1. Packages
  2. Alibaba Cloud Provider
  3. API Docs
  4. vpn
  5. Connection
Alibaba Cloud v3.68.0 published on Monday, Dec 2, 2024 by Pulumi

alicloud.vpn.Connection

Explore with Pulumi AI

alicloud logo
Alibaba Cloud v3.68.0 published on Monday, Dec 2, 2024 by Pulumi

    Example Usage

    Basic Usage

    IPsec-VPN connections support the dual-tunnel mode

    import * as pulumi from "@pulumi/pulumi";
    import * as alicloud from "@pulumi/alicloud";
    
    const config = new pulumi.Config();
    const name = config.get("name") || "terraform-example";
    const spec = config.get("spec") || "5";
    const default = alicloud.vpn.getGatewayZones({
        spec: "5M",
    });
    const defaultGetNetworks = alicloud.vpc.getNetworks({
        nameRegex: "^default-NODELETING$",
        cidrBlock: "172.16.0.0/16",
    });
    const default0 = Promise.all([defaultGetNetworks, _default]).then(([defaultGetNetworks, _default]) => alicloud.vpc.getSwitches({
        vpcId: defaultGetNetworks.ids?.[0],
        zoneId: _default.ids?.[0],
    }));
    const default1 = Promise.all([defaultGetNetworks, _default]).then(([defaultGetNetworks, _default]) => alicloud.vpc.getSwitches({
        vpcId: defaultGetNetworks.ids?.[0],
        zoneId: _default.ids?.[1],
    }));
    const HA_VPN = new alicloud.vpn.Gateway("HA-VPN", {
        vpnType: "Normal",
        disasterRecoveryVswitchId: default1.then(default1 => default1.ids?.[0]),
        vpnGatewayName: name,
        vswitchId: default0.then(default0 => default0.ids?.[0]),
        autoPay: true,
        vpcId: defaultGetNetworks.then(defaultGetNetworks => defaultGetNetworks.ids?.[0]),
        networkType: "public",
        paymentType: "Subscription",
        enableIpsec: true,
        bandwidth: spec,
    });
    const defaultCustomerGateway = new alicloud.vpn.CustomerGateway("defaultCustomerGateway", {
        description: "defaultCustomerGateway",
        ipAddress: "2.2.2.5",
        asn: "2224",
        customerGatewayName: name,
    });
    const changeCustomerGateway = new alicloud.vpn.CustomerGateway("changeCustomerGateway", {
        description: "changeCustomerGateway",
        ipAddress: "2.2.2.6",
        asn: "2225",
        customerGatewayName: name,
    });
    const defaultConnection = new alicloud.vpn.Connection("default", {
        vpnGatewayId: HA_VPN.id,
        vpnConnectionName: name,
        localSubnets: ["3.0.0.0/24"],
        remoteSubnets: [
            "10.0.0.0/24",
            "10.0.1.0/24",
        ],
        tags: {
            Created: "TF",
            For: "example",
        },
        enableTunnelsBgp: true,
        tunnelOptionsSpecifications: [
            {
                tunnelIpsecConfig: {
                    ipsecAuthAlg: "md5",
                    ipsecEncAlg: "aes256",
                    ipsecLifetime: 16400,
                    ipsecPfs: "group5",
                },
                customerGatewayId: defaultCustomerGateway.id,
                role: "master",
                tunnelBgpConfig: {
                    localAsn: "1219002",
                    tunnelCidr: "169.254.30.0/30",
                    localBgpIp: "169.254.30.1",
                },
                tunnelIkeConfig: {
                    ikeMode: "aggressive",
                    ikeVersion: "ikev2",
                    localId: "localid_tunnel2",
                    psk: "12345678",
                    remoteId: "remote2",
                    ikeAuthAlg: "md5",
                    ikeEncAlg: "aes256",
                    ikeLifetime: 3600,
                    ikePfs: "group14",
                },
            },
            {
                tunnelIkeConfig: {
                    remoteId: "remote24",
                    ikeEncAlg: "aes256",
                    ikeLifetime: 27000,
                    ikeMode: "aggressive",
                    ikePfs: "group5",
                    ikeAuthAlg: "md5",
                    ikeVersion: "ikev2",
                    localId: "localid_tunnel2",
                    psk: "12345678",
                },
                tunnelIpsecConfig: {
                    ipsecLifetime: 2700,
                    ipsecPfs: "group14",
                    ipsecAuthAlg: "md5",
                    ipsecEncAlg: "aes256",
                },
                customerGatewayId: defaultCustomerGateway.id,
                role: "slave",
                tunnelBgpConfig: {
                    localAsn: "1219002",
                    localBgpIp: "169.254.40.1",
                    tunnelCidr: "169.254.40.0/30",
                },
            },
        ],
    });
    
