Alibaba Cloud v3.34.0, Mar 17 23

alicloud.vpn.Connection

Import

VPN connection can be imported using the id, e.g.

 $ pulumi import alicloud:vpn/connection:Connection example vco-abc123456

Example Usage

Basic Usage

using System.Collections.Generic;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var fooGateway = new AliCloud.Vpn.Gateway("fooGateway", new()
    {
        VpcId = "vpc-fake-id",
        Bandwidth = 10,
        EnableSsl = true,
        InstanceChargeType = "PostPaid",
        Description = "test_create_description",
    });

    var fooCustomerGateway = new AliCloud.Vpn.CustomerGateway("fooCustomerGateway", new()
    {
        IpAddress = "42.104.22.228",
        Description = "testAccVpnCgwDesc",
    });

    var fooConnection = new AliCloud.Vpn.Connection("fooConnection", new()
    {
        VpnGatewayId = fooGateway.Id,
        CustomerGatewayId = fooCustomerGateway.Id,
        LocalSubnets = new[]
        {
            "172.16.0.0/24",
            "172.16.1.0/24",
        },
        RemoteSubnets = new[]
        {
            "10.0.0.0/24",
            "10.0.1.0/24",
        },
        EffectImmediately = true,
        IkeConfig = new AliCloud.Vpn.Inputs.ConnectionIkeConfigArgs
        {
            IkeAuthAlg = "md5",
            IkeEncAlg = "des",
            IkeVersion = "ikev1",
            IkeMode = "main",
            IkeLifetime = 86400,
            Psk = "tf-testvpn2",
            IkePfs = "group1",
            IkeRemoteId = "testbob2",
            IkeLocalId = "testalice2",
        },
        IpsecConfig = new AliCloud.Vpn.Inputs.ConnectionIpsecConfigArgs
        {
            IpsecPfs = "group5",
            IpsecEncAlg = "des",
            IpsecAuthAlg = "md5",
            IpsecLifetime = 8640,
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		fooGateway, err := vpn.NewGateway(ctx, "fooGateway", &vpn.GatewayArgs{
			VpcId:              pulumi.String("vpc-fake-id"),
			Bandwidth:          pulumi.Int(10),
			EnableSsl:          pulumi.Bool(true),
			InstanceChargeType: pulumi.String("PostPaid"),
			Description:        pulumi.String("test_create_description"),
		})
		if err != nil {
			return err
		}
		fooCustomerGateway, err := vpn.NewCustomerGateway(ctx, "fooCustomerGateway", &vpn.CustomerGatewayArgs{
			IpAddress:   pulumi.String("42.104.22.228"),
			Description: pulumi.String("testAccVpnCgwDesc"),
		})
		if err != nil {
			return err
		}
		_, err = vpn.NewConnection(ctx, "fooConnection", &vpn.ConnectionArgs{
			VpnGatewayId:      fooGateway.ID(),
			CustomerGatewayId: fooCustomerGateway.ID(),
			LocalSubnets: pulumi.StringArray{
				pulumi.String("172.16.0.0/24"),
				pulumi.String("172.16.1.0/24"),
			},
			RemoteSubnets: pulumi.StringArray{
				pulumi.String("10.0.0.0/24"),
				pulumi.String("10.0.1.0/24"),
			},
			EffectImmediately: pulumi.Bool(true),
			IkeConfig: &vpn.ConnectionIkeConfigArgs{
				IkeAuthAlg:  pulumi.String("md5"),
				IkeEncAlg:   pulumi.String("des"),
				IkeVersion:  pulumi.String("ikev1"),
				IkeMode:     pulumi.String("main"),
				IkeLifetime: pulumi.Int(86400),
				Psk:         pulumi.String("tf-testvpn2"),
				IkePfs:      pulumi.String("group1"),
				IkeRemoteId: pulumi.String("testbob2"),
				IkeLocalId:  pulumi.String("testalice2"),
			},
			IpsecConfig: &vpn.ConnectionIpsecConfigArgs{
				IpsecPfs:      pulumi.String("group5"),
				IpsecEncAlg:   pulumi.String("des"),
				IpsecAuthAlg:  pulumi.String("md5"),
				IpsecLifetime: pulumi.Int(8640),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.vpn.Gateway;
import com.pulumi.alicloud.vpn.GatewayArgs;
import com.pulumi.alicloud.vpn.CustomerGateway;
import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
import com.pulumi.alicloud.vpn.Connection;
import com.pulumi.alicloud.vpn.ConnectionArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionIkeConfigArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionIpsecConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var fooGateway = new Gateway("fooGateway", GatewayArgs.builder()        
            .vpcId("vpc-fake-id")
            .bandwidth("10")
            .enableSsl(true)
            .instanceChargeType("PostPaid")
            .description("test_create_description")
            .build());

