Docs Home
Alibaba Cloud v3.75.0 published on Friday, Mar 7, 2025 by Pulumi
alicloud.vpn.Connection
Explore with Pulumi AI
Example Usage
Basic Usage
IPsec-VPN connections support the dual-tunnel mode
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "terraform-example";
const spec = config.get("spec") || "5";
const _default = alicloud.vpn.getGatewayZones({
spec: "5M",
});
const defaultNetwork = new alicloud.vpc.Network("default", {
cidrBlock: "172.16.0.0/16",
vpcName: name,
});
const default0 = new alicloud.vpc.Switch("default0", {
cidrBlock: "172.16.0.0/24",
vpcId: defaultNetwork.id,
zoneId: _default.then(_default => _default.ids?.[0]),
});
const default1 = new alicloud.vpc.Switch("default1", {
cidrBlock: "172.16.1.0/24",
vpcId: defaultNetwork.id,
zoneId: _default.then(_default => _default.ids?.[1]),
});
const HA_VPN = new alicloud.vpn.Gateway("HA-VPN", {
vpnType: "Normal",
disasterRecoveryVswitchId: default1.id,
vpnGatewayName: name,
vswitchId: default0.id,
autoPay: true,
vpcId: defaultNetwork.id,
networkType: "public",
paymentType: "Subscription",
enableIpsec: true,
bandwidth: spec,
});
const defaultCustomerGateway = new alicloud.vpn.CustomerGateway("defaultCustomerGateway", {
description: "defaultCustomerGateway",
ipAddress: "2.2.2.5",
asn: "2224",
customerGatewayName: name,
});
const changeCustomerGateway = new alicloud.vpn.CustomerGateway("changeCustomerGateway", {
description: "changeCustomerGateway",
ipAddress: "2.2.2.6",
asn: "2225",
customerGatewayName: name,
});
const defaultConnection = new alicloud.vpn.Connection("default", {
vpnGatewayId: HA_VPN.id,
vpnConnectionName: name,
localSubnets: ["3.0.0.0/24"],
remoteSubnets: [
"10.0.0.0/24",
"10.0.1.0/24",
],
tags: {
Created: "TF",
For: "example",
},
enableTunnelsBgp: true,
tunnelOptionsSpecifications: [
{
tunnelIpsecConfig: {
ipsecAuthAlg: "md5",
ipsecEncAlg: "aes256",
ipsecLifetime: 16400,
ipsecPfs: "group5",
},
customerGatewayId: defaultCustomerGateway.id,
role: "master",
tunnelBgpConfig: {
localAsn: "1219002",
tunnelCidr: "169.254.30.0/30",
localBgpIp: "169.254.30.1",
},
tunnelIkeConfig: {
ikeMode: "aggressive",
ikeVersion: "ikev2",
localId: "localid_tunnel2",
psk: "12345678",
remoteId: "remote2",
ikeAuthAlg: "md5",
ikeEncAlg: "aes256",
ikeLifetime: 3600,
ikePfs: "group14",
},
},
{
tunnelIkeConfig: {
remoteId: "remote24",
ikeEncAlg: "aes256",
ikeLifetime: 27000,
ikeMode: "aggressive",
ikePfs: "group5",
ikeAuthAlg: "md5",
ikeVersion: "ikev2",
localId: "localid_tunnel2",
psk: "12345678",
},
tunnelIpsecConfig: {
ipsecLifetime: 2700,
ipsecPfs: "group14",
ipsecAuthAlg: "md5",
ipsecEncAlg: "aes256",
},
customerGatewayId: defaultCustomerGateway.id,
role: "slave",
tunnelBgpConfig: {
localAsn: "1219002",
localBgpIp: "169.254.40.1",
tunnelCidr: "169.254.40.0/30",
},
},
],
});
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "terraform-example"
spec = config.get("spec")
if spec is None:
spec = "5"
default = alicloud.vpn.get_gateway_zones(spec="5M")
default_network = alicloud.vpc.Network("default",
cidr_block="172.16.0.0/16",
vpc_name=name)
default0 = alicloud.vpc.Switch("default0",
cidr_block="172.16.0.0/24",
vpc_id=default_network.id,
zone_id=default.ids[0])
default1 = alicloud.vpc.Switch("default1",
cidr_block="172.16.1.0/24",
vpc_id=default_network.id,
zone_id=default.ids[1])
h_a__vpn = alicloud.vpn.Gateway("HA-VPN",
vpn_type="Normal",
disaster_recovery_vswitch_id=default1.id,
vpn_gateway_name=name,
vswitch_id=default0.id,
auto_pay=True,
vpc_id=default_network.id,
network_type="public",
payment_type="Subscription",
enable_ipsec=True,
bandwidth=spec)
default_customer_gateway = alicloud.vpn.CustomerGateway("defaultCustomerGateway",
description="defaultCustomerGateway",
ip_address="2.2.2.5",
asn="2224",
customer_gateway_name=name)
change_customer_gateway = alicloud.vpn.CustomerGateway("changeCustomerGateway",
description="changeCustomerGateway",
ip_address="2.2.2.6",
asn="2225",
customer_gateway_name=name)
default_connection = alicloud.vpn.Connection("default",
vpn_gateway_id=h_a__vpn.id,
vpn_connection_name=name,
local_subnets=["3.0.0.0/24"],
remote_subnets=[
"10.0.0.0/24",
"10.0.1.0/24",
],
tags={
"Created": "TF",
"For": "example",
},
enable_tunnels_bgp=True,
tunnel_options_specifications=[
{
"tunnel_ipsec_config": {
"ipsec_auth_alg": "md5",
"ipsec_enc_alg": "aes256",
"ipsec_lifetime": 16400,
"ipsec_pfs": "group5",
},
"customer_gateway_id": default_customer_gateway.id,
"role": "master",
"tunnel_bgp_config": {
"local_asn": "1219002",
"tunnel_cidr": "169.254.30.0/30",
"local_bgp_ip": "169.254.30.1",
},
"tunnel_ike_config": {
"ike_mode": "aggressive",
"ike_version": "ikev2",
"local_id": "localid_tunnel2",
"psk": "12345678",
"remote_id": "remote2",
"ike_auth_alg": "md5",
"ike_enc_alg": "aes256",
"ike_lifetime": 3600,
"ike_pfs": "group14",
},
},
{
"tunnel_ike_config": {
"remote_id": "remote24",
"ike_enc_alg": "aes256",
"ike_lifetime": 27000,
"ike_mode": "aggressive",
"ike_pfs": "group5",
"ike_auth_alg": "md5",
"ike_version": "ikev2",
"local_id": "localid_tunnel2",
"psk": "12345678",
},
"tunnel_ipsec_config": {
"ipsec_lifetime": 2700,
"ipsec_pfs": "group14",
"ipsec_auth_alg": "md5",
"ipsec_enc_alg": "aes256",
},
"customer_gateway_id": default_customer_gateway.id,
"role": "slave",
"tunnel_bgp_config": {
"local_asn": "1219002",
"local_bgp_ip": "169.254.40.1",
"tunnel_cidr": "169.254.40.0/30",
},
},
])
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpc"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "terraform-example"
if param := cfg.Get("name"); param != "" {
name = param
}
spec := "5"
if param := cfg.Get("spec"); param != "" {
spec = param
}
_default, err := vpn.GetGatewayZones(ctx, &vpn.GetGatewayZonesArgs{
Spec: "5M",
}, nil)
if err != nil {
return err
}
defaultNetwork, err := vpc.NewNetwork(ctx, "default", &vpc.NetworkArgs{
CidrBlock: pulumi.String("172.16.0.0/16"),
VpcName: pulumi.String(name),
})
if err != nil {
return err
}
default0, err := vpc.NewSwitch(ctx, "default0", &vpc.SwitchArgs{
CidrBlock: pulumi.String("172.16.0.0/24"),
VpcId: defaultNetwork.ID(),
ZoneId: pulumi.String(_default.Ids[0]),
})
if err != nil {
return err
}
default1, err := vpc.NewSwitch(ctx, "default1", &vpc.SwitchArgs{
CidrBlock: pulumi.String("172.16.1.0/24"),
VpcId: defaultNetwork.ID(),
ZoneId: pulumi.String(_default.Ids[1]),
})
if err != nil {
return err
}
HA_VPN, err := vpn.NewGateway(ctx, "HA-VPN", &vpn.GatewayArgs{
VpnType: pulumi.String("Normal"),
DisasterRecoveryVswitchId: default1.ID(),
VpnGatewayName: pulumi.String(name),
VswitchId: default0.ID(),
AutoPay: pulumi.Bool(true),
VpcId: defaultNetwork.ID(),
NetworkType: pulumi.String("public"),
PaymentType: pulumi.String("Subscription"),
EnableIpsec: pulumi.Bool(true),
Bandwidth: pulumi.String(spec),
})
if err != nil {
return err
}
defaultCustomerGateway, err := vpn.NewCustomerGateway(ctx, "defaultCustomerGateway", &vpn.CustomerGatewayArgs{
Description: pulumi.String("defaultCustomerGateway"),
IpAddress: pulumi.String("2.2.2.5"),
Asn: pulumi.String("2224"),
CustomerGatewayName: pulumi.String(name),
})
if err != nil {
return err
}
_, err = vpn.NewCustomerGateway(ctx, "changeCustomerGateway", &vpn.CustomerGatewayArgs{
Description: pulumi.String("changeCustomerGateway"),
IpAddress: pulumi.String("2.2.2.6"),
Asn: pulumi.String("2225"),
CustomerGatewayName: pulumi.String(name),
})
if err != nil {
return err
}
_, err = vpn.NewConnection(ctx, "default", &vpn.ConnectionArgs{
VpnGatewayId: HA_VPN.ID(),
VpnConnectionName: pulumi.String(name),
LocalSubnets: pulumi.StringArray{
pulumi.String("3.0.0.0/24"),
},
RemoteSubnets: pulumi.StringArray{
pulumi.String("10.0.0.0/24"),
pulumi.String("10.0.1.0/24"),
},
Tags: pulumi.StringMap{
"Created": pulumi.String("TF"),
"For": pulumi.String("example"),
},
EnableTunnelsBgp: pulumi.Bool(true),
TunnelOptionsSpecifications: vpn.ConnectionTunnelOptionsSpecificationArray{
&vpn.ConnectionTunnelOptionsSpecificationArgs{
TunnelIpsecConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs{
IpsecAuthAlg: pulumi.String("md5"),
IpsecEncAlg: pulumi.String("aes256"),
IpsecLifetime: pulumi.Int(16400),
IpsecPfs: pulumi.String("group5"),
},
CustomerGatewayId: defaultCustomerGateway.ID(),