    import pulumi
    import pulumi_alicloud as alicloud
    
    config = pulumi.Config()
    name = config.get("name")
    if name is None:
        name = "terraform-example"
    spec = config.get("spec")
    if spec is None:
        spec = "5"
    default = alicloud.vpn.get_gateway_zones(spec="5M")
    default_get_networks = alicloud.vpc.get_networks(name_regex="^default-NODELETING$",
        cidr_block="172.16.0.0/16")
    default0 = alicloud.vpc.get_switches(vpc_id=default_get_networks.ids[0],
        zone_id=default.ids[0])
    default1 = alicloud.vpc.get_switches(vpc_id=default_get_networks.ids[0],
        zone_id=default.ids[1])
    h_a__vpn = alicloud.vpn.Gateway("HA-VPN",
        vpn_type="Normal",
        disaster_recovery_vswitch_id=default1.ids[0],
        vpn_gateway_name=name,
        vswitch_id=default0.ids[0],
        auto_pay=True,
        vpc_id=default_get_networks.ids[0],
        network_type="public",
        payment_type="Subscription",
        enable_ipsec=True,
        bandwidth=spec)
    default_customer_gateway = alicloud.vpn.CustomerGateway("defaultCustomerGateway",
        description="defaultCustomerGateway",
        ip_address="2.2.2.5",
        asn="2224",
        customer_gateway_name=name)
    change_customer_gateway = alicloud.vpn.CustomerGateway("changeCustomerGateway",
        description="changeCustomerGateway",
        ip_address="2.2.2.6",
        asn="2225",
        customer_gateway_name=name)
    default_connection = alicloud.vpn.Connection("default",
        vpn_gateway_id=h_a__vpn.id,
        vpn_connection_name=name,
        local_subnets=["3.0.0.0/24"],
        remote_subnets=[
            "10.0.0.0/24",
            "10.0.1.0/24",
        ],
        tags={
            "Created": "TF",
            "For": "example",
        },
        enable_tunnels_bgp=True,
        tunnel_options_specifications=[
            {
                "tunnel_ipsec_config": {
                    "ipsec_auth_alg": "md5",
                    "ipsec_enc_alg": "aes256",
                    "ipsec_lifetime": 16400,
                    "ipsec_pfs": "group5",
                },
                "customer_gateway_id": default_customer_gateway.id,
                "role": "master",
                "tunnel_bgp_config": {
                    "local_asn": "1219002",
                    "tunnel_cidr": "169.254.30.0/30",
                    "local_bgp_ip": "169.254.30.1",
                },
                "tunnel_ike_config": {
                    "ike_mode": "aggressive",
                    "ike_version": "ikev2",
                    "local_id": "localid_tunnel2",
                    "psk": "12345678",
                    "remote_id": "remote2",
                    "ike_auth_alg": "md5",
                    "ike_enc_alg": "aes256",
                    "ike_lifetime": 3600,
                    "ike_pfs": "group14",
                },
            },
            {
                "tunnel_ike_config": {
                    "remote_id": "remote24",
                    "ike_enc_alg": "aes256",
                    "ike_lifetime": 27000,
                    "ike_mode": "aggressive",
                    "ike_pfs": "group5",
                    "ike_auth_alg": "md5",
                    "ike_version": "ikev2",
                    "local_id": "localid_tunnel2",
                    "psk": "12345678",
                },
                "tunnel_ipsec_config": {
                    "ipsec_lifetime": 2700,
                    "ipsec_pfs": "group14",
                    "ipsec_auth_alg": "md5",
                    "ipsec_enc_alg": "aes256",
                },
                "customer_gateway_id": default_customer_gateway.id,
                "role": "slave",
                "tunnel_bgp_config": {
                    "local_asn": "1219002",
                    "local_bgp_ip": "169.254.40.1",
                    "tunnel_cidr": "169.254.40.0/30",
                },
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpc"
    	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		cfg := config.New(ctx, "")
    		name := "terraform-example"
    		if param := cfg.Get("name"); param != "" {
    			name = param
    		}
    		spec := "5"
    		if param := cfg.Get("spec"); param != "" {
    			spec = param
    		}
    		_default, err := vpn.GetGatewayZones(ctx, &vpn.GetGatewayZonesArgs{
    			Spec: "5M",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		defaultGetNetworks, err := vpc.GetNetworks(ctx, &vpc.GetNetworksArgs{
    			NameRegex: pulumi.StringRef("^default-NODELETING$"),
    			CidrBlock: pulumi.StringRef("172.16.0.0/16"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		default0, err := vpc.GetSwitches(ctx, &vpc.GetSwitchesArgs{
    			VpcId:  pulumi.StringRef(defaultGetNetworks.Ids[0]),
    			ZoneId: pulumi.StringRef(_default.Ids[0]),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		default1, err := vpc.GetSwitches(ctx, &vpc.GetSwitchesArgs{
    			VpcId:  pulumi.StringRef(defaultGetNetworks.Ids[0]),
    			ZoneId: pulumi.StringRef(_default.Ids[1]),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = vpn.NewGateway(ctx, "HA-VPN", &vpn.GatewayArgs{
    			VpnType:                   pulumi.String("Normal"),
    			DisasterRecoveryVswitchId: pulumi.String(default1.Ids[0]),
    			VpnGatewayName:            pulumi.String(name),
    			VswitchId:                 pulumi.String(default0.Ids[0]),
    			AutoPay:                   pulumi.Bool(true),
    			VpcId:                     pulumi.String(defaultGetNetworks.Ids[0]),
    			NetworkType:               pulumi.String("public"),
    			PaymentType:               pulumi.String("Subscription"),
    			EnableIpsec:               pulumi.Bool(true),
    			Bandwidth:                 pulumi.String(spec),
    		})
    		if err != nil {
    			return err
    		}
    		defaultCustomerGateway, err := vpn.NewCustomerGateway(ctx, "defaultCustomerGateway", &vpn.CustomerGatewayArgs{
    			Description:         pulumi.String("defaultCustomerGateway"),
    			IpAddress:           pulumi.String("2.2.2.5"),
    			Asn:                 pulumi.String("2224"),
    			CustomerGatewayName: pulumi.String(name),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = vpn.NewCustomerGateway(ctx, "changeCustomerGateway", &vpn.CustomerGatewayArgs{
    			Description:         pulumi.String("changeCustomerGateway"),
    			IpAddress:           pulumi.String("2.2.2.6"),
    			Asn:                 pulumi.String("2225"),
    			CustomerGatewayName: pulumi.String(name),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = vpn.NewConnection(ctx, "default", &vpn.ConnectionArgs{
    			VpnGatewayId:      HA_VPN.ID(),
    			VpnConnectionName: pulumi.String(name),
    			LocalSubnets: pulumi.StringArray{
    				pulumi.String("3.0.0.0/24"),
    			},
    			RemoteSubnets: pulumi.StringArray{
    				pulumi.String("10.0.0.0/24"),
    				pulumi.String("10.0.1.0/24"),
    			},
    			Tags: pulumi.StringMap{
    				"Created": pulumi.String("TF"),
    				"For":     pulumi.String("example"),
    			},
    			EnableTunnelsBgp: pulumi.Bool(true),
    			TunnelOptionsSpecifications: vpn.ConnectionTunnelOptionsSpecificationArray{
    				&vpn.ConnectionTunnelOptionsSpecificationArgs{
    					TunnelIpsecConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs{
    						IpsecAuthAlg:  pulumi.String("md5"),
    						IpsecEncAlg:   pulumi.String("aes256"),
    						IpsecLifetime: pulumi.Int(16400),
    						IpsecPfs:      pulumi.String("group5"),
    					},
    					CustomerGatewayId: defaultCustomerGateway.ID(),
    					Role:              pulumi.String("master"),
    					TunnelBgpConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs{
    						LocalAsn:   pulumi.String("1219002"),
    						TunnelCidr: pulumi.String("169.254.30.0/30"),
    						LocalBgpIp: pulumi.String("169.254.30.1"),
    					},
    					TunnelIkeConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs{
    						IkeMode:     pulumi.String("aggressive"),
    						IkeVersion:  pulumi.String("ikev2"),
    						LocalId:     pulumi.String("localid_tunnel2"),
    						Psk:         pulumi.String("12345678"),
    						RemoteId:    pulumi.String("remote2"),
    						IkeAuthAlg:  pulumi.String("md5"),
    						IkeEncAlg:   pulumi.String("aes256"),
    						IkeLifetime: pulumi.Int(3600),
    						IkePfs:      pulumi.String("group14"),
    					},
    				},
    				&vpn.ConnectionTunnelOptionsSpecificationArgs{
    					TunnelIkeConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs{
    						RemoteId:    pulumi.String("remote24"),
    						IkeEncAlg:   pulumi.String("aes256"),
    						IkeLifetime: pulumi.Int(27000),
    						IkeMode:     pulumi.String("aggressive"),
    						IkePfs:      pulumi.String("group5"),
    						IkeAuthAlg:  pulumi.String("md5"),
    						IkeVersion:  pulumi.String("ikev2"),
    						LocalId:     pulumi.String("localid_tunnel2"),
    						Psk:         pulumi.String("12345678"),
    					},
    					TunnelIpsecConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs{
    						IpsecLifetime: pulumi.Int(2700),
    						IpsecPfs:      pulumi.String("group14"),
    						IpsecAuthAlg:  pulumi.String("md5"),
    						IpsecEncAlg:   pulumi.String("aes256"),
    					},
    					CustomerGatewayId: defaultCustomerGateway.ID(),
    					Role:              pulumi.String("slave"),
    					TunnelBgpConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs{
    						LocalAsn:   pulumi.String("1219002"),
    						LocalBgpIp: pulumi.String("169.254.40.1"),
    						TunnelCidr: pulumi.String("169.254.40.0/30"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AliCloud = Pulumi.AliCloud;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var name = config.Get("name") ?? "terraform-example";
        var spec = config.Get("spec") ?? "5";
        var @default = AliCloud.Vpn.GetGatewayZones.Invoke(new()
        {
            Spec = "5M",
        });
    
        var defaultGetNetworks = AliCloud.Vpc.GetNetworks.Invoke(new()
        {
            NameRegex = "^default-NODELETING$",
            CidrBlock = "172.16.0.0/16",
        });
    
        var default0 = AliCloud.Vpc.GetSwitches.Invoke(new()
        {
            VpcId = defaultGetNetworks.Apply(getNetworksResult => getNetworksResult.Ids[0]),
            ZoneId = @default.Apply(getGatewayZonesResult => getGatewayZonesResult.Ids[0]),
        });
    
        var default1 = AliCloud.Vpc.GetSwitches.Invoke(new()
        {
            VpcId = defaultGetNetworks.Apply(getNetworksResult => getNetworksResult.Ids[0]),
            ZoneId = @default.Apply(getGatewayZonesResult => getGatewayZonesResult.Ids[1]),
        });
    
        var HA_VPN = new AliCloud.Vpn.Gateway("HA-VPN", new()
        {
            VpnType = "Normal",
            DisasterRecoveryVswitchId = default1.Apply(getSwitchesResult => getSwitchesResult.Ids[0]),
            VpnGatewayName = name,
            VswitchId = default0.Apply(getSwitchesResult => getSwitchesResult.Ids[0]),
            AutoPay = true,
            VpcId = defaultGetNetworks.Apply(getNetworksResult => getNetworksResult.Ids[0]),
            NetworkType = "public",
            PaymentType = "Subscription",
            EnableIpsec = true,
            Bandwidth = spec,
        });
    