        var fooCustomerGateway = new CustomerGateway("fooCustomerGateway", CustomerGatewayArgs.builder()        
            .ipAddress("42.104.22.228")
            .description("testAccVpnCgwDesc")
            .build());

        var fooConnection = new Connection("fooConnection", ConnectionArgs.builder()        
            .vpnGatewayId(fooGateway.id())
            .customerGatewayId(fooCustomerGateway.id())
            .localSubnets(            
                "172.16.0.0/24",
                "172.16.1.0/24")
            .remoteSubnets(            
                "10.0.0.0/24",
                "10.0.1.0/24")
            .effectImmediately(true)
            .ikeConfig(ConnectionIkeConfigArgs.builder()
                .ikeAuthAlg("md5")
                .ikeEncAlg("des")
                .ikeVersion("ikev1")
                .ikeMode("main")
                .ikeLifetime(86400)
                .psk("tf-testvpn2")
                .ikePfs("group1")
                .ikeRemoteId("testbob2")
                .ikeLocalId("testalice2")
                .build())
            .ipsecConfig(ConnectionIpsecConfigArgs.builder()
                .ipsecPfs("group5")
                .ipsecEncAlg("des")
                .ipsecAuthAlg("md5")
                .ipsecLifetime(8640)
                .build())
            .build());

    }
}

import pulumi
import pulumi_alicloud as alicloud

foo_gateway = alicloud.vpn.Gateway("fooGateway",
    vpc_id="vpc-fake-id",
    bandwidth=10,
    enable_ssl=True,
    instance_charge_type="PostPaid",
    description="test_create_description")
foo_customer_gateway = alicloud.vpn.CustomerGateway("fooCustomerGateway",
    ip_address="42.104.22.228",
    description="testAccVpnCgwDesc")
foo_connection = alicloud.vpn.Connection("fooConnection",
    vpn_gateway_id=foo_gateway.id,
    customer_gateway_id=foo_customer_gateway.id,
    local_subnets=[
        "172.16.0.0/24",
        "172.16.1.0/24",
    ],
    remote_subnets=[
        "10.0.0.0/24",
        "10.0.1.0/24",
    ],
    effect_immediately=True,
    ike_config=alicloud.vpn.ConnectionIkeConfigArgs(
        ike_auth_alg="md5",
        ike_enc_alg="des",
        ike_version="ikev1",
        ike_mode="main",
        ike_lifetime=86400,
        psk="tf-testvpn2",
        ike_pfs="group1",
        ike_remote_id="testbob2",
        ike_local_id="testalice2",
    ),
    ipsec_config=alicloud.vpn.ConnectionIpsecConfigArgs(
        ipsec_pfs="group5",
        ipsec_enc_alg="des",
        ipsec_auth_alg="md5",
        ipsec_lifetime=8640,
    ))