Role: pulumi.String("master"),
TunnelBgpConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs{
LocalAsn: pulumi.String("1219002"),
TunnelCidr: pulumi.String("169.254.30.0/30"),
LocalBgpIp: pulumi.String("169.254.30.1"),
},
TunnelIkeConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs{
IkeMode: pulumi.String("aggressive"),
IkeVersion: pulumi.String("ikev2"),
LocalId: pulumi.String("localid_tunnel2"),
Psk: pulumi.String("12345678"),
RemoteId: pulumi.String("remote2"),
IkeAuthAlg: pulumi.String("md5"),
IkeEncAlg: pulumi.String("aes256"),
IkeLifetime: pulumi.Int(3600),
IkePfs: pulumi.String("group14"),
},
},
&vpn.ConnectionTunnelOptionsSpecificationArgs{
TunnelIkeConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs{
RemoteId: pulumi.String("remote24"),
IkeEncAlg: pulumi.String("aes256"),
IkeLifetime: pulumi.Int(27000),
IkeMode: pulumi.String("aggressive"),
IkePfs: pulumi.String("group5"),
IkeAuthAlg: pulumi.String("md5"),
IkeVersion: pulumi.String("ikev2"),
LocalId: pulumi.String("localid_tunnel2"),
Psk: pulumi.String("12345678"),
},
TunnelIpsecConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs{
IpsecLifetime: pulumi.Int(2700),
IpsecPfs: pulumi.String("group14"),
IpsecAuthAlg: pulumi.String("md5"),
IpsecEncAlg: pulumi.String("aes256"),
},
CustomerGatewayId: defaultCustomerGateway.ID(),
Role: pulumi.String("slave"),
TunnelBgpConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs{
LocalAsn: pulumi.String("1219002"),
LocalBgpIp: pulumi.String("169.254.40.1"),
TunnelCidr: pulumi.String("169.254.40.0/30"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "terraform-example";
var spec = config.Get("spec") ?? "5";
var @default = AliCloud.Vpn.GetGatewayZones.Invoke(new()
{
Spec = "5M",
});
var defaultNetwork = new AliCloud.Vpc.Network("default", new()
{
CidrBlock = "172.16.0.0/16",
VpcName = name,
});
var default0 = new AliCloud.Vpc.Switch("default0", new()
{
CidrBlock = "172.16.0.0/24",
VpcId = defaultNetwork.Id,
ZoneId = @default.Apply(@default => @default.Apply(getGatewayZonesResult => getGatewayZonesResult.Ids[0])),
});
var default1 = new AliCloud.Vpc.Switch("default1", new()
{
CidrBlock = "172.16.1.0/24",
VpcId = defaultNetwork.Id,
ZoneId = @default.Apply(@default => @default.Apply(getGatewayZonesResult => getGatewayZonesResult.Ids[1])),
});
var HA_VPN = new AliCloud.Vpn.Gateway("HA-VPN", new()
{
VpnType = "Normal",
DisasterRecoveryVswitchId = default1.Id,
VpnGatewayName = name,
VswitchId = default0.Id,
AutoPay = true,
VpcId = defaultNetwork.Id,
NetworkType = "public",
PaymentType = "Subscription",
EnableIpsec = true,
Bandwidth = spec,
});
var defaultCustomerGateway = new AliCloud.Vpn.CustomerGateway("defaultCustomerGateway", new()
{
Description = "defaultCustomerGateway",
IpAddress = "2.2.2.5",
Asn = "2224",
CustomerGatewayName = name,
});
var changeCustomerGateway = new AliCloud.Vpn.CustomerGateway("changeCustomerGateway", new()
{
Description = "changeCustomerGateway",
IpAddress = "2.2.2.6",
Asn = "2225",
CustomerGatewayName = name,
});
var defaultConnection = new AliCloud.Vpn.Connection("default", new()
{
VpnGatewayId = HA_VPN.Id,
VpnConnectionName = name,
LocalSubnets = new[]
{
"3.0.0.0/24",
},
RemoteSubnets = new[]
{
"10.0.0.0/24",
"10.0.1.0/24",
},
Tags =
{
{ "Created", "TF" },
{ "For", "example" },
},
EnableTunnelsBgp = true,
TunnelOptionsSpecifications = new[]
{
new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationArgs
{
TunnelIpsecConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs
{
IpsecAuthAlg = "md5",
IpsecEncAlg = "aes256",
IpsecLifetime = 16400,
IpsecPfs = "group5",
},
CustomerGatewayId = defaultCustomerGateway.Id,
Role = "master",
TunnelBgpConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs
{
LocalAsn = "1219002",
TunnelCidr = "169.254.30.0/30",
LocalBgpIp = "169.254.30.1",
},
TunnelIkeConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs
{
IkeMode = "aggressive",
IkeVersion = "ikev2",
LocalId = "localid_tunnel2",
Psk = "12345678",
RemoteId = "remote2",
IkeAuthAlg = "md5",
IkeEncAlg = "aes256",
IkeLifetime = 3600,
IkePfs = "group14",
},
},
new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationArgs
{
TunnelIkeConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs
{
RemoteId = "remote24",
IkeEncAlg = "aes256",
IkeLifetime = 27000,
IkeMode = "aggressive",
IkePfs = "group5",
IkeAuthAlg = "md5",
IkeVersion = "ikev2",
LocalId = "localid_tunnel2",
Psk = "12345678",
},
TunnelIpsecConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs
{
IpsecLifetime = 2700,
IpsecPfs = "group14",
IpsecAuthAlg = "md5",
IpsecEncAlg = "aes256",
},
CustomerGatewayId = defaultCustomerGateway.Id,
Role = "slave",
TunnelBgpConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs
{
LocalAsn = "1219002",
LocalBgpIp = "169.254.40.1",
TunnelCidr = "169.254.40.0/30",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.vpn.VpnFunctions;
import com.pulumi.alicloud.vpn.inputs.GetGatewayZonesArgs;
import com.pulumi.alicloud.vpc.Network;
import com.pulumi.alicloud.vpc.NetworkArgs;
import com.pulumi.alicloud.vpc.Switch;
import com.pulumi.alicloud.vpc.SwitchArgs;
import com.pulumi.alicloud.vpn.Gateway;
import com.pulumi.alicloud.vpn.GatewayArgs;
import com.pulumi.alicloud.vpn.CustomerGateway;
import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
import com.pulumi.alicloud.vpn.Connection;
import com.pulumi.alicloud.vpn.ConnectionArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionTunnelOptionsSpecificationArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("terraform-example");
final var spec = config.get("spec").orElse("5");
final var default = VpnFunctions.getGatewayZones(GetGatewayZonesArgs.builder()
.spec("5M")
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.cidrBlock("172.16.0.0/16")
.vpcName(name)
.build());
var default0 = new Switch("default0", SwitchArgs.builder()
.cidrBlock("172.16.0.0/24")
.vpcId(defaultNetwork.id())
.zoneId(default_.ids()[0])
.build());
var default1 = new Switch("default1", SwitchArgs.builder()
.cidrBlock("172.16.1.0/24")
.vpcId(defaultNetwork.id())
.zoneId(default_.ids()[1])
.build());
var hA_VPN = new Gateway("HA-VPN", GatewayArgs.builder()
.vpnType("Normal")
.disasterRecoveryVswitchId(default1.id())
.vpnGatewayName(name)
.vswitchId(default0.id())
.autoPay(true)
.vpcId(defaultNetwork.id())
.networkType("public")
.paymentType("Subscription")
.enableIpsec(true)
.bandwidth(spec)
.build());
var defaultCustomerGateway = new CustomerGateway("defaultCustomerGateway", CustomerGatewayArgs.builder()
.description("defaultCustomerGateway")
.ipAddress("2.2.2.5")
.asn("2224")
.customerGatewayName(name)
.build());
var changeCustomerGateway = new CustomerGateway("changeCustomerGateway", CustomerGatewayArgs.builder()
.description("changeCustomerGateway")
.ipAddress("2.2.2.6")
.asn("2225")
.customerGatewayName(name)
.build());
var defaultConnection = new Connection("defaultConnection", ConnectionArgs.builder()
.vpnGatewayId(HA_VPN.id())
.vpnConnectionName(name)
.localSubnets("3.0.0.0/24")
.remoteSubnets(
"10.0.0.0/24",
"10.0.1.0/24")
.tags(Map.ofEntries(
Map.entry("Created", "TF"),
Map.entry("For", "example")
))
.enableTunnelsBgp("true")
.tunnelOptionsSpecifications(
ConnectionTunnelOptionsSpecificationArgs.builder()
.tunnelIpsecConfig(ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs.builder()
.ipsecAuthAlg("md5")
.ipsecEncAlg("aes256")
.ipsecLifetime("16400")
.ipsecPfs("group5")
.build())
.customerGatewayId(defaultCustomerGateway.id())
.role("master")
.tunnelBgpConfig(ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs.builder()
.localAsn("1219002")
.tunnelCidr("169.254.30.0/30")
.localBgpIp("169.254.30.1")
.build())
.tunnelIkeConfig(ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs.builder()
.ikeMode("aggressive")
.ikeVersion("ikev2")
.localId("localid_tunnel2")
.psk("12345678")
.remoteId("remote2")
.ikeAuthAlg("md5")
.ikeEncAlg("aes256")
.ikeLifetime("3600")
.ikePfs("group14")
.build())
.build(),
ConnectionTunnelOptionsSpecificationArgs.builder()
.tunnelIkeConfig(ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs.builder()
.remoteId("remote24")
.ikeEncAlg("aes256")
.ikeLifetime("27000")
.ikeMode("aggressive")