        var defaultCustomerGateway = new AliCloud.Vpn.CustomerGateway("defaultCustomerGateway", new()
        {
            Description = "defaultCustomerGateway",
            IpAddress = "2.2.2.5",
            Asn = "2224",
            CustomerGatewayName = name,
        });
    
        var changeCustomerGateway = new AliCloud.Vpn.CustomerGateway("changeCustomerGateway", new()
        {
            Description = "changeCustomerGateway",
            IpAddress = "2.2.2.6",
            Asn = "2225",
            CustomerGatewayName = name,
        });
    
        var defaultConnection = new AliCloud.Vpn.Connection("default", new()
        {
            VpnGatewayId = HA_VPN.Id,
            VpnConnectionName = name,
            LocalSubnets = new[]
            {
                "3.0.0.0/24",
            },
            RemoteSubnets = new[]
            {
                "10.0.0.0/24",
                "10.0.1.0/24",
            },
            Tags = 
            {
                { "Created", "TF" },
                { "For", "example" },
            },
            EnableTunnelsBgp = true,
            TunnelOptionsSpecifications = new[]
            {
                new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationArgs
                {
                    TunnelIpsecConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs
                    {
                        IpsecAuthAlg = "md5",
                        IpsecEncAlg = "aes256",
                        IpsecLifetime = 16400,
                        IpsecPfs = "group5",
                    },
                    CustomerGatewayId = defaultCustomerGateway.Id,
                    Role = "master",
                    TunnelBgpConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs
                    {
                        LocalAsn = "1219002",
                        TunnelCidr = "169.254.30.0/30",
                        LocalBgpIp = "169.254.30.1",
                    },
                    TunnelIkeConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs
                    {
                        IkeMode = "aggressive",
                        IkeVersion = "ikev2",
                        LocalId = "localid_tunnel2",
                        Psk = "12345678",
                        RemoteId = "remote2",
                        IkeAuthAlg = "md5",
                        IkeEncAlg = "aes256",
                        IkeLifetime = 3600,
                        IkePfs = "group14",
                    },
                },
                new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationArgs
                {
                    TunnelIkeConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs
                    {
                        RemoteId = "remote24",
                        IkeEncAlg = "aes256",
                        IkeLifetime = 27000,
                        IkeMode = "aggressive",
                        IkePfs = "group5",
                        IkeAuthAlg = "md5",
                        IkeVersion = "ikev2",
                        LocalId = "localid_tunnel2",
                        Psk = "12345678",
                    },
                    TunnelIpsecConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs
                    {
                        IpsecLifetime = 2700,
                        IpsecPfs = "group14",
                        IpsecAuthAlg = "md5",
                        IpsecEncAlg = "aes256",
                    },
                    CustomerGatewayId = defaultCustomerGateway.Id,
                    Role = "slave",
                    TunnelBgpConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs
                    {
                        LocalAsn = "1219002",
                        LocalBgpIp = "169.254.40.1",
                        TunnelCidr = "169.254.40.0/30",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.alicloud.vpn.VpnFunctions;
    import com.pulumi.alicloud.vpn.inputs.GetGatewayZonesArgs;
    import com.pulumi.alicloud.vpc.VpcFunctions;
    import com.pulumi.alicloud.vpc.inputs.GetNetworksArgs;
    import com.pulumi.alicloud.vpc.inputs.GetSwitchesArgs;
    import com.pulumi.alicloud.vpn.Gateway;
    import com.pulumi.alicloud.vpn.GatewayArgs;
    import com.pulumi.alicloud.vpn.CustomerGateway;
    import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
    import com.pulumi.alicloud.vpn.Connection;
    import com.pulumi.alicloud.vpn.ConnectionArgs;
    import com.pulumi.alicloud.vpn.inputs.ConnectionTunnelOptionsSpecificationArgs;
    import com.pulumi.alicloud.vpn.inputs.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs;
    import com.pulumi.alicloud.vpn.inputs.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs;
    import com.pulumi.alicloud.vpn.inputs.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var config = ctx.config();
            final var name = config.get("name").orElse("terraform-example");
            final var spec = config.get("spec").orElse("5");
            final var default = VpnFunctions.getGatewayZones(GetGatewayZonesArgs.builder()
                .spec("5M")
                .build());
    
            final var defaultGetNetworks = VpcFunctions.getNetworks(GetNetworksArgs.builder()
                .nameRegex("^default-NODELETING$")
                .cidrBlock("172.16.0.0/16")
                .build());
    
            final var default0 = VpcFunctions.getSwitches(GetSwitchesArgs.builder()
                .vpcId(defaultGetNetworks.applyValue(getNetworksResult -> getNetworksResult.ids()[0]))
                .zoneId(default_.ids()[0])
                .build());
    
            final var default1 = VpcFunctions.getSwitches(GetSwitchesArgs.builder()
                .vpcId(defaultGetNetworks.applyValue(getNetworksResult -> getNetworksResult.ids()[0]))
                .zoneId(default_.ids()[1])
                .build());
    
            var hA_VPN = new Gateway("HA-VPN", GatewayArgs.builder()
                .vpnType("Normal")
                .disasterRecoveryVswitchId(default1.applyValue(getSwitchesResult -> getSwitchesResult.ids()[0]))
                .vpnGatewayName(name)
                .vswitchId(default0.applyValue(getSwitchesResult -> getSwitchesResult.ids()[0]))
                .autoPay(true)
                .vpcId(defaultGetNetworks.applyValue(getNetworksResult -> getNetworksResult.ids()[0]))
                .networkType("public")
                .paymentType("Subscription")
                .enableIpsec(true)
                .bandwidth(spec)
                .build());
    
            var defaultCustomerGateway = new CustomerGateway("defaultCustomerGateway", CustomerGatewayArgs.builder()
                .description("defaultCustomerGateway")
                .ipAddress("2.2.2.5")
                .asn("2224")
                .customerGatewayName(name)
                .build());
    
            var changeCustomerGateway = new CustomerGateway("changeCustomerGateway", CustomerGatewayArgs.builder()
                .description("changeCustomerGateway")
                .ipAddress("2.2.2.6")
                .asn("2225")
                .customerGatewayName(name)
                .build());
    
            var defaultConnection = new Connection("defaultConnection", ConnectionArgs.builder()
                .vpnGatewayId(HA_VPN.id())
                .vpnConnectionName(name)
                .localSubnets("3.0.0.0/24")
                .remoteSubnets(            
                    "10.0.0.0/24",
                    "10.0.1.0/24")
                .tags(Map.ofEntries(
                    Map.entry("Created", "TF"),
                    Map.entry("For", "example")
                ))
                .enableTunnelsBgp("true")
                .tunnelOptionsSpecifications(            
                    ConnectionTunnelOptionsSpecificationArgs.builder()
                        .tunnelIpsecConfig(ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs.builder()
                            .ipsecAuthAlg("md5")
                            .ipsecEncAlg("aes256")
                            .ipsecLifetime("16400")
                            .ipsecPfs("group5")
                            .build())
                        .customerGatewayId(defaultCustomerGateway.id())
                        .role("master")
                        .tunnelBgpConfig(ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs.builder()
                            .localAsn("1219002")
                            .tunnelCidr("169.254.30.0/30")
                            .localBgpIp("169.254.30.1")
                            .build())
                        .tunnelIkeConfig(ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs.builder()
                            .ikeMode("aggressive")
                            .ikeVersion("ikev2")
                            .localId("localid_tunnel2")
                            .psk("12345678")
                            .remoteId("remote2")
                            .ikeAuthAlg("md5")
                            .ikeEncAlg("aes256")
                            .ikeLifetime("3600")
                            .ikePfs("group14")
                            .build())
                        .build(),
                    ConnectionTunnelOptionsSpecificationArgs.builder()
                        .tunnelIkeConfig(ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs.builder()
                            .remoteId("remote24")
                            .ikeEncAlg("aes256")
                            .ikeLifetime("27000")
                            .ikeMode("aggressive")
                            .ikePfs("group5")
                            .ikeAuthAlg("md5")
                            .ikeVersion("ikev2")
                            .localId("localid_tunnel2")
                            .psk("12345678")
                            .build())
                        .tunnelIpsecConfig(ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs.builder()
                            .ipsecLifetime("2700")
                            .ipsecPfs("group14")
                            .ipsecAuthAlg("md5")
                            .ipsecEncAlg("aes256")
                            .build())
                        .customerGatewayId(defaultCustomerGateway.id())
                        .role("slave")
                        .tunnelBgpConfig(ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs.builder()
                            .localAsn("1219002")
                            .localBgpIp("169.254.40.1")
                            .tunnelCidr("169.254.40.0/30")
                            .build())
                        .build())
                .build());
    