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const fooGateway = new alicloud.vpn.Gateway("fooGateway", {
    vpcId: "vpc-fake-id",
    bandwidth: 10,
    enableSsl: true,
    instanceChargeType: "PostPaid",
    description: "test_create_description",
});
const fooCustomerGateway = new alicloud.vpn.CustomerGateway("fooCustomerGateway", {
    ipAddress: "42.104.22.228",
    description: "testAccVpnCgwDesc",
});
const fooConnection = new alicloud.vpn.Connection("fooConnection", {
    vpnGatewayId: fooGateway.id,
    customerGatewayId: fooCustomerGateway.id,
    localSubnets: [
        "172.16.0.0/24",
        "172.16.1.0/24",
    ],
    remoteSubnets: [
        "10.0.0.0/24",
        "10.0.1.0/24",
    ],
    effectImmediately: true,
    ikeConfig: {
        ikeAuthAlg: "md5",
        ikeEncAlg: "des",
        ikeVersion: "ikev1",
        ikeMode: "main",
        ikeLifetime: 86400,
        psk: "tf-testvpn2",
        ikePfs: "group1",
        ikeRemoteId: "testbob2",
        ikeLocalId: "testalice2",
    },
    ipsecConfig: {
        ipsecPfs: "group5",
        ipsecEncAlg: "des",
        ipsecAuthAlg: "md5",
        ipsecLifetime: 8640,
    },
});

resources:
  fooGateway:
    type: alicloud:vpn:Gateway
    properties:
      vpcId: vpc-fake-id
      bandwidth: '10'
      enableSsl: true
      instanceChargeType: PostPaid
      description: test_create_description
  fooCustomerGateway:
    type: alicloud:vpn:CustomerGateway
    properties:
      ipAddress: 42.104.22.228
      description: testAccVpnCgwDesc
  fooConnection:
    type: alicloud:vpn:Connection
    properties:
      vpnGatewayId: ${fooGateway.id}
      customerGatewayId: ${fooCustomerGateway.id}
      localSubnets:
        - 172.16.0.0/24
        - 172.16.1.0/24
      remoteSubnets:
        - 10.0.0.0/24
        - 10.0.1.0/24
      effectImmediately: true
      ikeConfig:
        ikeAuthAlg: md5
        ikeEncAlg: des
        ikeVersion: ikev1
        ikeMode: main
        ikeLifetime: 86400
        psk: tf-testvpn2
        ikePfs: group1
        ikeRemoteId: testbob2
        ikeLocalId: testalice2
      ipsecConfig:
        ipsecPfs: group5
        ipsecEncAlg: des
        ipsecAuthAlg: md5
        ipsecLifetime: 8640

Create Connection Resource

new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);

@overload
def Connection(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               bgp_config: Optional[ConnectionBgpConfigArgs] = None,
               customer_gateway_id: Optional[str] = None,
               effect_immediately: Optional[bool] = None,
               enable_dpd: Optional[bool] = None,
               enable_nat_traversal: Optional[bool] = None,
               health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
               ike_config: Optional[ConnectionIkeConfigArgs] = None,
               ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
               local_subnets: Optional[Sequence[str]] = None,
               name: Optional[str] = None,
               remote_subnets: Optional[Sequence[str]] = None,
               vpn_gateway_id: Optional[str] = None)
@overload
def Connection(resource_name: str,
               args: ConnectionArgs,
               opts: Optional[ResourceOptions] = None)

func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)

public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)

public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)

type: alicloud:vpn:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Connection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Connection resource accepts the following input properties:

CustomerGatewayId string: The ID of the customer gateway.
LocalSubnets List<string>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
RemoteSubnets List<string>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
VpnGatewayId string: The ID of the VPN gateway.
BgpConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
EffectImmediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
EnableDpd bool: Whether to enable NAT traversal.
EnableNatTraversal bool: Whether to enable NAT traversal.
HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
IkeConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
IpsecConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
Name string: The name of the IPsec connection.