.ikePfs("group5")
.ikeAuthAlg("md5")
.ikeVersion("ikev2")
.localId("localid_tunnel2")
.psk("12345678")
.build())
.tunnelIpsecConfig(ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs.builder()
.ipsecLifetime("2700")
.ipsecPfs("group14")
.ipsecAuthAlg("md5")
.ipsecEncAlg("aes256")
.build())
.customerGatewayId(defaultCustomerGateway.id())
.role("slave")
.tunnelBgpConfig(ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs.builder()
.localAsn("1219002")
.localBgpIp("169.254.40.1")
.tunnelCidr("169.254.40.0/30")
.build())
.build())
.build());
}
}
configuration:
name:
type: string
default: terraform-example
spec:
type: string
default: '5'
resources:
defaultNetwork:
type: alicloud:vpc:Network
name: default
properties:
cidrBlock: 172.16.0.0/16
vpcName: ${name}
default0:
type: alicloud:vpc:Switch
properties:
cidrBlock: 172.16.0.0/24
vpcId: ${defaultNetwork.id}
zoneId: ${default.ids[0]}
default1:
type: alicloud:vpc:Switch
properties:
cidrBlock: 172.16.1.0/24
vpcId: ${defaultNetwork.id}
zoneId: ${default.ids[1]}
HA-VPN:
type: alicloud:vpn:Gateway
properties:
vpnType: Normal
disasterRecoveryVswitchId: ${default1.id}
vpnGatewayName: ${name}
vswitchId: ${default0.id}
autoPay: true
vpcId: ${defaultNetwork.id}
networkType: public
paymentType: Subscription
enableIpsec: true
bandwidth: ${spec}
defaultCustomerGateway:
type: alicloud:vpn:CustomerGateway
properties:
description: defaultCustomerGateway
ipAddress: 2.2.2.5
asn: '2224'
customerGatewayName: ${name}
changeCustomerGateway:
type: alicloud:vpn:CustomerGateway
properties:
description: changeCustomerGateway
ipAddress: 2.2.2.6
asn: '2225'
customerGatewayName: ${name}
defaultConnection:
type: alicloud:vpn:Connection
name: default
properties:
vpnGatewayId: ${["HA-VPN"].id}
vpnConnectionName: ${name}
localSubnets:
- 3.0.0.0/24
remoteSubnets:
- 10.0.0.0/24
- 10.0.1.0/24
tags:
Created: TF
For: example
enableTunnelsBgp: 'true'
tunnelOptionsSpecifications:
- tunnelIpsecConfig:
ipsecAuthAlg: md5
ipsecEncAlg: aes256
ipsecLifetime: '16400'
ipsecPfs: group5
customerGatewayId: ${defaultCustomerGateway.id}
role: master
tunnelBgpConfig:
localAsn: '1219002'
tunnelCidr: 169.254.30.0/30
localBgpIp: 169.254.30.1
tunnelIkeConfig:
ikeMode: aggressive
ikeVersion: ikev2
localId: localid_tunnel2
psk: '12345678'
remoteId: remote2
ikeAuthAlg: md5
ikeEncAlg: aes256
ikeLifetime: '3600'
ikePfs: group14
- tunnelIkeConfig:
remoteId: remote24
ikeEncAlg: aes256
ikeLifetime: '27000'
ikeMode: aggressive
ikePfs: group5
ikeAuthAlg: md5
ikeVersion: ikev2
localId: localid_tunnel2
psk: '12345678'
tunnelIpsecConfig:
ipsecLifetime: '2700'
ipsecPfs: group14
ipsecAuthAlg: md5
ipsecEncAlg: aes256
customerGatewayId: ${defaultCustomerGateway.id}
role: slave
tunnelBgpConfig:
localAsn: '1219002'
localBgpIp: 169.254.40.1
tunnelCidr: 169.254.40.0/30
variables:
default:
fn::invoke:
function: alicloud:vpn:getGatewayZones
arguments:
spec: 5M
Create Connection Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);@overload
def Connection(resource_name: str,
args: ConnectionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Connection(resource_name: str,
opts: Optional[ResourceOptions] = None,
local_subnets: Optional[Sequence[str]] = None,
vpn_gateway_id: Optional[str] = None,
remote_subnets: Optional[Sequence[str]] = None,
ike_config: Optional[ConnectionIkeConfigArgs] = None,
effect_immediately: Optional[bool] = None,
enable_nat_traversal: Optional[bool] = None,
enable_tunnels_bgp: Optional[bool] = None,
health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
auto_config_route: Optional[bool] = None,
ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
enable_dpd: Optional[bool] = None,
name: Optional[str] = None,
network_type: Optional[str] = None,
customer_gateway_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tunnel_options_specifications: Optional[Sequence[ConnectionTunnelOptionsSpecificationArgs]] = None,
vpn_connection_name: Optional[str] = None,
bgp_config: Optional[ConnectionBgpConfigArgs] = None)func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: alicloud:vpn:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleconnectionResourceResourceFromVpnconnection = new AliCloud.Vpn.Connection("exampleconnectionResourceResourceFromVpnconnection", new()
{
LocalSubnets = new[]
{
"string",
},
VpnGatewayId = "string",
RemoteSubnets = new[]
{
"string",
},
IkeConfig = new AliCloud.Vpn.Inputs.ConnectionIkeConfigArgs
{
IkeAuthAlg = "string",
IkeEncAlg = "string",
IkeLifetime = 0,
IkeLocalId = "string",
IkeMode = "string",
IkePfs = "string",
IkeRemoteId = "string",
IkeVersion = "string",
Psk = "string",
},
EffectImmediately = false,
EnableNatTraversal = false,
EnableTunnelsBgp = false,
HealthCheckConfig = new AliCloud.Vpn.Inputs.ConnectionHealthCheckConfigArgs
{
Dip = "string",
Enable = false,
Interval = 0,
Retry = 0,
Sip = "string",
},
AutoConfigRoute = false,
IpsecConfig = new AliCloud.Vpn.Inputs.ConnectionIpsecConfigArgs
{
IpsecAuthAlg = "string",
IpsecEncAlg = "string",
IpsecLifetime = 0,
IpsecPfs = "string",
},
EnableDpd = false,
NetworkType = "string",
CustomerGatewayId = "string",
Tags =
{
{ "string", "string" },
},
TunnelOptionsSpecifications = new[]
{
new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationArgs
{
CustomerGatewayId = "string",
EnableDpd = false,
EnableNatTraversal = false,
InternetIp = "string",
Role = "string",
State = "string",
Status = "string",
TunnelBgpConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs
{
BgpStatus = "string",
LocalAsn = "string",
LocalBgpIp = "string",
PeerAsn = "string",
PeerBgpIp = "string",
TunnelCidr = "string",
},
TunnelId = "string",
TunnelIkeConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs
{
IkeAuthAlg = "string",
IkeEncAlg = "string",
IkeLifetime = 0,
IkeMode = "string",
IkePfs = "string",
IkeVersion = "string",
LocalId = "string",
Psk = "string",
RemoteId = "string",
},
TunnelIpsecConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs
{
IpsecAuthAlg = "string",
IpsecEncAlg = "string",
IpsecLifetime = 0,
IpsecPfs = "string",
},
ZoneNo = "string",
},
},
VpnConnectionName = "string",
BgpConfig = new AliCloud.Vpn.Inputs.ConnectionBgpConfigArgs
{
Enable = false,
LocalAsn = "string",
LocalBgpIp = "string",
Status = "string",
TunnelCidr = "string",
},
});
example, err := vpn.NewConnection(ctx, "exampleconnectionResourceResourceFromVpnconnection", &vpn.ConnectionArgs{
LocalSubnets: pulumi.StringArray{
pulumi.String("string"),
},
VpnGatewayId: pulumi.String("string"),
RemoteSubnets: pulumi.StringArray{
pulumi.String("string"),
},
IkeConfig: &vpn.ConnectionIkeConfigArgs{
IkeAuthAlg: pulumi.String("string"),
IkeEncAlg: pulumi.String("string"),
IkeLifetime: pulumi.Int(0),
IkeLocalId: pulumi.String("string"),
IkeMode: pulumi.String("string"),
IkePfs: pulumi.String("string"),
IkeRemoteId: pulumi.String("string"),
IkeVersion: pulumi.String("string"),
Psk: pulumi.String("string"),
},
EffectImmediately: pulumi.Bool(false),
EnableNatTraversal: pulumi.Bool(false),
EnableTunnelsBgp: pulumi.Bool(false),
HealthCheckConfig: &vpn.ConnectionHealthCheckConfigArgs{
Dip: pulumi.String("string"),
Enable: pulumi.Bool(false),
Interval: pulumi.Int(0),
Retry: pulumi.Int(0),
Sip: pulumi.String("string"),
},
AutoConfigRoute: pulumi.Bool(false),
IpsecConfig: &vpn.ConnectionIpsecConfigArgs{
IpsecAuthAlg: pulumi.String("string"),
IpsecEncAlg: pulumi.String("string"),
IpsecLifetime: pulumi.Int(0),
IpsecPfs: pulumi.String("string"),
},
EnableDpd: pulumi.Bool(false),
NetworkType: pulumi.String("string"),
CustomerGatewayId: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TunnelOptionsSpecifications: vpn.ConnectionTunnelOptionsSpecificationArray{
&vpn.ConnectionTunnelOptionsSpecificationArgs{
CustomerGatewayId: pulumi.String("string"),
EnableDpd: pulumi.Bool(false),
EnableNatTraversal: pulumi.Bool(false),
InternetIp: pulumi.String("string"),
Role: pulumi.String("string"),
State: pulumi.String("string"),
Status: pulumi.String("string"),
TunnelBgpConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs{
BgpStatus: pulumi.String("string"),
LocalAsn: pulumi.String("string"),
LocalBgpIp: pulumi.String("string"),
PeerAsn: pulumi.String("string"),