        }
    }
    
    configuration:
      name:
        type: string
        default: terraform-example
      spec:
        type: string
        default: '5'
    resources:
      HA-VPN:
        type: alicloud:vpn:Gateway
        properties:
          vpnType: Normal
          disasterRecoveryVswitchId: ${default1.ids[0]}
          vpnGatewayName: ${name}
          vswitchId: ${default0.ids[0]}
          autoPay: true
          vpcId: ${defaultGetNetworks.ids[0]}
          networkType: public
          paymentType: Subscription
          enableIpsec: true
          bandwidth: ${spec}
      defaultCustomerGateway:
        type: alicloud:vpn:CustomerGateway
        properties:
          description: defaultCustomerGateway
          ipAddress: 2.2.2.5
          asn: '2224'
          customerGatewayName: ${name}
      changeCustomerGateway:
        type: alicloud:vpn:CustomerGateway
        properties:
          description: changeCustomerGateway
          ipAddress: 2.2.2.6
          asn: '2225'
          customerGatewayName: ${name}
      defaultConnection:
        type: alicloud:vpn:Connection
        name: default
        properties:
          vpnGatewayId: ${["HA-VPN"].id}
          vpnConnectionName: ${name}
          localSubnets:
            - 3.0.0.0/24
          remoteSubnets:
            - 10.0.0.0/24
            - 10.0.1.0/24
          tags:
            Created: TF
            For: example
          enableTunnelsBgp: 'true'
          tunnelOptionsSpecifications:
            - tunnelIpsecConfig:
                ipsecAuthAlg: md5
                ipsecEncAlg: aes256
                ipsecLifetime: '16400'
                ipsecPfs: group5
              customerGatewayId: ${defaultCustomerGateway.id}
              role: master
              tunnelBgpConfig:
                localAsn: '1219002'
                tunnelCidr: 169.254.30.0/30
                localBgpIp: 169.254.30.1
              tunnelIkeConfig:
                ikeMode: aggressive
                ikeVersion: ikev2
                localId: localid_tunnel2
                psk: '12345678'
                remoteId: remote2
                ikeAuthAlg: md5
                ikeEncAlg: aes256
                ikeLifetime: '3600'
                ikePfs: group14
            - tunnelIkeConfig:
                remoteId: remote24
                ikeEncAlg: aes256
                ikeLifetime: '27000'
                ikeMode: aggressive
                ikePfs: group5
                ikeAuthAlg: md5
                ikeVersion: ikev2
                localId: localid_tunnel2
                psk: '12345678'
              tunnelIpsecConfig:
                ipsecLifetime: '2700'
                ipsecPfs: group14
                ipsecAuthAlg: md5
                ipsecEncAlg: aes256
              customerGatewayId: ${defaultCustomerGateway.id}
              role: slave
              tunnelBgpConfig:
                localAsn: '1219002'
                localBgpIp: 169.254.40.1
                tunnelCidr: 169.254.40.0/30
    variables:
      default:
        fn::invoke:
          Function: alicloud:vpn:getGatewayZones
          Arguments:
            spec: 5M
      defaultGetNetworks:
        fn::invoke:
          Function: alicloud:vpc:getNetworks
          Arguments:
            nameRegex: ^default-NODELETING$
            cidrBlock: 172.16.0.0/16
      default0:
        fn::invoke:
          Function: alicloud:vpc:getSwitches
          Arguments:
            vpcId: ${defaultGetNetworks.ids[0]}
            zoneId: ${default.ids[0]}
      default1:
        fn::invoke:
          Function: alicloud:vpc:getSwitches
          Arguments:
            vpcId: ${defaultGetNetworks.ids[0]}
            zoneId: ${default.ids[1]}
    

    Create Connection Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
    @overload
    def Connection(resource_name: str,
                   args: ConnectionArgs,
                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def Connection(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   local_subnets: Optional[Sequence[str]] = None,
                   vpn_gateway_id: Optional[str] = None,
                   remote_subnets: Optional[Sequence[str]] = None,
                   ike_config: Optional[ConnectionIkeConfigArgs] = None,
                   effect_immediately: Optional[bool] = None,
                   enable_nat_traversal: Optional[bool] = None,
                   enable_tunnels_bgp: Optional[bool] = None,
                   health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
                   auto_config_route: Optional[bool] = None,
                   ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
                   enable_dpd: Optional[bool] = None,
                   name: Optional[str] = None,
                   network_type: Optional[str] = None,
                   customer_gateway_id: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None,
                   tunnel_options_specifications: Optional[Sequence[ConnectionTunnelOptionsSpecificationArgs]] = None,
                   vpn_connection_name: Optional[str] = None,
                   bgp_config: Optional[ConnectionBgpConfigArgs] = None)
    func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
    public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
    public Connection(String name, ConnectionArgs args)
    public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
    
    type: alicloud:vpn:Connection
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var exampleconnectionResourceResourceFromVpnconnection = new AliCloud.Vpn.Connection("exampleconnectionResourceResourceFromVpnconnection", new()
    {
        LocalSubnets = new[]
        {
            "string",
        },
        VpnGatewayId = "string",
        RemoteSubnets = new[]
        {
            "string",
        },
        IkeConfig = new AliCloud.Vpn.Inputs.ConnectionIkeConfigArgs
        {
            IkeAuthAlg = "string",
            IkeEncAlg = "string",
            IkeLifetime = 0,
            IkeLocalId = "string",
            IkeMode = "string",
            IkePfs = "string",
            IkeRemoteId = "string",
            IkeVersion = "string",
            Psk = "string",
        },
        EffectImmediately = false,
        EnableNatTraversal = false,
        EnableTunnelsBgp = false,
        HealthCheckConfig = new AliCloud.Vpn.Inputs.ConnectionHealthCheckConfigArgs
        {
            Dip = "string",
            Enable = false,
            Interval = 0,
            Retry = 0,
            Sip = "string",
        },
        AutoConfigRoute = false,
        IpsecConfig = new AliCloud.Vpn.Inputs.ConnectionIpsecConfigArgs
        {
            IpsecAuthAlg = "string",
            IpsecEncAlg = "string",
            IpsecLifetime = 0,
            IpsecPfs = "string",
        },
        EnableDpd = false,
        NetworkType = "string",
        CustomerGatewayId = "string",
        Tags = 
        {
            { "string", "string" },
        },
        TunnelOptionsSpecifications = new[]
        {
            new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationArgs
            {
                CustomerGatewayId = "string",
                EnableDpd = false,
                EnableNatTraversal = false,
                InternetIp = "string",
                Role = "string",
                State = "string",
                Status = "string",
                TunnelBgpConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs
                {
                    BgpStatus = "string",
                    LocalAsn = "string",
                    LocalBgpIp = "string",
                    PeerAsn = "string",
                    PeerBgpIp = "string",
                    TunnelCidr = "string",
                },
                TunnelId = "string",
                TunnelIkeConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs
                {
                    IkeAuthAlg = "string",
                    IkeEncAlg = "string",
                    IkeLifetime = 0,
                    IkeMode = "string",
                    IkePfs = "string",
                    IkeVersion = "string",
                    LocalId = "string",
                    Psk = "string",
                    RemoteId = "string",
                },
                TunnelIpsecConfig = new AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs
                {
                    IpsecAuthAlg = "string",
                    IpsecEncAlg = "string",
                    IpsecLifetime = 0,
                    IpsecPfs = "string",
                },
                ZoneNo = "string",
            },
        },
        VpnConnectionName = "string",
        BgpConfig = new AliCloud.Vpn.Inputs.ConnectionBgpConfigArgs
        {
            Enable = false,
            LocalAsn = "string",
            LocalBgpIp = "string",
            Status = "string",
            TunnelCidr = "string",
        },
    });
    