CustomerGatewayId string: The ID of the customer gateway.
LocalSubnets []string: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
RemoteSubnets []string: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
VpnGatewayId string: The ID of the VPN gateway.
BgpConfig ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
EffectImmediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
EnableDpd bool: Whether to enable NAT traversal.
EnableNatTraversal bool: Whether to enable NAT traversal.
HealthCheckConfig ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
IkeConfig ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
IpsecConfig ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
Name string: The name of the IPsec connection.

customerGatewayId String: The ID of the customer gateway.
localSubnets List<String>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
remoteSubnets List<String>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
vpnGatewayId String: The ID of the VPN gateway.
bgpConfig ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
effectImmediately Boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd Boolean: Whether to enable NAT traversal.
enableNatTraversal Boolean: Whether to enable NAT traversal.
healthCheckConfig ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
ikeConfig ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
name String: The name of the IPsec connection.

customerGatewayId string: The ID of the customer gateway.
localSubnets string[]: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
remoteSubnets string[]: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
vpnGatewayId string: The ID of the VPN gateway.
bgpConfig ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
effectImmediately boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd boolean: Whether to enable NAT traversal.
enableNatTraversal boolean: Whether to enable NAT traversal.
healthCheckConfig ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
ikeConfig ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
name string: The name of the IPsec connection.

customer_gateway_id str: The ID of the customer gateway.
local_subnets Sequence[str]: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
remote_subnets Sequence[str]: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
vpn_gateway_id str: The ID of the VPN gateway.
bgp_config ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
effect_immediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enable_dpd bool: Whether to enable NAT traversal.
enable_nat_traversal bool: Whether to enable NAT traversal.
health_check_config ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
ike_config ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
ipsec_config ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
name str: The name of the IPsec connection.

customerGatewayId String: The ID of the customer gateway.
localSubnets List<String>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
remoteSubnets List<String>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
vpnGatewayId String: The ID of the VPN gateway.
bgpConfig Property Map: The configurations of the BGP routing protocol. See the following Block bgp_config.
effectImmediately Boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd Boolean: Whether to enable NAT traversal.
enableNatTraversal Boolean: Whether to enable NAT traversal.
healthCheckConfig Property Map: The health check configurations. See the following Block health_check_config.
ikeConfig Property Map: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig Property Map: The configurations of phase-two negotiation. See the following Block ipsec_config.
name String: The name of the IPsec connection.

Outputs

All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Status string: The status of VPN connection.

Id string: The provider-assigned unique ID for this managed resource.
Status string: The status of VPN connection.

id String: The provider-assigned unique ID for this managed resource.
status String: The status of VPN connection.

id string: The provider-assigned unique ID for this managed resource.
status string: The status of VPN connection.

id str: The provider-assigned unique ID for this managed resource.
status str: The status of VPN connection.

id String: The provider-assigned unique ID for this managed resource.
status String: The status of VPN connection.

Look up Existing Connection Resource

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        bgp_config: Optional[ConnectionBgpConfigArgs] = None,
        customer_gateway_id: Optional[str] = None,
        effect_immediately: Optional[bool] = None,
        enable_dpd: Optional[bool] = None,
        enable_nat_traversal: Optional[bool] = None,
        health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
        ike_config: Optional[ConnectionIkeConfigArgs] = None,
        ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
        local_subnets: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        remote_subnets: Optional[Sequence[str]] = None,
        status: Optional[str] = None,
        vpn_gateway_id: Optional[str] = None) -> Connection

func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)

public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)

public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

BgpConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
CustomerGatewayId string: The ID of the customer gateway.
EffectImmediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
EnableDpd bool: Whether to enable NAT traversal.
EnableNatTraversal bool: Whether to enable NAT traversal.
HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
IkeConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
IpsecConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
LocalSubnets List<string>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
Name string: The name of the IPsec connection.
RemoteSubnets List<string>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
Status string: The status of VPN connection.
VpnGatewayId string: The ID of the VPN gateway.