PeerBgpIp: pulumi.String("string"),
TunnelCidr: pulumi.String("string"),
},
TunnelId: pulumi.String("string"),
TunnelIkeConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs{
IkeAuthAlg: pulumi.String("string"),
IkeEncAlg: pulumi.String("string"),
IkeLifetime: pulumi.Int(0),
IkeMode: pulumi.String("string"),
IkePfs: pulumi.String("string"),
IkeVersion: pulumi.String("string"),
LocalId: pulumi.String("string"),
Psk: pulumi.String("string"),
RemoteId: pulumi.String("string"),
},
TunnelIpsecConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs{
IpsecAuthAlg: pulumi.String("string"),
IpsecEncAlg: pulumi.String("string"),
IpsecLifetime: pulumi.Int(0),
IpsecPfs: pulumi.String("string"),
},
ZoneNo: pulumi.String("string"),
},
},
VpnConnectionName: pulumi.String("string"),
BgpConfig: &vpn.ConnectionBgpConfigArgs{
Enable: pulumi.Bool(false),
LocalAsn: pulumi.String("string"),
LocalBgpIp: pulumi.String("string"),
Status: pulumi.String("string"),
TunnelCidr: pulumi.String("string"),
},
})
var exampleconnectionResourceResourceFromVpnconnection = new Connection("exampleconnectionResourceResourceFromVpnconnection", ConnectionArgs.builder()
.localSubnets("string")
.vpnGatewayId("string")
.remoteSubnets("string")
.ikeConfig(ConnectionIkeConfigArgs.builder()
.ikeAuthAlg("string")
.ikeEncAlg("string")
.ikeLifetime(0)
.ikeLocalId("string")
.ikeMode("string")
.ikePfs("string")
.ikeRemoteId("string")
.ikeVersion("string")
.psk("string")
.build())
.effectImmediately(false)
.enableNatTraversal(false)
.enableTunnelsBgp(false)
.healthCheckConfig(ConnectionHealthCheckConfigArgs.builder()
.dip("string")
.enable(false)
.interval(0)
.retry(0)
.sip("string")
.build())
.autoConfigRoute(false)
.ipsecConfig(ConnectionIpsecConfigArgs.builder()
.ipsecAuthAlg("string")
.ipsecEncAlg("string")
.ipsecLifetime(0)
.ipsecPfs("string")
.build())
.enableDpd(false)
.networkType("string")
.customerGatewayId("string")
.tags(Map.of("string", "string"))
.tunnelOptionsSpecifications(ConnectionTunnelOptionsSpecificationArgs.builder()
.customerGatewayId("string")
.enableDpd(false)
.enableNatTraversal(false)
.internetIp("string")
.role("string")
.state("string")
.status("string")
.tunnelBgpConfig(ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs.builder()
.bgpStatus("string")
.localAsn("string")
.localBgpIp("string")
.peerAsn("string")
.peerBgpIp("string")
.tunnelCidr("string")
.build())
.tunnelId("string")
.tunnelIkeConfig(ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs.builder()
.ikeAuthAlg("string")
.ikeEncAlg("string")
.ikeLifetime(0)
.ikeMode("string")
.ikePfs("string")
.ikeVersion("string")
.localId("string")
.psk("string")
.remoteId("string")
.build())
.tunnelIpsecConfig(ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs.builder()
.ipsecAuthAlg("string")
.ipsecEncAlg("string")
.ipsecLifetime(0)
.ipsecPfs("string")
.build())
.zoneNo("string")
.build())
.vpnConnectionName("string")
.bgpConfig(ConnectionBgpConfigArgs.builder()
.enable(false)
.localAsn("string")
.localBgpIp("string")
.status("string")
.tunnelCidr("string")
.build())
.build());
exampleconnection_resource_resource_from_vpnconnection = alicloud.vpn.Connection("exampleconnectionResourceResourceFromVpnconnection",
local_subnets=["string"],
vpn_gateway_id="string",
remote_subnets=["string"],
ike_config={
"ike_auth_alg": "string",
"ike_enc_alg": "string",
"ike_lifetime": 0,
"ike_local_id": "string",
"ike_mode": "string",
"ike_pfs": "string",
"ike_remote_id": "string",
"ike_version": "string",
"psk": "string",
},
effect_immediately=False,
enable_nat_traversal=False,
enable_tunnels_bgp=False,
health_check_config={
"dip": "string",
"enable": False,
"interval": 0,
"retry": 0,
"sip": "string",
},
auto_config_route=False,
ipsec_config={
"ipsec_auth_alg": "string",
"ipsec_enc_alg": "string",
"ipsec_lifetime": 0,
"ipsec_pfs": "string",
},
enable_dpd=False,
network_type="string",
customer_gateway_id="string",
tags={
"string": "string",
},
tunnel_options_specifications=[{
"customer_gateway_id": "string",
"enable_dpd": False,
"enable_nat_traversal": False,
"internet_ip": "string",
"role": "string",
"state": "string",
"status": "string",
"tunnel_bgp_config": {
"bgp_status": "string",
"local_asn": "string",
"local_bgp_ip": "string",
"peer_asn": "string",
"peer_bgp_ip": "string",
"tunnel_cidr": "string",
},
"tunnel_id": "string",
"tunnel_ike_config": {
"ike_auth_alg": "string",
"ike_enc_alg": "string",
"ike_lifetime": 0,
"ike_mode": "string",
"ike_pfs": "string",
"ike_version": "string",
"local_id": "string",
"psk": "string",
"remote_id": "string",
},
"tunnel_ipsec_config": {
"ipsec_auth_alg": "string",
"ipsec_enc_alg": "string",
"ipsec_lifetime": 0,
"ipsec_pfs": "string",
},
"zone_no": "string",
}],
vpn_connection_name="string",
bgp_config={
"enable": False,
"local_asn": "string",
"local_bgp_ip": "string",
"status": "string",
"tunnel_cidr": "string",
})
const exampleconnectionResourceResourceFromVpnconnection = new alicloud.vpn.Connection("exampleconnectionResourceResourceFromVpnconnection", {
localSubnets: ["string"],
vpnGatewayId: "string",
remoteSubnets: ["string"],
ikeConfig: {
ikeAuthAlg: "string",
ikeEncAlg: "string",
ikeLifetime: 0,
ikeLocalId: "string",
ikeMode: "string",
ikePfs: "string",
ikeRemoteId: "string",
ikeVersion: "string",
psk: "string",
},
effectImmediately: false,
enableNatTraversal: false,
enableTunnelsBgp: false,
healthCheckConfig: {
dip: "string",
enable: false,
interval: 0,
retry: 0,
sip: "string",
},
autoConfigRoute: false,
ipsecConfig: {
ipsecAuthAlg: "string",
ipsecEncAlg: "string",
ipsecLifetime: 0,
ipsecPfs: "string",
},
enableDpd: false,
networkType: "string",
customerGatewayId: "string",
tags: {
string: "string",
},
tunnelOptionsSpecifications: [{
customerGatewayId: "string",
enableDpd: false,
enableNatTraversal: false,
internetIp: "string",
role: "string",
state: "string",
status: "string",
tunnelBgpConfig: {
bgpStatus: "string",
localAsn: "string",
localBgpIp: "string",
peerAsn: "string",
peerBgpIp: "string",
tunnelCidr: "string",
},
tunnelId: "string",
tunnelIkeConfig: {
ikeAuthAlg: "string",
ikeEncAlg: "string",
ikeLifetime: 0,
ikeMode: "string",
ikePfs: "string",
ikeVersion: "string",
localId: "string",
psk: "string",
remoteId: "string",
},
tunnelIpsecConfig: {
ipsecAuthAlg: "string",
ipsecEncAlg: "string",
ipsecLifetime: 0,
ipsecPfs: "string",
},
zoneNo: "string",
}],
vpnConnectionName: "string",
bgpConfig: {
enable: false,
localAsn: "string",
localBgpIp: "string",
status: "string",
tunnelCidr: "string",
},
});
type: alicloud:vpn:Connection
properties:
autoConfigRoute: false
bgpConfig:
enable: false
localAsn: string
localBgpIp: string
status: string
tunnelCidr: string
customerGatewayId: string
effectImmediately: false
enableDpd: false
enableNatTraversal: false
enableTunnelsBgp: false
healthCheckConfig:
dip: string
enable: false
interval: 0
retry: 0
sip: string
ikeConfig:
ikeAuthAlg: string
ikeEncAlg: string
ikeLifetime: 0
ikeLocalId: string
ikeMode: string
ikePfs: string
ikeRemoteId: string
ikeVersion: string
psk: string
ipsecConfig:
ipsecAuthAlg: string
ipsecEncAlg: string
ipsecLifetime: 0
ipsecPfs: string
localSubnets:
- string
networkType: string
remoteSubnets:
- string
tags:
string: string
tunnelOptionsSpecifications:
- customerGatewayId: string
enableDpd: false
enableNatTraversal: false
internetIp: string
role: string
state: string
status: string
tunnelBgpConfig:
bgpStatus: string
localAsn: string
localBgpIp: string
peerAsn: string
peerBgpIp: string
tunnelCidr: string
tunnelId: string
tunnelIkeConfig:
ikeAuthAlg: string
ikeEncAlg: string
ikeLifetime: 0
ikeMode: string
ikePfs: string
ikeVersion: string
localId: string
psk: string
remoteId: string
tunnelIpsecConfig:
ipsecAuthAlg: string
ipsecEncAlg: string
ipsecLifetime: 0
ipsecPfs: string
zoneNo: string
vpnConnectionName: string
vpnGatewayId: string
Connection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Connection resource accepts the following input properties:
- Local
Subnets List<string> - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- Remote
Subnets List<string> - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- Vpn
Gateway stringId - The ID of the VPN gateway.