    example, err := vpn.NewConnection(ctx, "exampleconnectionResourceResourceFromVpnconnection", &vpn.ConnectionArgs{
    	LocalSubnets: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	VpnGatewayId: pulumi.String("string"),
    	RemoteSubnets: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	IkeConfig: &vpn.ConnectionIkeConfigArgs{
    		IkeAuthAlg:  pulumi.String("string"),
    		IkeEncAlg:   pulumi.String("string"),
    		IkeLifetime: pulumi.Int(0),
    		IkeLocalId:  pulumi.String("string"),
    		IkeMode:     pulumi.String("string"),
    		IkePfs:      pulumi.String("string"),
    		IkeRemoteId: pulumi.String("string"),
    		IkeVersion:  pulumi.String("string"),
    		Psk:         pulumi.String("string"),
    	},
    	EffectImmediately:  pulumi.Bool(false),
    	EnableNatTraversal: pulumi.Bool(false),
    	EnableTunnelsBgp:   pulumi.Bool(false),
    	HealthCheckConfig: &vpn.ConnectionHealthCheckConfigArgs{
    		Dip:      pulumi.String("string"),
    		Enable:   pulumi.Bool(false),
    		Interval: pulumi.Int(0),
    		Retry:    pulumi.Int(0),
    		Sip:      pulumi.String("string"),
    	},
    	AutoConfigRoute: pulumi.Bool(false),
    	IpsecConfig: &vpn.ConnectionIpsecConfigArgs{
    		IpsecAuthAlg:  pulumi.String("string"),
    		IpsecEncAlg:   pulumi.String("string"),
    		IpsecLifetime: pulumi.Int(0),
    		IpsecPfs:      pulumi.String("string"),
    	},
    	EnableDpd:         pulumi.Bool(false),
    	NetworkType:       pulumi.String("string"),
    	CustomerGatewayId: pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	TunnelOptionsSpecifications: vpn.ConnectionTunnelOptionsSpecificationArray{
    		&vpn.ConnectionTunnelOptionsSpecificationArgs{
    			CustomerGatewayId:  pulumi.String("string"),
    			EnableDpd:          pulumi.Bool(false),
    			EnableNatTraversal: pulumi.Bool(false),
    			InternetIp:         pulumi.String("string"),
    			Role:               pulumi.String("string"),
    			State:              pulumi.String("string"),
    			Status:             pulumi.String("string"),
    			TunnelBgpConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs{
    				BgpStatus:  pulumi.String("string"),
    				LocalAsn:   pulumi.String("string"),
    				LocalBgpIp: pulumi.String("string"),
    				PeerAsn:    pulumi.String("string"),
    				PeerBgpIp:  pulumi.String("string"),
    				TunnelCidr: pulumi.String("string"),
    			},
    			TunnelId: pulumi.String("string"),
    			TunnelIkeConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs{
    				IkeAuthAlg:  pulumi.String("string"),
    				IkeEncAlg:   pulumi.String("string"),
    				IkeLifetime: pulumi.Int(0),
    				IkeMode:     pulumi.String("string"),
    				IkePfs:      pulumi.String("string"),
    				IkeVersion:  pulumi.String("string"),
    				LocalId:     pulumi.String("string"),
    				Psk:         pulumi.String("string"),
    				RemoteId:    pulumi.String("string"),
    			},
    			TunnelIpsecConfig: &vpn.ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs{
    				IpsecAuthAlg:  pulumi.String("string"),
    				IpsecEncAlg:   pulumi.String("string"),
    				IpsecLifetime: pulumi.Int(0),
    				IpsecPfs:      pulumi.String("string"),
    			},
    			ZoneNo: pulumi.String("string"),
    		},
    	},
    	VpnConnectionName: pulumi.String("string"),
    	BgpConfig: &vpn.ConnectionBgpConfigArgs{
    		Enable:     pulumi.Bool(false),
    		LocalAsn:   pulumi.String("string"),
    		LocalBgpIp: pulumi.String("string"),
    		Status:     pulumi.String("string"),
    		TunnelCidr: pulumi.String("string"),
    	},
    })
    
    var exampleconnectionResourceResourceFromVpnconnection = new Connection("exampleconnectionResourceResourceFromVpnconnection", ConnectionArgs.builder()
        .localSubnets("string")
        .vpnGatewayId("string")
        .remoteSubnets("string")
        .ikeConfig(ConnectionIkeConfigArgs.builder()
            .ikeAuthAlg("string")
            .ikeEncAlg("string")
            .ikeLifetime(0)
            .ikeLocalId("string")
            .ikeMode("string")
            .ikePfs("string")
            .ikeRemoteId("string")
            .ikeVersion("string")
            .psk("string")
            .build())
        .effectImmediately(false)
        .enableNatTraversal(false)
        .enableTunnelsBgp(false)
        .healthCheckConfig(ConnectionHealthCheckConfigArgs.builder()
            .dip("string")
            .enable(false)
            .interval(0)
            .retry(0)
            .sip("string")
            .build())
        .autoConfigRoute(false)
        .ipsecConfig(ConnectionIpsecConfigArgs.builder()
            .ipsecAuthAlg("string")
            .ipsecEncAlg("string")
            .ipsecLifetime(0)
            .ipsecPfs("string")
            .build())
        .enableDpd(false)
        .networkType("string")
        .customerGatewayId("string")
        .tags(Map.of("string", "string"))
        .tunnelOptionsSpecifications(ConnectionTunnelOptionsSpecificationArgs.builder()
            .customerGatewayId("string")
            .enableDpd(false)
            .enableNatTraversal(false)
            .internetIp("string")
            .role("string")
            .state("string")
            .status("string")
            .tunnelBgpConfig(ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs.builder()
                .bgpStatus("string")
                .localAsn("string")
                .localBgpIp("string")
                .peerAsn("string")
                .peerBgpIp("string")
                .tunnelCidr("string")
                .build())
            .tunnelId("string")
            .tunnelIkeConfig(ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs.builder()
                .ikeAuthAlg("string")
                .ikeEncAlg("string")
                .ikeLifetime(0)
                .ikeMode("string")
                .ikePfs("string")
                .ikeVersion("string")
                .localId("string")
                .psk("string")
                .remoteId("string")
                .build())
            .tunnelIpsecConfig(ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs.builder()
                .ipsecAuthAlg("string")
                .ipsecEncAlg("string")
                .ipsecLifetime(0)
                .ipsecPfs("string")
                .build())
            .zoneNo("string")
            .build())
        .vpnConnectionName("string")
        .bgpConfig(ConnectionBgpConfigArgs.builder()
            .enable(false)
            .localAsn("string")
            .localBgpIp("string")
            .status("string")
            .tunnelCidr("string")
            .build())
        .build());
    