BgpConfig ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
CustomerGatewayId string: The ID of the customer gateway.
EffectImmediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
EnableDpd bool: Whether to enable NAT traversal.
EnableNatTraversal bool: Whether to enable NAT traversal.
HealthCheckConfig ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
IkeConfig ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
IpsecConfig ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
LocalSubnets []string: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
Name string: The name of the IPsec connection.
RemoteSubnets []string: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
Status string: The status of VPN connection.
VpnGatewayId string: The ID of the VPN gateway.

bgpConfig ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
customerGatewayId String: The ID of the customer gateway.
effectImmediately Boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd Boolean: Whether to enable NAT traversal.
enableNatTraversal Boolean: Whether to enable NAT traversal.
healthCheckConfig ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
ikeConfig ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
localSubnets List<String>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
name String: The name of the IPsec connection.
remoteSubnets List<String>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
status String: The status of VPN connection.
vpnGatewayId String: The ID of the VPN gateway.

bgpConfig ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
customerGatewayId string: The ID of the customer gateway.
effectImmediately boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd boolean: Whether to enable NAT traversal.
enableNatTraversal boolean: Whether to enable NAT traversal.
healthCheckConfig ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
ikeConfig ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
localSubnets string[]: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
name string: The name of the IPsec connection.
remoteSubnets string[]: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
status string: The status of VPN connection.
vpnGatewayId string: The ID of the VPN gateway.

bgp_config ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
customer_gateway_id str: The ID of the customer gateway.
effect_immediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enable_dpd bool: Whether to enable NAT traversal.
enable_nat_traversal bool: Whether to enable NAT traversal.
health_check_config ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
ike_config ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
ipsec_config ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
local_subnets Sequence[str]: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
name str: The name of the IPsec connection.
remote_subnets Sequence[str]: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
status str: The status of VPN connection.
vpn_gateway_id str: The ID of the VPN gateway.

bgpConfig Property Map: The configurations of the BGP routing protocol. See the following Block bgp_config.
customerGatewayId String: The ID of the customer gateway.
effectImmediately Boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd Boolean: Whether to enable NAT traversal.
enableNatTraversal Boolean: Whether to enable NAT traversal.
healthCheckConfig Property Map: The health check configurations. See the following Block health_check_config.
ikeConfig Property Map: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig Property Map: The configurations of phase-two negotiation. See the following Block ipsec_config.
localSubnets List<String>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
name String: The name of the IPsec connection.
remoteSubnets List<String>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
status String: The status of VPN connection.
vpnGatewayId String: The ID of the VPN gateway.

Supporting Types

ConnectionBgpConfig

Enable bool: Whether to enable Health Check.
LocalAsn string: The ASN on the Alibaba Cloud side.
LocalBgpIp string: The BGP IP address on the Alibaba Cloud side.
TunnelCidr string: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

Enable bool: Whether to enable Health Check.
LocalAsn string: The ASN on the Alibaba Cloud side.
LocalBgpIp string: The BGP IP address on the Alibaba Cloud side.
TunnelCidr string: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable Boolean: Whether to enable Health Check.
localAsn String: The ASN on the Alibaba Cloud side.
localBgpIp String: The BGP IP address on the Alibaba Cloud side.
tunnelCidr String: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable boolean: Whether to enable Health Check.
localAsn string: The ASN on the Alibaba Cloud side.
localBgpIp string: The BGP IP address on the Alibaba Cloud side.
tunnelCidr string: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable bool: Whether to enable Health Check.
local_asn str: The ASN on the Alibaba Cloud side.
local_bgp_ip str: The BGP IP address on the Alibaba Cloud side.
tunnel_cidr str: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable Boolean: Whether to enable Health Check.
localAsn String: The ASN on the Alibaba Cloud side.
localBgpIp String: The BGP IP address on the Alibaba Cloud side.
tunnelCidr String: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

ConnectionHealthCheckConfig

Dip string: The destination IP address.
Enable bool: Whether to enable Health Check.
Interval int: The interval between two consecutive health checks. Unit: seconds.
Retry int: The maximum number of health check retries.
Sip string: The source IP address.