- Auto
Config boolRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- Bgp
Config Pulumi.Ali Cloud. Vpn. Inputs. Connection Bgp Config - vpnBgp configuration. See
bgp_configbelow. - Customer
Gateway stringId - The ID of the customer gateway.
- Effect
Immediately bool - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- Enable
Dpd bool - Wether enable Dpd detection.
- Enable
Nat boolTraversal - enable nat traversal.
- Enable
Tunnels boolBgp - Enable tunnel bgp.
- Health
Check Pulumi.Config Ali Cloud. Vpn. Inputs. Connection Health Check Config - Health Check information. See
health_check_configbelow. - Ike
Config Pulumi.Ali Cloud. Vpn. Inputs. Connection Ike Config - The configuration of Phase 1 negotiations. See
ike_configbelow. - Ipsec
Config Pulumi.Ali Cloud. Vpn. Inputs. Connection Ipsec Config - IPsec configuration. See
ipsec_configbelow. - Name string
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- Network
Type string - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- Dictionary<string, string>
- Tags.
- Tunnel
Options List<Pulumi.Specifications Ali Cloud. Vpn. Inputs. Connection Tunnel Options Specification> - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - Vpn
Connection stringName - The name of the IPsec-VPN connection.
- Local
Subnets []string - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- Remote
Subnets []string - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- Vpn
Gateway stringId - The ID of the VPN gateway.
- Auto
Config boolRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- Bgp
Config ConnectionBgp Config Args - vpnBgp configuration. See
bgp_configbelow. - Customer
Gateway stringId - The ID of the customer gateway.
- Effect
Immediately bool - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- Enable
Dpd bool - Wether enable Dpd detection.
- Enable
Nat boolTraversal - enable nat traversal.
- Enable
Tunnels boolBgp - Enable tunnel bgp.
- Health
Check ConnectionConfig Health Check Config Args - Health Check information. See
health_check_configbelow. - Ike
Config ConnectionIke Config Args - The configuration of Phase 1 negotiations. See
ike_configbelow. - Ipsec
Config ConnectionIpsec Config Args - IPsec configuration. See
ipsec_configbelow. - Name string
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- Network
Type string - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- map[string]string
- Tags.
- Tunnel
Options []ConnectionSpecifications Tunnel Options Specification Args - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - Vpn
Connection stringName - The name of the IPsec-VPN connection.
- local
Subnets List<String> - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- remote
Subnets List<String> - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- vpn
Gateway StringId - The ID of the VPN gateway.
- auto
Config BooleanRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- bgp
Config ConnectionBgp Config - vpnBgp configuration. See
bgp_configbelow. - customer
Gateway StringId - The ID of the customer gateway.
- effect
Immediately Boolean - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd Boolean - Wether enable Dpd detection.
- enable
Nat BooleanTraversal - enable nat traversal.
- enable
Tunnels BooleanBgp - Enable tunnel bgp.
- health
Check ConnectionConfig Health Check Config - Health Check information. See
health_check_configbelow. - ike
Config ConnectionIke Config - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Config ConnectionIpsec Config - IPsec configuration. See
ipsec_configbelow. - name String
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- network
Type String - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- Map<String,String>
- Tags.
- tunnel
Options List<ConnectionSpecifications Tunnel Options Specification> - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - vpn
Connection StringName - The name of the IPsec-VPN connection.
- local
Subnets string[] - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- remote
Subnets string[] - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- vpn
Gateway stringId - The ID of the VPN gateway.
- auto
Config booleanRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- bgp
Config ConnectionBgp Config - vpnBgp configuration. See
bgp_configbelow. - customer
Gateway stringId - The ID of the customer gateway.
- effect
Immediately boolean - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd boolean - Wether enable Dpd detection.
- enable
Nat booleanTraversal - enable nat traversal.
- enable
Tunnels booleanBgp - Enable tunnel bgp.
- health
Check ConnectionConfig Health Check Config - Health Check information. See
health_check_configbelow. - ike
Config ConnectionIke Config - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Config ConnectionIpsec Config - IPsec configuration. See
ipsec_configbelow. - name string
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- network
Type string - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- {[key: string]: string}
- Tags.
- tunnel
Options ConnectionSpecifications Tunnel Options Specification[] - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - vpn
Connection stringName - The name of the IPsec-VPN connection.
- local_
subnets Sequence[str] - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- remote_
subnets Sequence[str] - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- vpn_
gateway_ strid - The ID of the VPN gateway.
- auto_
config_ boolroute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- bgp_
config ConnectionBgp Config Args - vpnBgp configuration. See
bgp_configbelow. - customer_
gateway_ strid - The ID of the customer gateway.
- effect_
immediately bool - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable_
dpd bool - Wether enable Dpd detection.
- enable_
nat_ booltraversal - enable nat traversal.
- enable_
tunnels_ boolbgp - Enable tunnel bgp.
- health_
check_ Connectionconfig Health Check Config Args - Health Check information. See
health_check_configbelow. - ike_
config ConnectionIke Config Args - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec_
config ConnectionIpsec Config Args - IPsec configuration. See
ipsec_configbelow. - name str
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- network_
type str - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- Mapping[str, str]
- Tags.
- tunnel_
options_ Sequence[Connectionspecifications Tunnel Options Specification Args] - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - vpn_
connection_ strname - The name of the IPsec-VPN connection.
- local
Subnets List<String> - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- remote
Subnets List<String> - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- vpn
Gateway StringId - The ID of the VPN gateway.
- auto
Config BooleanRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- bgp
Config Property Map - vpnBgp configuration. See
bgp_configbelow. - customer
Gateway StringId - The ID of the customer gateway.
- effect
Immediately Boolean - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd Boolean - Wether enable Dpd detection.
- enable
Nat BooleanTraversal - enable nat traversal.
- enable
Tunnels BooleanBgp - Enable tunnel bgp.
- health
Check Property MapConfig - Health Check information. See
health_check_configbelow. - ike
Config Property Map - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Config Property Map - IPsec configuration. See
ipsec_configbelow. - name String
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- network
Type String - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- Map<String>
- Tags.
- tunnel
Options List<Property Map>Specifications - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - vpn
Connection StringName - The name of the IPsec-VPN connection.
Outputs
All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:
- Create
Time int - The time when the IPsec-VPN connection was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Group stringId - The ID of the resource group.
- Status string
- The negotiation status of Tunnel.
- Create
Time int - The time when the IPsec-VPN connection was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Group stringId - The ID of the resource group.
- Status string
- The negotiation status of Tunnel.
- create
Time Integer - The time when the IPsec-VPN connection was created.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Group StringId - The ID of the resource group.
- status String
- The negotiation status of Tunnel.
- create
Time number - The time when the IPsec-VPN connection was created.
- id string
- The provider-assigned unique ID for this managed resource.
- resource
Group stringId - The ID of the resource group.
- status string
- The negotiation status of Tunnel.
- create_
time int - The time when the IPsec-VPN connection was created.
- id str
- The provider-assigned unique ID for this managed resource.
- resource_
group_ strid - The ID of the resource group.
- status str
- The negotiation status of Tunnel.
- create
Time Number - The time when the IPsec-VPN connection was created.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Group StringId - The ID of the resource group.
- status String
- The negotiation status of Tunnel.
Look up Existing Connection Resource
Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auto_config_route: Optional[bool] = None,
bgp_config: Optional[ConnectionBgpConfigArgs] = None,
create_time: Optional[int] = None,
customer_gateway_id: Optional[str] = None,
effect_immediately: Optional[bool] = None,
enable_dpd: Optional[bool] = None,
enable_nat_traversal: Optional[bool] = None,
enable_tunnels_bgp: Optional[bool] = None,
health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
ike_config: Optional[ConnectionIkeConfigArgs] = None,
ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
local_subnets: Optional[Sequence[str]] = None,
name: Optional[str] = None,
network_type: Optional[str] = None,
remote_subnets: Optional[Sequence[str]] = None,
resource_group_id: Optional[str] = None,
status: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tunnel_options_specifications: Optional[Sequence[ConnectionTunnelOptionsSpecificationArgs]] = None,
vpn_connection_name: Optional[str] = None,
vpn_gateway_id: Optional[str] = None) -> Connectionfunc GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)resources: _: type: alicloud:vpn:Connection get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auto
Config boolRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- Bgp
Config Pulumi.Ali Cloud. Vpn. Inputs. Connection Bgp Config - vpnBgp configuration. See
bgp_configbelow. - Create
Time int - The time when the IPsec-VPN connection was created.
- Customer
Gateway stringId - The ID of the customer gateway.
- Effect
Immediately bool - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- Enable
Dpd bool - Wether enable Dpd detection.
- Enable
Nat boolTraversal - enable nat traversal.
- Enable
Tunnels boolBgp - Enable tunnel bgp.
- Health
Check Pulumi.Config Ali Cloud. Vpn. Inputs. Connection Health Check Config - Health Check information. See
health_check_configbelow. - Ike
Config Pulumi.Ali Cloud. Vpn. Inputs. Connection Ike Config - The configuration of Phase 1 negotiations. See
ike_configbelow. - Ipsec
Config Pulumi.Ali Cloud. Vpn. Inputs. Connection Ipsec Config - IPsec configuration. See
ipsec_configbelow. - Local
Subnets List<string> - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- Name string
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- Network
Type string - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- Remote
Subnets List<string> - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- Resource
Group stringId - The ID of the resource group.
- Status string
- The negotiation status of Tunnel.
- Dictionary<string, string>
- Tags.
- Tunnel
Options List<Pulumi.Specifications Ali Cloud. Vpn. Inputs. Connection Tunnel Options Specification> - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - Vpn
Connection stringName - The name of the IPsec-VPN connection.
- Vpn
Gateway stringId - The ID of the VPN gateway.
- Auto
Config boolRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- Bgp
Config ConnectionBgp Config Args - vpnBgp configuration. See
bgp_configbelow. - Create
Time int - The time when the IPsec-VPN connection was created.