    exampleconnection_resource_resource_from_vpnconnection = alicloud.vpn.Connection("exampleconnectionResourceResourceFromVpnconnection",
        local_subnets=["string"],
        vpn_gateway_id="string",
        remote_subnets=["string"],
        ike_config={
            "ike_auth_alg": "string",
            "ike_enc_alg": "string",
            "ike_lifetime": 0,
            "ike_local_id": "string",
            "ike_mode": "string",
            "ike_pfs": "string",
            "ike_remote_id": "string",
            "ike_version": "string",
            "psk": "string",
        },
        effect_immediately=False,
        enable_nat_traversal=False,
        enable_tunnels_bgp=False,
        health_check_config={
            "dip": "string",
            "enable": False,
            "interval": 0,
            "retry": 0,
            "sip": "string",
        },
        auto_config_route=False,
        ipsec_config={
            "ipsec_auth_alg": "string",
            "ipsec_enc_alg": "string",
            "ipsec_lifetime": 0,
            "ipsec_pfs": "string",
        },
        enable_dpd=False,
        network_type="string",
        customer_gateway_id="string",
        tags={
            "string": "string",
        },
        tunnel_options_specifications=[{
            "customer_gateway_id": "string",
            "enable_dpd": False,
            "enable_nat_traversal": False,
            "internet_ip": "string",
            "role": "string",
            "state": "string",
            "status": "string",
            "tunnel_bgp_config": {
                "bgp_status": "string",
                "local_asn": "string",
                "local_bgp_ip": "string",
                "peer_asn": "string",
                "peer_bgp_ip": "string",
                "tunnel_cidr": "string",
            },
            "tunnel_id": "string",
            "tunnel_ike_config": {
                "ike_auth_alg": "string",
                "ike_enc_alg": "string",
                "ike_lifetime": 0,
                "ike_mode": "string",
                "ike_pfs": "string",
                "ike_version": "string",
                "local_id": "string",
                "psk": "string",
                "remote_id": "string",
            },
            "tunnel_ipsec_config": {
                "ipsec_auth_alg": "string",
                "ipsec_enc_alg": "string",
                "ipsec_lifetime": 0,
                "ipsec_pfs": "string",
            },
            "zone_no": "string",
        }],
        vpn_connection_name="string",
        bgp_config={
            "enable": False,
            "local_asn": "string",
            "local_bgp_ip": "string",
            "status": "string",
            "tunnel_cidr": "string",
        })
    
    const exampleconnectionResourceResourceFromVpnconnection = new alicloud.vpn.Connection("exampleconnectionResourceResourceFromVpnconnection", {
        localSubnets: ["string"],
        vpnGatewayId: "string",
        remoteSubnets: ["string"],
        ikeConfig: {
            ikeAuthAlg: "string",
            ikeEncAlg: "string",
            ikeLifetime: 0,
            ikeLocalId: "string",
            ikeMode: "string",
            ikePfs: "string",
            ikeRemoteId: "string",
            ikeVersion: "string",
            psk: "string",
        },
        effectImmediately: false,
        enableNatTraversal: false,
        enableTunnelsBgp: false,
        healthCheckConfig: {
            dip: "string",
            enable: false,
            interval: 0,
            retry: 0,
            sip: "string",
        },
        autoConfigRoute: false,
        ipsecConfig: {
            ipsecAuthAlg: "string",
            ipsecEncAlg: "string",
            ipsecLifetime: 0,
            ipsecPfs: "string",
        },
        enableDpd: false,
        networkType: "string",
        customerGatewayId: "string",
        tags: {
            string: "string",
        },
        tunnelOptionsSpecifications: [{
            customerGatewayId: "string",
            enableDpd: false,
            enableNatTraversal: false,
            internetIp: "string",
            role: "string",
            state: "string",
            status: "string",
            tunnelBgpConfig: {
                bgpStatus: "string",
                localAsn: "string",
                localBgpIp: "string",
                peerAsn: "string",
                peerBgpIp: "string",
                tunnelCidr: "string",
            },
            tunnelId: "string",
            tunnelIkeConfig: {
                ikeAuthAlg: "string",
                ikeEncAlg: "string",
                ikeLifetime: 0,
                ikeMode: "string",
                ikePfs: "string",
                ikeVersion: "string",
                localId: "string",
                psk: "string",
                remoteId: "string",
            },
            tunnelIpsecConfig: {
                ipsecAuthAlg: "string",
                ipsecEncAlg: "string",
                ipsecLifetime: 0,
                ipsecPfs: "string",
            },
            zoneNo: "string",
        }],
        vpnConnectionName: "string",
        bgpConfig: {
            enable: false,
            localAsn: "string",
            localBgpIp: "string",
            status: "string",
            tunnelCidr: "string",
        },
    });
    
    type: alicloud:vpn:Connection
    properties:
        autoConfigRoute: false
        bgpConfig:
            enable: false
            localAsn: string
            localBgpIp: string
            status: string
            tunnelCidr: string
        customerGatewayId: string
        effectImmediately: false
        enableDpd: false
        enableNatTraversal: false
        enableTunnelsBgp: false
        healthCheckConfig:
            dip: string
            enable: false
            interval: 0
            retry: 0
            sip: string
        ikeConfig:
            ikeAuthAlg: string
            ikeEncAlg: string
            ikeLifetime: 0
            ikeLocalId: string
            ikeMode: string
            ikePfs: string
            ikeRemoteId: string
            ikeVersion: string
            psk: string
        ipsecConfig:
            ipsecAuthAlg: string
            ipsecEncAlg: string
            ipsecLifetime: 0
            ipsecPfs: string
        localSubnets:
            - string
        networkType: string
        remoteSubnets:
            - string
        tags:
            string: string
        tunnelOptionsSpecifications:
            - customerGatewayId: string
              enableDpd: false
              enableNatTraversal: false
              internetIp: string
              role: string
              state: string
              status: string
              tunnelBgpConfig:
                bgpStatus: string
                localAsn: string
                localBgpIp: string
                peerAsn: string
                peerBgpIp: string
                tunnelCidr: string
              tunnelId: string
              tunnelIkeConfig:
                ikeAuthAlg: string
                ikeEncAlg: string
                ikeLifetime: 0
                ikeMode: string
                ikePfs: string
                ikeVersion: string
                localId: string
                psk: string
                remoteId: string
              tunnelIpsecConfig:
                ipsecAuthAlg: string
                ipsecEncAlg: string
                ipsecLifetime: 0
                ipsecPfs: string
              zoneNo: string
        vpnConnectionName: string
        vpnGatewayId: string
    

    Connection Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Connection resource accepts the following input properties:

    LocalSubnets List<string>
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    RemoteSubnets List<string>
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    VpnGatewayId string

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    AutoConfigRoute bool
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    BgpConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionBgpConfig
    vpnBgp configuration. See bgp_config below.
    CustomerGatewayId string
    The ID of the customer gateway.
    EffectImmediately bool
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    EnableDpd bool
    Wether enable Dpd detection.
    EnableNatTraversal bool
    enable nat traversal.
    EnableTunnelsBgp bool
    Enable tunnel bgp.
    HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionHealthCheckConfig
    Health Check information. See health_check_config below.
    IkeConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIkeConfig
    The configuration of Phase 1 negotiations. See ike_config below.
    IpsecConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIpsecConfig
    IPsec configuration. See ipsec_config below.
    Name string
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    NetworkType string
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    Tags Dictionary<string, string>
    Tags.
    TunnelOptionsSpecifications List<Pulumi.AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecification>
    The tunnel options of IPsec. See tunnel_options_specification below.
    VpnConnectionName string
    The name of the IPsec-VPN connection.
    LocalSubnets []string
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    RemoteSubnets []string
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    VpnGatewayId string

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    AutoConfigRoute bool
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    BgpConfig ConnectionBgpConfigArgs
    vpnBgp configuration. See bgp_config below.
    CustomerGatewayId string
    The ID of the customer gateway.
    EffectImmediately bool
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    EnableDpd bool
    Wether enable Dpd detection.
    EnableNatTraversal bool
    enable nat traversal.
    EnableTunnelsBgp bool
    Enable tunnel bgp.
    HealthCheckConfig ConnectionHealthCheckConfigArgs
    Health Check information. See health_check_config below.
    IkeConfig ConnectionIkeConfigArgs
    The configuration of Phase 1 negotiations. See ike_config below.
    IpsecConfig ConnectionIpsecConfigArgs
    IPsec configuration. See ipsec_config below.
    Name string
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    NetworkType string
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    Tags map[string]string
    Tags.
    TunnelOptionsSpecifications []ConnectionTunnelOptionsSpecificationArgs
    The tunnel options of IPsec. See tunnel_options_specification below.
    VpnConnectionName string
    The name of the IPsec-VPN connection.
    localSubnets List<String>
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    remoteSubnets List<String>
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    vpnGatewayId String

