region ID of the VPN gateway.

You can call the DescribeRegions operation to query the most recent list of regions.

VpnGatewayId String Yes vpn-bp1hgim8by0kc9nga****

The ID of the VPN gateway.

Name String No sslvpnname

The name of the SSL server.

The name must be 1 to 100 characters in length, and cannot start with http:// or https://.

ClientIpPool String Yes 192.168.1.0/24

The client CIDR block.

The CIDR block that is allocated to the virtual network interface of the client. It is not the CIDR block where the client resides.

When the client accesses the destination network by using an SSL-VPN connection, the VPN gateway allocates an IP address from the client CIDR block to the client.

Note This CIDR block cannot conflict with the CIDR block specified by LocalSubnet.
LocalSubnet String Yes 10.0.0.0/8

The local CIDR block.

The CIDR block to be accessed by the client through the SSL-VPN connection.

This value can be the CIDR block of a virtual private cloud (VPC), a vSwitch, a data center that is connected to a VPC through an Express Connect circuit, or Object Storage Service (OSS).

Proto String No UDP

The protocol that is used by the SSL server. Valid values:

  • TCP (default)
  • UDP
Cipher String No AES-128-CBC

The encryption algorithm that is used in the SSL-VPN connection. Valid values:

  • AES-128-CBC (default)
  • AES-192-CBC
  • AES-256-CBC
  • none
Port Integer No 1194

The port that is used by the SSL server. Valid values of port numbers: 1 to 65535. Default value: 1194.

The following ports are not supported: 22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, and 4500.

Compress Boolean No false

Specifies whether to enable data compression. Valid values:

  • true
  • false (default)
EnableMultiFactorAuth Boolean No false

Specifies whether to enable two-factor authentication. Valid values:

  • true
  • false (default)
Note To enable two-factor authentication, make sure that the VPN gateway was created after 00:00:00 (UTC+8), March 5, 2020. Otherwise, two-factor authentication is not supported.
IDaaSInstanceId String No idaas-cn-hangzhou-p****

The ID of the Identity as a Service (IDaaS) instance.

IDaaSRegionId String No cn-hangzhou

The ID of the region where the IDaaS instance is created.

Response parameters

Parameter Type Example Description
SslVpnServerId String vss-bp18q7hzj6largv4v****

The ID of the SSL server.

RequestId String E98A9651-7098-40C7-8F85-C818D1EBBA85

The request ID.

Name String test

The name of the SSL server.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateSslVpnServer
&ClientIpPool=192.168.1.0/24
&LocalSubnet=10.0.0.0/8
&RegionId=cn-shanghai
&VpnGatewayId=vpn-bp1hgim8by0kc9nga****
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateSslVpnServerResponse>
    <RequestId>E98A9651-7098-40C7-8F85-C818D1EBBA85</RequestId>
    <SslVpnServerId>vss-bp18q7hzj6largv4v****</SslVpnServerId>
    <Name>test</Name>
</CreateSslVpnServerResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "E98A9651-7098-40C7-8F85-C818D1EBBA85",
  "SslVpnServerId" : "vss-bp18q7hzj6largv4v****",
  "Name" : "test"
}

Error codes

HttpCode Error code Error message Description
400 Resource.QuotaFull The quota of resource is full The resource quota is exhausted.
400 InvalidName The name is not valid The format of the name is invalid.
400 VpnGateway.Configuring The specified service is configuring. The operation is not allowed when the specified service is being configured. Try again later.
400 VpnGateway.FinancialLocked The specified service is financial locked. The service is suspended due to overdue payments. Top up your account first.
400 VpnRouteEntry.Conflict The specified route entry has conflict. The specified route conflicts with an existing route.
400 SslVpnServer.AddRouteError Add route error whose destination is client IP pool, please check vpc route entry and relevant quota. The system failed to add the route that points to the client CIDR block. View the VPC route and quota.
400 ClientIpPool.NetmaskInvalid The netmask length of client IP pool must be greater than or equal to 16 and less than or equal to 29. The mask length of the client IP address pool must be from 16 to 29.
400 ClientIpPool.SubnetInvalid The specified client IP pool cannot be used. The client CIDR block is unavailable.
400 MissingParameter.IDaaSInstanceId The input parameter IDaaSInstanceId is mandatory when enable multi-factor authentication. You must set the IDaaSInstanceId parameter when you enable two-factor authentication.
400 OperationFailed.NoRamPermission Vpn Service has no permission to operate your IDaaS instances. The VPN service does not have the permissions to manage your IDaaS instance.
400 QuotaExceeded.VpnRouteEntry The number of route entries to the VPN gateway in the VPC routing table has reached the quota limit. The number of routes that point to the VPN gateway in the VPC route table reaches the quota.
400 SystemBusy The system is busy. Please try again later. The system is unavailable. Try again later.
400 SslVpnServerPort.Illegal The server port is not in the range of [1-65535]. The port of the SSL-VPN server must be from 1 to 65535.
403 Forbbiden.SubUser User not authorized to operate on the specified resource as your account is created by another user. You are unauthorized to perform this operation on the specified resource. You can apply for the required permissions and try again.
403 Forbidden User not authorized to operate on the specified resource. You are unauthorized to perform this operation on the specified resource. You can apply for the required permissions and try again.
404 InvalidRegionId.NotFound The specified region is not found during access authentication. The specified area is not found during authentication.
404 InvalidVpnGatewayInstanceId.NotFound The specified vpn gateway instance id does not exist. The specified VPN gateway does not exist. Check whether the specified VPN gateway is valid.

For a list of error codes, see Service error codes.