- Customer
Gateway stringId - The ID of the customer gateway.
- Effect
Immediately bool - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- Enable
Dpd bool - Wether enable Dpd detection.
- Enable
Nat boolTraversal - enable nat traversal.
- Enable
Tunnels boolBgp - Enable tunnel bgp.
- Health
Check ConnectionConfig Health Check Config Args - Health Check information. See
health_check_configbelow. - Ike
Config ConnectionIke Config Args - The configuration of Phase 1 negotiations. See
ike_configbelow. - Ipsec
Config ConnectionIpsec Config Args - IPsec configuration. See
ipsec_configbelow. - Local
Subnets []string - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- Name string
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- Network
Type string - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- Remote
Subnets []string - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- Resource
Group stringId - The ID of the resource group.
- Status string
- The negotiation status of Tunnel.
- map[string]string
- Tags.
- Tunnel
Options []ConnectionSpecifications Tunnel Options Specification Args - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - Vpn
Connection stringName - The name of the IPsec-VPN connection.
- Vpn
Gateway stringId - The ID of the VPN gateway.
- auto
Config BooleanRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- bgp
Config ConnectionBgp Config - vpnBgp configuration. See
bgp_configbelow. - create
Time Integer - The time when the IPsec-VPN connection was created.
- customer
Gateway StringId - The ID of the customer gateway.
- effect
Immediately Boolean - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd Boolean - Wether enable Dpd detection.
- enable
Nat BooleanTraversal - enable nat traversal.
- enable
Tunnels BooleanBgp - Enable tunnel bgp.
- health
Check ConnectionConfig Health Check Config - Health Check information. See
health_check_configbelow. - ike
Config ConnectionIke Config - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Config ConnectionIpsec Config - IPsec configuration. See
ipsec_configbelow. - local
Subnets List<String> - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- name String
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- network
Type String - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- remote
Subnets List<String> - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- resource
Group StringId - The ID of the resource group.
- status String
- The negotiation status of Tunnel.
- Map<String,String>
- Tags.
- tunnel
Options List<ConnectionSpecifications Tunnel Options Specification> - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - vpn
Connection StringName - The name of the IPsec-VPN connection.
- vpn
Gateway StringId - The ID of the VPN gateway.
- auto
Config booleanRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- bgp
Config ConnectionBgp Config - vpnBgp configuration. See
bgp_configbelow. - create
Time number - The time when the IPsec-VPN connection was created.
- customer
Gateway stringId - The ID of the customer gateway.
- effect
Immediately boolean - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd boolean - Wether enable Dpd detection.
- enable
Nat booleanTraversal - enable nat traversal.
- enable
Tunnels booleanBgp - Enable tunnel bgp.
- health
Check ConnectionConfig Health Check Config - Health Check information. See
health_check_configbelow. - ike
Config ConnectionIke Config - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Config ConnectionIpsec Config - IPsec configuration. See
ipsec_configbelow. - local
Subnets string[] - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- name string
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- network
Type string - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- remote
Subnets string[] - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- resource
Group stringId - The ID of the resource group.
- status string
- The negotiation status of Tunnel.
- {[key: string]: string}
- Tags.
- tunnel
Options ConnectionSpecifications Tunnel Options Specification[] - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - vpn
Connection stringName - The name of the IPsec-VPN connection.
- vpn
Gateway stringId - The ID of the VPN gateway.
- auto_
config_ boolroute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- bgp_
config ConnectionBgp Config Args - vpnBgp configuration. See
bgp_configbelow. - create_
time int - The time when the IPsec-VPN connection was created.
- customer_
gateway_ strid - The ID of the customer gateway.
- effect_
immediately bool - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable_
dpd bool - Wether enable Dpd detection.
- enable_
nat_ booltraversal - enable nat traversal.
- enable_
tunnels_ boolbgp - Enable tunnel bgp.
- health_
check_ Connectionconfig Health Check Config Args - Health Check information. See
health_check_configbelow. - ike_
config ConnectionIke Config Args - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec_
config ConnectionIpsec Config Args - IPsec configuration. See
ipsec_configbelow. - local_
subnets Sequence[str] - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- name str
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- network_
type str - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- remote_
subnets Sequence[str] - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- resource_
group_ strid - The ID of the resource group.
- status str
- The negotiation status of Tunnel.
- Mapping[str, str]
- Tags.
- tunnel_
options_ Sequence[Connectionspecifications Tunnel Options Specification Args] - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - vpn_
connection_ strname - The name of the IPsec-VPN connection.
- vpn_
gateway_ strid - The ID of the VPN gateway.
- auto
Config BooleanRoute - Whether to configure routing automatically. Value:
- true: Automatically configure routes.
- false: does not automatically configure routes.
- bgp
Config Property Map - vpnBgp configuration. See
bgp_configbelow. - create
Time Number - The time when the IPsec-VPN connection was created.
- customer
Gateway StringId - The ID of the customer gateway.
- effect
Immediately Boolean - Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd Boolean - Wether enable Dpd detection.
- enable
Nat BooleanTraversal - enable nat traversal.
- enable
Tunnels BooleanBgp - Enable tunnel bgp.
- health
Check Property MapConfig - Health Check information. See
health_check_configbelow. - ike
Config Property Map - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Config Property Map - IPsec configuration. See
ipsec_configbelow. - local
Subnets List<String> - The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
- name String
- . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.
- network
Type String - The network type of the IPsec connection. Value:
- public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
- private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
- remote
Subnets List<String> - The CIDR block of the local data center. This parameter is used for phase-two negotiation.
- resource
Group StringId - The ID of the resource group.
- status String
- The negotiation status of Tunnel.
- Map<String>
- Tags.
- tunnel
Options List<Property Map>Specifications - The tunnel options of IPsec. See
tunnel_options_specificationbelow. - vpn
Connection StringName - The name of the IPsec-VPN connection.
- vpn
Gateway StringId - The ID of the VPN gateway.
Supporting Types
ConnectionBgpConfig, ConnectionBgpConfigArgs
- Enable bool
- specifies whether to enable BGP. Valid values: true and false (default).
- Local
Asn string - the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104. You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format. For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
- Local
Bgp stringIp - the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
- Status string
- The negotiation status of Tunnel.
- Tunnel
Cidr string - The CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16 and the subnet mask is 30 bits in length.
- Enable bool
- specifies whether to enable BGP. Valid values: true and false (default).
- Local
Asn string - the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104. You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format. For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
- Local
Bgp stringIp - the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
- Status string
- The negotiation status of Tunnel.
- Tunnel
Cidr string - The CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16 and the subnet mask is 30 bits in length.
- enable Boolean
- specifies whether to enable BGP. Valid values: true and false (default).
- local
Asn String - the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104. You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format. For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
- local
Bgp StringIp - the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
- status String
- The negotiation status of Tunnel.
- tunnel
Cidr String - The CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16 and the subnet mask is 30 bits in length.
- enable boolean
- specifies whether to enable BGP. Valid values: true and false (default).
- local
Asn string - the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104. You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format. For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
- local
Bgp stringIp - the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
- status string
- The negotiation status of Tunnel.
- tunnel
Cidr string - The CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16 and the subnet mask is 30 bits in length.
- enable bool
- specifies whether to enable BGP. Valid values: true and false (default).
- local_
asn str - the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104. You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format. For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
- local_
bgp_ strip - the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
- status str
- The negotiation status of Tunnel.
- tunnel_
cidr str - The CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16 and the subnet mask is 30 bits in length.
- enable Boolean
- specifies whether to enable BGP. Valid values: true and false (default).
- local
Asn String - the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104. You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format. For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
- local
Bgp StringIp - the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
- status String
- The negotiation status of Tunnel.
- tunnel
Cidr String - The CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16 and the subnet mask is 30 bits in length.
ConnectionHealthCheckConfig, ConnectionHealthCheckConfigArgs
- Dip string
- the destination IP address configured for health checks.
- Enable bool
- specifies whether to enable health checks. Valid values: true and false. Default value: false.
- Interval int
- the time interval of health check retries. Unit: seconds. Default value: 3.
- Retry int
- the maximum number of health check retries. Default value: 3.
- Sip string
- the source IP address that is used for health checks.
- Dip string
- the destination IP address configured for health checks.
- Enable bool
- specifies whether to enable health checks. Valid values: true and false. Default value: false.
- Interval int
- the time interval of health check retries. Unit: seconds. Default value: 3.
- Retry int
- the maximum number of health check retries. Default value: 3.
- Sip string
- the source IP address that is used for health checks.
- dip String
- the destination IP address configured for health checks.
- enable Boolean
- specifies whether to enable health checks. Valid values: true and false. Default value: false.
- interval Integer
- the time interval of health check retries. Unit: seconds. Default value: 3.
- retry Integer
- the maximum number of health check retries. Default value: 3.
- sip String
- the source IP address that is used for health checks.
- dip string
- the destination IP address configured for health checks.
- enable boolean
- specifies whether to enable health checks. Valid values: true and false. Default value: false.
- interval number
- the time interval of health check retries. Unit: seconds. Default value: 3.
- retry number
- the maximum number of health check retries. Default value: 3.
- sip string
- the source IP address that is used for health checks.
- dip str
- the destination IP address configured for health checks.
- enable bool
- specifies whether to enable health checks. Valid values: true and false. Default value: false.
- interval int
- the time interval of health check retries. Unit: seconds. Default value: 3.
- retry int
- the maximum number of health check retries. Default value: 3.
- sip str
- the source IP address that is used for health checks.
- dip String
- the destination IP address configured for health checks.
- enable Boolean
- specifies whether to enable health checks. Valid values: true and false. Default value: false.
- interval Number
- the time interval of health check retries. Unit: seconds. Default value: 3.
- retry Number
- the maximum number of health check retries. Default value: 3.
- sip String
- the source IP address that is used for health checks.