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    autoConfigRoute Boolean
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    bgpConfig ConnectionBgpConfig
    vpnBgp configuration. See bgp_config below.
    customerGatewayId String
    The ID of the customer gateway.
    effectImmediately Boolean
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    enableDpd Boolean
    Wether enable Dpd detection.
    enableNatTraversal Boolean
    enable nat traversal.
    enableTunnelsBgp Boolean
    Enable tunnel bgp.
    healthCheckConfig ConnectionHealthCheckConfig
    Health Check information. See health_check_config below.
    ikeConfig ConnectionIkeConfig
    The configuration of Phase 1 negotiations. See ike_config below.
    ipsecConfig ConnectionIpsecConfig
    IPsec configuration. See ipsec_config below.
    name String
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    networkType String
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    tags Map<String,String>
    Tags.
    tunnelOptionsSpecifications List<ConnectionTunnelOptionsSpecification>
    The tunnel options of IPsec. See tunnel_options_specification below.
    vpnConnectionName String
    The name of the IPsec-VPN connection.
    localSubnets string[]
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    remoteSubnets string[]
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    vpnGatewayId string

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    autoConfigRoute boolean
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    bgpConfig ConnectionBgpConfig
    vpnBgp configuration. See bgp_config below.
    customerGatewayId string
    The ID of the customer gateway.
    effectImmediately boolean
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    enableDpd boolean
    Wether enable Dpd detection.
    enableNatTraversal boolean
    enable nat traversal.
    enableTunnelsBgp boolean
    Enable tunnel bgp.
    healthCheckConfig ConnectionHealthCheckConfig
    Health Check information. See health_check_config below.
    ikeConfig ConnectionIkeConfig
    The configuration of Phase 1 negotiations. See ike_config below.
    ipsecConfig ConnectionIpsecConfig
    IPsec configuration. See ipsec_config below.
    name string
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    networkType string
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    tags {[key: string]: string}
    Tags.
    tunnelOptionsSpecifications ConnectionTunnelOptionsSpecification[]
    The tunnel options of IPsec. See tunnel_options_specification below.
    vpnConnectionName string
    The name of the IPsec-VPN connection.
    local_subnets Sequence[str]
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    remote_subnets Sequence[str]
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    vpn_gateway_id str

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    auto_config_route bool
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    bgp_config ConnectionBgpConfigArgs
    vpnBgp configuration. See bgp_config below.
    customer_gateway_id str
    The ID of the customer gateway.
    effect_immediately bool
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    enable_dpd bool
    Wether enable Dpd detection.
    enable_nat_traversal bool
    enable nat traversal.
    enable_tunnels_bgp bool
    Enable tunnel bgp.
    health_check_config ConnectionHealthCheckConfigArgs
    Health Check information. See health_check_config below.
    ike_config ConnectionIkeConfigArgs
    The configuration of Phase 1 negotiations. See ike_config below.
    ipsec_config ConnectionIpsecConfigArgs
    IPsec configuration. See ipsec_config below.
    name str
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    network_type str
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    tags Mapping[str, str]
    Tags.
    tunnel_options_specifications Sequence[ConnectionTunnelOptionsSpecificationArgs]
    The tunnel options of IPsec. See tunnel_options_specification below.
    vpn_connection_name str
    The name of the IPsec-VPN connection.
    localSubnets List<String>
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    remoteSubnets List<String>
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    vpnGatewayId String

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    autoConfigRoute Boolean
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    bgpConfig Property Map
    vpnBgp configuration. See bgp_config below.
    customerGatewayId String
    The ID of the customer gateway.
    effectImmediately Boolean
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    enableDpd Boolean
    Wether enable Dpd detection.
    enableNatTraversal Boolean
    enable nat traversal.
    enableTunnelsBgp Boolean
    Enable tunnel bgp.
    healthCheckConfig Property Map
    Health Check information. See health_check_config below.
    ikeConfig Property Map
    The configuration of Phase 1 negotiations. See ike_config below.
    ipsecConfig Property Map
    IPsec configuration. See ipsec_config below.
    name String
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    networkType String
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    tags Map<String>
    Tags.
    tunnelOptionsSpecifications List<Property Map>
    The tunnel options of IPsec. See tunnel_options_specification below.
    vpnConnectionName String
    The name of the IPsec-VPN connection.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

    CreateTime int
    The time when the IPsec-VPN connection was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceGroupId string
    The ID of the resource group.
    Status string
    The negotiation status of Tunnel.
    CreateTime int
    The time when the IPsec-VPN connection was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceGroupId string
    The ID of the resource group.
    Status string
    The negotiation status of Tunnel.
    createTime Integer
    The time when the IPsec-VPN connection was created.
    id String
    The provider-assigned unique ID for this managed resource.
    resourceGroupId String
    The ID of the resource group.
    status String
    The negotiation status of Tunnel.
    createTime number
    The time when the IPsec-VPN connection was created.
    id string
    The provider-assigned unique ID for this managed resource.
    resourceGroupId string
    The ID of the resource group.
    status string
    The negotiation status of Tunnel.
    create_time int
    The time when the IPsec-VPN connection was created.
    id str
    The provider-assigned unique ID for this managed resource.
    resource_group_id str
    The ID of the resource group.
    status str
    The negotiation status of Tunnel.
    createTime Number
    The time when the IPsec-VPN connection was created.
    id String
    The provider-assigned unique ID for this managed resource.
    resourceGroupId String
    The ID of the resource group.
    status String
    The negotiation status of Tunnel.

    Look up Existing Connection Resource

    Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            auto_config_route: Optional[bool] = None,
            bgp_config: Optional[ConnectionBgpConfigArgs] = None,
            create_time: Optional[int] = None,
            customer_gateway_id: Optional[str] = None,
            effect_immediately: Optional[bool] = None,
            enable_dpd: Optional[bool] = None,
            enable_nat_traversal: Optional[bool] = None,
            enable_tunnels_bgp: Optional[bool] = None,
            health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
            ike_config: Optional[ConnectionIkeConfigArgs] = None,
            ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
            local_subnets: Optional[Sequence[str]] = None,
            name: Optional[str] = None,
            network_type: Optional[str] = None,
            remote_subnets: Optional[Sequence[str]] = None,
            resource_group_id: Optional[str] = None,
            status: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            tunnel_options_specifications: Optional[Sequence[ConnectionTunnelOptionsSpecificationArgs]] = None,
            vpn_connection_name: Optional[str] = None,
            vpn_gateway_id: Optional[str] = None) -> Connection
    func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
    public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
    public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AutoConfigRoute bool
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    BgpConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionBgpConfig
    vpnBgp configuration. See bgp_config below.
    CreateTime int
    The time when the IPsec-VPN connection was created.
    CustomerGatewayId string
    The ID of the customer gateway.
    EffectImmediately bool
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    EnableDpd bool
    Wether enable Dpd detection.
    EnableNatTraversal bool
    enable nat traversal.
    EnableTunnelsBgp bool
    Enable tunnel bgp.
    HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionHealthCheckConfig
    Health Check information. See health_check_config below.
    IkeConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIkeConfig
    The configuration of Phase 1 negotiations. See ike_config below.
    IpsecConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIpsecConfig
    IPsec configuration. See ipsec_config below.
    LocalSubnets List<string>
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    Name string
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    NetworkType string
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    RemoteSubnets List<string>
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    ResourceGroupId string
    The ID of the resource group.
    Status string
    The negotiation status of Tunnel.
    Tags Dictionary<string, string>
    Tags.
    TunnelOptionsSpecifications List<Pulumi.AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecification>
    The tunnel options of IPsec. See tunnel_options_specification below.
    VpnConnectionName string
    The name of the IPsec-VPN connection.
    VpnGatewayId string