Dip string: The destination IP address.
Enable bool: Whether to enable Health Check.
Interval int: The interval between two consecutive health checks. Unit: seconds.
Retry int: The maximum number of health check retries.
Sip string: The source IP address.

dip String: The destination IP address.
enable Boolean: Whether to enable Health Check.
interval Integer: The interval between two consecutive health checks. Unit: seconds.
retry Integer: The maximum number of health check retries.
sip String: The source IP address.

dip string: The destination IP address.
enable boolean: Whether to enable Health Check.
interval number: The interval between two consecutive health checks. Unit: seconds.
retry number: The maximum number of health check retries.
sip string: The source IP address.

dip str: The destination IP address.
enable bool: Whether to enable Health Check.
interval int: The interval between two consecutive health checks. Unit: seconds.
retry int: The maximum number of health check retries.
sip str: The source IP address.

dip String: The destination IP address.
enable Boolean: Whether to enable Health Check.
interval Number: The interval between two consecutive health checks. Unit: seconds.
retry Number: The maximum number of health check retries.
sip String: The source IP address.

ConnectionIkeConfig

IkeAuthAlg string: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
IkeEncAlg string: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
IkeLifetime int: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
IkeLocalId string: The identification of the VPN gateway.
IkeMode string: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
IkePfs string: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
IkeRemoteId string: The identification of the customer gateway.
IkeVersion string: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
Psk string: Used for authentication between the IPsec VPN gateway and the customer gateway.

IkeAuthAlg string: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
IkeEncAlg string: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
IkeLifetime int: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
IkeLocalId string: The identification of the VPN gateway.
IkeMode string: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
IkePfs string: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
IkeRemoteId string: The identification of the customer gateway.
IkeVersion string: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
Psk string: Used for authentication between the IPsec VPN gateway and the customer gateway.

ikeAuthAlg String: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
ikeEncAlg String: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
ikeLifetime Integer: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
ikeLocalId String: The identification of the VPN gateway.
ikeMode String: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
ikePfs String: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
ikeRemoteId String: The identification of the customer gateway.
ikeVersion String: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
psk String: Used for authentication between the IPsec VPN gateway and the customer gateway.

ikeAuthAlg string: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
ikeEncAlg string: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
ikeLifetime number: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
ikeLocalId string: The identification of the VPN gateway.
ikeMode string: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
ikePfs string: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
ikeRemoteId string: The identification of the customer gateway.
ikeVersion string: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
psk string: Used for authentication between the IPsec VPN gateway and the customer gateway.

ike_auth_alg str: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
ike_enc_alg str: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
ike_lifetime int: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
ike_local_id str: The identification of the VPN gateway.
ike_mode str: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
ike_pfs str: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
ike_remote_id str: The identification of the customer gateway.
ike_version str: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
psk str: Used for authentication between the IPsec VPN gateway and the customer gateway.

ikeAuthAlg String: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
ikeEncAlg String: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
ikeLifetime Number: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
ikeLocalId String: The identification of the VPN gateway.
ikeMode String: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
ikePfs String: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
ikeRemoteId String: The identification of the customer gateway.
ikeVersion String: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
psk String: Used for authentication between the IPsec VPN gateway and the customer gateway.

ConnectionIpsecConfig

IpsecAuthAlg string: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
IpsecEncAlg string: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
IpsecLifetime int: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
IpsecPfs string: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

IpsecAuthAlg string: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
IpsecEncAlg string: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
IpsecLifetime int: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
IpsecPfs string: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg String: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
ipsecEncAlg String: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
ipsecLifetime Integer: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
ipsecPfs String: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg string: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
ipsecEncAlg string: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
ipsecLifetime number: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
ipsecPfs string: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsec_auth_alg str: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
ipsec_enc_alg str: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
ipsec_lifetime int: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
ipsec_pfs str: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg String: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
ipsecEncAlg String: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
ipsecLifetime Number: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
ipsecPfs String: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.