ConnectionIkeConfig, ConnectionIkeConfigArgs
- Ike
Auth stringAlg - the authentication algorithm that is used in Phase 1 negotiations. Valid values: md5, sha1, sha2
- Ike
Enc stringAlg - the encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- Ike
Lifetime int - the SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- Ike
Local stringId - the identifier of the VPN gateway. It can contain at most 100 characters. The default value is the IP address of the VPN gateway.
- Ike
Mode string - the negotiation mode of IKE. Valid values: main and aggressive. Default value: main.
- main: This mode offers higher security during negotiations.
- aggressive: This mode supports faster negotiations and a higher success rate.
- Ike
Pfs string - the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14. Default value: group2.
- Ike
Remote stringId - the identifier of the customer gateway. It can contain at most 100 characters. The default value is the IP address of the customer gateway.
- Ike
Version string - the version of the Internet Key Exchange (IKE) protocol. Valid values: ikev1 and ikev2. Default value: ikev1. Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and provides better support for scenarios with multiple CIDR blocks.
- Psk string
- the pre-shared key that is used for identity authentication between the VPN gateway and the on-premises data center. The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ~!`@#$%^&*()_-+={}[]|;:',.<>/? If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the DescribeVpnConnection operation to query the pre-shared key that is automatically generated by the system.
- Ike
Auth stringAlg - the authentication algorithm that is used in Phase 1 negotiations. Valid values: md5, sha1, sha2
- Ike
Enc stringAlg - the encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- Ike
Lifetime int - the SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- Ike
Local stringId - the identifier of the VPN gateway. It can contain at most 100 characters. The default value is the IP address of the VPN gateway.
- Ike
Mode string - the negotiation mode of IKE. Valid values: main and aggressive. Default value: main.
- main: This mode offers higher security during negotiations.
- aggressive: This mode supports faster negotiations and a higher success rate.
- Ike
Pfs string - the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14. Default value: group2.
- Ike
Remote stringId - the identifier of the customer gateway. It can contain at most 100 characters. The default value is the IP address of the customer gateway.
- Ike
Version string - the version of the Internet Key Exchange (IKE) protocol. Valid values: ikev1 and ikev2. Default value: ikev1. Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and provides better support for scenarios with multiple CIDR blocks.
- Psk string
- the pre-shared key that is used for identity authentication between the VPN gateway and the on-premises data center. The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ~!`@#$%^&*()_-+={}[]|;:',.<>/? If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the DescribeVpnConnection operation to query the pre-shared key that is automatically generated by the system.
- ike
Auth StringAlg - the authentication algorithm that is used in Phase 1 negotiations. Valid values: md5, sha1, sha2
- ike
Enc StringAlg - the encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ike
Lifetime Integer - the SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ike
Local StringId - the identifier of the VPN gateway. It can contain at most 100 characters. The default value is the IP address of the VPN gateway.
- ike
Mode String - the negotiation mode of IKE. Valid values: main and aggressive. Default value: main.
- main: This mode offers higher security during negotiations.
- aggressive: This mode supports faster negotiations and a higher success rate.
- ike
Pfs String - the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14. Default value: group2.
- ike
Remote StringId - the identifier of the customer gateway. It can contain at most 100 characters. The default value is the IP address of the customer gateway.
- ike
Version String - the version of the Internet Key Exchange (IKE) protocol. Valid values: ikev1 and ikev2. Default value: ikev1. Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and provides better support for scenarios with multiple CIDR blocks.
- psk String
- the pre-shared key that is used for identity authentication between the VPN gateway and the on-premises data center. The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ~!`@#$%^&*()_-+={}[]|;:',.<>/? If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the DescribeVpnConnection operation to query the pre-shared key that is automatically generated by the system.
- ike
Auth stringAlg - the authentication algorithm that is used in Phase 1 negotiations. Valid values: md5, sha1, sha2
- ike
Enc stringAlg - the encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ike
Lifetime number - the SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ike
Local stringId - the identifier of the VPN gateway. It can contain at most 100 characters. The default value is the IP address of the VPN gateway.
- ike
Mode string - the negotiation mode of IKE. Valid values: main and aggressive. Default value: main.
- main: This mode offers higher security during negotiations.
- aggressive: This mode supports faster negotiations and a higher success rate.
- ike
Pfs string - the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14. Default value: group2.
- ike
Remote stringId - the identifier of the customer gateway. It can contain at most 100 characters. The default value is the IP address of the customer gateway.
- ike
Version string - the version of the Internet Key Exchange (IKE) protocol. Valid values: ikev1 and ikev2. Default value: ikev1. Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and provides better support for scenarios with multiple CIDR blocks.
- psk string
- the pre-shared key that is used for identity authentication between the VPN gateway and the on-premises data center. The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ~!`@#$%^&*()_-+={}[]|;:',.<>/? If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the DescribeVpnConnection operation to query the pre-shared key that is automatically generated by the system.
- ike_
auth_ stralg - the authentication algorithm that is used in Phase 1 negotiations. Valid values: md5, sha1, sha2
- ike_
enc_ stralg - the encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ike_
lifetime int - the SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ike_
local_ strid - the identifier of the VPN gateway. It can contain at most 100 characters. The default value is the IP address of the VPN gateway.
- ike_
mode str - the negotiation mode of IKE. Valid values: main and aggressive. Default value: main.
- main: This mode offers higher security during negotiations.
- aggressive: This mode supports faster negotiations and a higher success rate.
- ike_
pfs str - the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14. Default value: group2.
- ike_
remote_ strid - the identifier of the customer gateway. It can contain at most 100 characters. The default value is the IP address of the customer gateway.
- ike_
version str - the version of the Internet Key Exchange (IKE) protocol. Valid values: ikev1 and ikev2. Default value: ikev1. Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and provides better support for scenarios with multiple CIDR blocks.
- psk str
- the pre-shared key that is used for identity authentication between the VPN gateway and the on-premises data center. The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ~!`@#$%^&*()_-+={}[]|;:',.<>/? If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the DescribeVpnConnection operation to query the pre-shared key that is automatically generated by the system.
- ike
Auth StringAlg - the authentication algorithm that is used in Phase 1 negotiations. Valid values: md5, sha1, sha2
- ike
Enc StringAlg - the encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ike
Lifetime Number - the SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ike
Local StringId - the identifier of the VPN gateway. It can contain at most 100 characters. The default value is the IP address of the VPN gateway.
- ike
Mode String - the negotiation mode of IKE. Valid values: main and aggressive. Default value: main.
- main: This mode offers higher security during negotiations.
- aggressive: This mode supports faster negotiations and a higher success rate.
- ike
Pfs String - the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14. Default value: group2.
- ike
Remote StringId - the identifier of the customer gateway. It can contain at most 100 characters. The default value is the IP address of the customer gateway.
- ike
Version String - the version of the Internet Key Exchange (IKE) protocol. Valid values: ikev1 and ikev2. Default value: ikev1. Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and provides better support for scenarios with multiple CIDR blocks.
- psk String
- the pre-shared key that is used for identity authentication between the VPN gateway and the on-premises data center. The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ~!`@#$%^&*()_-+={}[]|;:',.<>/? If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the DescribeVpnConnection operation to query the pre-shared key that is automatically generated by the system.
ConnectionIpsecConfig, ConnectionIpsecConfigArgs
- Ipsec
Auth stringAlg - the authentication algorithm that is used in Phase 2 negotiations. Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.
- Ipsec
Enc stringAlg - the encryption algorithm that is used in Phase 2 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- Ipsec
Lifetime int - the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- Ipsec
Pfs string - the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: disabled, group1, group2, group5, and group14. Default value: group2.
- Ipsec
Auth stringAlg - the authentication algorithm that is used in Phase 2 negotiations. Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.
- Ipsec
Enc stringAlg - the encryption algorithm that is used in Phase 2 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- Ipsec
Lifetime int - the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- Ipsec
Pfs string - the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: disabled, group1, group2, group5, and group14. Default value: group2.
- ipsec
Auth StringAlg - the authentication algorithm that is used in Phase 2 negotiations. Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.
- ipsec
Enc StringAlg - the encryption algorithm that is used in Phase 2 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ipsec
Lifetime Integer - the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ipsec
Pfs String - the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: disabled, group1, group2, group5, and group14. Default value: group2.
- ipsec
Auth stringAlg - the authentication algorithm that is used in Phase 2 negotiations. Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.
- ipsec
Enc stringAlg - the encryption algorithm that is used in Phase 2 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ipsec
Lifetime number - the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ipsec
Pfs string - the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: disabled, group1, group2, group5, and group14. Default value: group2.
- ipsec_
auth_ stralg - the authentication algorithm that is used in Phase 2 negotiations. Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.
- ipsec_
enc_ stralg - the encryption algorithm that is used in Phase 2 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ipsec_
lifetime int - the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ipsec_
pfs str - the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: disabled, group1, group2, group5, and group14. Default value: group2.
- ipsec
Auth StringAlg - the authentication algorithm that is used in Phase 2 negotiations. Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.
- ipsec
Enc StringAlg - the encryption algorithm that is used in Phase 2 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ipsec
Lifetime Number - the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ipsec
Pfs String - the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: disabled, group1, group2, group5, and group14. Default value: group2.
ConnectionTunnelOptionsSpecification, ConnectionTunnelOptionsSpecificationArgs
- Customer
Gateway stringId - The ID of the customer gateway in Tunnel.
- Enable
Dpd bool - Wether enable Dpd detection.
- Enable
Nat boolTraversal - enable nat traversal.
- Internet
Ip string - The local internet IP in Tunnel.
- Role string
- The role of Tunnel.
- State string
- The state of Tunnel.
- Status string
- The negotiation status of Tunnel.
- Tunnel
Bgp Pulumi.Config Ali Cloud. Vpn. Inputs. Connection Tunnel Options Specification Tunnel Bgp Config - The bgp config of Tunnel. See
tunnel_bgp_configbelow. - Tunnel
Id string - The tunnel ID of IPsec-VPN connection.
- Tunnel
Ike Pulumi.Config Ali Cloud. Vpn. Inputs. Connection Tunnel Options Specification Tunnel Ike Config - The configuration of Phase 1 negotiations in Tunnel. See
tunnel_ike_configbelow. - Tunnel
Ipsec Pulumi.Config Ali Cloud. Vpn. Inputs. Connection Tunnel Options Specification Tunnel Ipsec Config - IPsec configuration in Tunnel. See
tunnel_ipsec_configbelow. - Zone
No string - The zoneNo of tunnel.
- Customer
Gateway stringId - The ID of the customer gateway in Tunnel.
- Enable
Dpd bool - Wether enable Dpd detection.
- Enable
Nat boolTraversal - enable nat traversal.
- Internet
Ip string - The local internet IP in Tunnel.
- Role string
- The role of Tunnel.
- State string
- The state of Tunnel.
- Status string
- The negotiation status of Tunnel.
- Tunnel
Bgp ConnectionConfig Tunnel Options Specification Tunnel Bgp Config - The bgp config of Tunnel. See
tunnel_bgp_configbelow. - Tunnel
Id string - The tunnel ID of IPsec-VPN connection.
- Tunnel
Ike ConnectionConfig Tunnel Options Specification Tunnel Ike Config - The configuration of Phase 1 negotiations in Tunnel. See
tunnel_ike_configbelow. - Tunnel
Ipsec ConnectionConfig Tunnel Options Specification Tunnel Ipsec Config - IPsec configuration in Tunnel. See
tunnel_ipsec_configbelow. - Zone
No string - The zoneNo of tunnel.
- customer
Gateway StringId - The ID of the customer gateway in Tunnel.
- enable
Dpd Boolean - Wether enable Dpd detection.
- enable
Nat BooleanTraversal - enable nat traversal.
- internet
Ip String - The local internet IP in Tunnel.
- role String
- The role of Tunnel.
- state String
- The state of Tunnel.
- status String
- The negotiation status of Tunnel.
- tunnel
Bgp ConnectionConfig Tunnel Options Specification Tunnel Bgp Config - The bgp config of Tunnel. See
tunnel_bgp_configbelow. - tunnel
Id String - The tunnel ID of IPsec-VPN connection.
- tunnel
Ike ConnectionConfig Tunnel Options Specification Tunnel Ike Config - The configuration of Phase 1 negotiations in Tunnel. See
tunnel_ike_configbelow. - tunnel
Ipsec ConnectionConfig Tunnel Options Specification Tunnel Ipsec Config - IPsec configuration in Tunnel. See
tunnel_ipsec_configbelow. - zone
No String - The zoneNo of tunnel.
- customer
Gateway stringId - The ID of the customer gateway in Tunnel.
- enable
Dpd boolean - Wether enable Dpd detection.
- enable
Nat booleanTraversal - enable nat traversal.
- internet
Ip string - The local internet IP in Tunnel.
- role string
- The role of Tunnel.
- state string
- The state of Tunnel.
- status string
- The negotiation status of Tunnel.
- tunnel
Bgp ConnectionConfig Tunnel Options Specification Tunnel Bgp Config - The bgp config of Tunnel. See
tunnel_bgp_configbelow. - tunnel
Id string - The tunnel ID of IPsec-VPN connection.
- tunnel
Ike ConnectionConfig Tunnel Options Specification Tunnel Ike Config - The configuration of Phase 1 negotiations in Tunnel. See
tunnel_ike_configbelow. - tunnel
Ipsec ConnectionConfig Tunnel Options Specification Tunnel Ipsec Config - IPsec configuration in Tunnel. See
tunnel_ipsec_configbelow. - zone
No string - The zoneNo of tunnel.
- customer_
gateway_ strid - The ID of the customer gateway in Tunnel.
- enable_
dpd bool - Wether enable Dpd detection.
- enable_
nat_ booltraversal - enable nat traversal.
- internet_
ip str - The local internet IP in Tunnel.
- role str
- The role of Tunnel.
- state str
- The state of Tunnel.
- status str
- The negotiation status of Tunnel.
- tunnel_
bgp_ Connectionconfig Tunnel Options Specification Tunnel Bgp Config - The bgp config of Tunnel. See
tunnel_bgp_configbelow. - tunnel_
id str - The tunnel ID of IPsec-VPN connection.
- tunnel_
ike_ Connectionconfig Tunnel Options Specification Tunnel Ike Config - The configuration of Phase 1 negotiations in Tunnel. See
tunnel_ike_configbelow. - tunnel_
ipsec_ Connectionconfig Tunnel Options Specification Tunnel Ipsec Config - IPsec configuration in Tunnel. See
tunnel_ipsec_configbelow. - zone_
no str - The zoneNo of tunnel.
- customer
Gateway StringId - The ID of the customer gateway in Tunnel.
- enable
Dpd Boolean - Wether enable Dpd detection.
- enable
Nat BooleanTraversal - enable nat traversal.
- internet
Ip String - The local internet IP in Tunnel.
- role String
- The role of Tunnel.
- state String
- The state of Tunnel.
- status String
- The negotiation status of Tunnel.
- tunnel
Bgp Property MapConfig - The bgp config of Tunnel. See
tunnel_bgp_configbelow. - tunnel
Id String - The tunnel ID of IPsec-VPN connection.
- tunnel
Ike Property MapConfig - The configuration of Phase 1 negotiations in Tunnel. See
tunnel_ike_configbelow. - tunnel
Ipsec Property MapConfig - IPsec configuration in Tunnel. See
tunnel_ipsec_configbelow. - zone
No String - The zoneNo of tunnel.
ConnectionTunnelOptionsSpecificationTunnelBgpConfig, ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs
- Bgp
Status string - Whether BGP function is turned on.
- Local
Asn string - Local
Bgp stringIp - Peer
Asn string - Peer asn.
- Peer
Bgp stringIp - Peer bgp ip.
- Tunnel
Cidr string
- Bgp
Status string - Whether BGP function is turned on.
- Local
Asn string - Local
Bgp stringIp - Peer
Asn string - Peer asn.
- Peer
Bgp stringIp - Peer bgp ip.
- Tunnel
Cidr string
- bgp
Status String - Whether BGP function is turned on.
- local
Asn String - local
Bgp StringIp - peer
Asn String - Peer asn.
- peer
Bgp StringIp - Peer bgp ip.
- tunnel
Cidr String
- bgp
Status string - Whether BGP function is turned on.
- local
Asn string - local
Bgp stringIp - peer
Asn string - Peer asn.
- peer
Bgp stringIp - Peer bgp ip.
- tunnel
Cidr string
- bgp_
status str - Whether BGP function is turned on.
- local_
asn str - local_
bgp_ strip - peer_
asn str - Peer asn.
- peer_
bgp_ strip - Peer bgp ip.
- tunnel_
cidr str
- bgp
Status String - Whether BGP function is turned on.
- local
Asn String - local
Bgp StringIp - peer
Asn String - Peer asn.
- peer
Bgp StringIp - Peer bgp ip.
- tunnel
Cidr String
ConnectionTunnelOptionsSpecificationTunnelIkeConfig, ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs
- Ike
Auth stringAlg - Ike
Enc stringAlg - Ike
Lifetime int - Ike
Mode string - Ike
Pfs string - Ike
Version string - Local
Id string - The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the tunnel. LocalId supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- Psk string
- Remote
Id string - The identifier of the tunnel peer, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the customer gateway that is associated with the tunnel. RemoteId supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- Ike
Auth stringAlg - Ike
Enc stringAlg - Ike
Lifetime int - Ike
Mode string - Ike
Pfs string - Ike
Version string - Local
Id string - The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the tunnel. LocalId supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- Psk string
- Remote
Id string - The identifier of the tunnel peer, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the customer gateway that is associated with the tunnel. RemoteId supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- ike
Auth StringAlg - ike
Enc StringAlg - ike
Lifetime Integer - ike
Mode String - ike
Pfs String - ike
Version String - local
Id String - The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the tunnel. LocalId supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- psk String
- remote
Id String - The identifier of the tunnel peer, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the customer gateway that is associated with the tunnel. RemoteId supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- ike
Auth stringAlg - ike
Enc stringAlg - ike
Lifetime number - ike
Mode string - ike
Pfs string - ike
Version string - local
Id string - The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the tunnel. LocalId supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- psk string
- remote
Id string - The identifier of the tunnel peer, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the customer gateway that is associated with the tunnel. RemoteId supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- ike_
auth_ stralg - ike_
enc_ stralg - ike_
lifetime int - ike_
mode str - ike_
pfs str - ike_
version str - local_
id str - The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the tunnel. LocalId supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- psk str
- remote_
id str - The identifier of the tunnel peer, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the customer gateway that is associated with the tunnel. RemoteId supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- ike
Auth StringAlg - ike
Enc StringAlg - ike
Lifetime Number - ike
Mode String - ike
Pfs String - ike
Version String - local
Id String - The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the tunnel. LocalId supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
- psk String
- remote
Id String - The identifier of the tunnel peer, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the customer gateway that is associated with the tunnel. RemoteId supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to aggressive.
ConnectionTunnelOptionsSpecificationTunnelIpsecConfig, ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs
- Ipsec
Auth stringAlg - Ipsec
Enc stringAlg - Ipsec
Lifetime int - Ipsec
Pfs string
- Ipsec
Auth stringAlg - Ipsec
Enc stringAlg - Ipsec
Lifetime int - Ipsec
Pfs string
- ipsec
Auth StringAlg - ipsec
Enc StringAlg - ipsec
Lifetime Integer - ipsec
Pfs String
- ipsec
Auth stringAlg - ipsec
Enc stringAlg - ipsec
Lifetime number - ipsec
Pfs string
- ipsec_
auth_ stralg - ipsec_
enc_ stralg - ipsec_
lifetime int - ipsec_
pfs str
- ipsec
Auth StringAlg - ipsec
Enc StringAlg - ipsec
Lifetime Number - ipsec
Pfs String
Import
VPN connection can be imported using the id, e.g.
$ pulumi import alicloud:vpn/connection:Connection example <id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.