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    AutoConfigRoute bool
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    BgpConfig ConnectionBgpConfigArgs
    vpnBgp configuration. See bgp_config below.
    CreateTime int
    The time when the IPsec-VPN connection was created.
    CustomerGatewayId string
    The ID of the customer gateway.
    EffectImmediately bool
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    EnableDpd bool
    Wether enable Dpd detection.
    EnableNatTraversal bool
    enable nat traversal.
    EnableTunnelsBgp bool
    Enable tunnel bgp.
    HealthCheckConfig ConnectionHealthCheckConfigArgs
    Health Check information. See health_check_config below.
    IkeConfig ConnectionIkeConfigArgs
    The configuration of Phase 1 negotiations. See ike_config below.
    IpsecConfig ConnectionIpsecConfigArgs
    IPsec configuration. See ipsec_config below.
    LocalSubnets []string
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    Name string
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    NetworkType string
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    RemoteSubnets []string
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    ResourceGroupId string
    The ID of the resource group.
    Status string
    The negotiation status of Tunnel.
    Tags map[string]string
    Tags.
    TunnelOptionsSpecifications []ConnectionTunnelOptionsSpecificationArgs
    The tunnel options of IPsec. See tunnel_options_specification below.
    VpnConnectionName string
    The name of the IPsec-VPN connection.
    VpnGatewayId string

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    autoConfigRoute Boolean
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    bgpConfig ConnectionBgpConfig
    vpnBgp configuration. See bgp_config below.
    createTime Integer
    The time when the IPsec-VPN connection was created.
    customerGatewayId String
    The ID of the customer gateway.
    effectImmediately Boolean
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    enableDpd Boolean
    Wether enable Dpd detection.
    enableNatTraversal Boolean
    enable nat traversal.
    enableTunnelsBgp Boolean
    Enable tunnel bgp.
    healthCheckConfig ConnectionHealthCheckConfig
    Health Check information. See health_check_config below.
    ikeConfig ConnectionIkeConfig
    The configuration of Phase 1 negotiations. See ike_config below.
    ipsecConfig ConnectionIpsecConfig
    IPsec configuration. See ipsec_config below.
    localSubnets List<String>
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    name String
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    networkType String
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    remoteSubnets List<String>
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    resourceGroupId String
    The ID of the resource group.
    status String
    The negotiation status of Tunnel.
    tags Map<String,String>
    Tags.
    tunnelOptionsSpecifications List<ConnectionTunnelOptionsSpecification>
    The tunnel options of IPsec. See tunnel_options_specification below.
    vpnConnectionName String
    The name of the IPsec-VPN connection.
    vpnGatewayId String

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    autoConfigRoute boolean
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    bgpConfig ConnectionBgpConfig
    vpnBgp configuration. See bgp_config below.
    createTime number
    The time when the IPsec-VPN connection was created.
    customerGatewayId string
    The ID of the customer gateway.
    effectImmediately boolean
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    enableDpd boolean
    Wether enable Dpd detection.
    enableNatTraversal boolean
    enable nat traversal.
    enableTunnelsBgp boolean
    Enable tunnel bgp.
    healthCheckConfig ConnectionHealthCheckConfig
    Health Check information. See health_check_config below.
    ikeConfig ConnectionIkeConfig
    The configuration of Phase 1 negotiations. See ike_config below.
    ipsecConfig ConnectionIpsecConfig
    IPsec configuration. See ipsec_config below.
    localSubnets string[]
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    name string
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    networkType string
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    remoteSubnets string[]
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    resourceGroupId string
    The ID of the resource group.
    status string
    The negotiation status of Tunnel.
    tags {[key: string]: string}
    Tags.
    tunnelOptionsSpecifications ConnectionTunnelOptionsSpecification[]
    The tunnel options of IPsec. See tunnel_options_specification below.
    vpnConnectionName string
    The name of the IPsec-VPN connection.
    vpnGatewayId string

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    auto_config_route bool
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    bgp_config ConnectionBgpConfigArgs
    vpnBgp configuration. See bgp_config below.
    create_time int
    The time when the IPsec-VPN connection was created.
    customer_gateway_id str
    The ID of the customer gateway.
    effect_immediately bool
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    enable_dpd bool
    Wether enable Dpd detection.
    enable_nat_traversal bool
    enable nat traversal.
    enable_tunnels_bgp bool
    Enable tunnel bgp.
    health_check_config ConnectionHealthCheckConfigArgs
    Health Check information. See health_check_config below.
    ike_config ConnectionIkeConfigArgs
    The configuration of Phase 1 negotiations. See ike_config below.
    ipsec_config ConnectionIpsecConfigArgs
    IPsec configuration. See ipsec_config below.
    local_subnets Sequence[str]
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    name str
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    network_type str
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    remote_subnets Sequence[str]
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    resource_group_id str
    The ID of the resource group.
    status str
    The negotiation status of Tunnel.
    tags Mapping[str, str]
    Tags.
    tunnel_options_specifications Sequence[ConnectionTunnelOptionsSpecificationArgs]
    The tunnel options of IPsec. See tunnel_options_specification below.
    vpn_connection_name str
    The name of the IPsec-VPN connection.
    vpn_gateway_id str

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    autoConfigRoute Boolean
    Whether to configure routing automatically. Value:

    • true: Automatically configure routes.
    • false: does not automatically configure routes.
    bgpConfig Property Map
    vpnBgp configuration. See bgp_config below.
    createTime Number
    The time when the IPsec-VPN connection was created.
    customerGatewayId String
    The ID of the customer gateway.
    effectImmediately Boolean
    Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
    enableDpd Boolean
    Wether enable Dpd detection.
    enableNatTraversal Boolean
    enable nat traversal.
    enableTunnelsBgp Boolean
    Enable tunnel bgp.
    healthCheckConfig Property Map
    Health Check information. See health_check_config below.
    ikeConfig Property Map
    The configuration of Phase 1 negotiations. See ike_config below.
    ipsecConfig Property Map
    IPsec configuration. See ipsec_config below.
    localSubnets List<String>
    The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
    name String
    . Field 'name' has been deprecated from provider version 1.216.0. New field 'vpn_connection_name' instead.

    Deprecated: Field 'name' has been deprecated since provider version 1.216.0. New field 'vpn_connection_name' instead.

    networkType String
    The network type of the IPsec connection. Value:

    • public: public network, indicating that the IPsec connection establishes an encrypted communication channel through the public network.
    • private: private network, indicating that the IPsec connection establishes an encrypted communication channel through the private network.
    remoteSubnets List<String>
    The CIDR block of the local data center. This parameter is used for phase-two negotiation.
    resourceGroupId String
    The ID of the resource group.
    status String
    The negotiation status of Tunnel.
    tags Map<String>
    Tags.
    tunnelOptionsSpecifications List<Property Map>
    The tunnel options of IPsec. See tunnel_options_specification below.
    vpnConnectionName String
    The name of the IPsec-VPN connection.
    vpnGatewayId String

    The ID of the VPN gateway.

    The following arguments will be discarded. Please use new fields as soon as possible:

    Supporting Types

    ConnectionBgpConfig, ConnectionBgpConfigArgs

    Enable bool
    Bgp enable.
    LocalAsn string
    Local asn.
    LocalBgpIp string
    Local bgp IP.
    Status string
    The negotiation status of Tunnel.
    TunnelCidr string
    IPSec tunnel Cidr.
    Enable bool
    Bgp enable.
    LocalAsn string
    Local asn.
    LocalBgpIp string
    Local bgp IP.
    Status string
    The negotiation status of Tunnel.
    TunnelCidr string
    IPSec tunnel Cidr.
    enable Boolean
    Bgp enable.
    localAsn String
    Local asn.
    localBgpIp String
    Local bgp IP.
    status String
    The negotiation status of Tunnel.
    tunnelCidr String
    IPSec tunnel Cidr.
    enable boolean
    Bgp enable.
    localAsn string
    Local asn.
    localBgpIp string
    Local bgp IP.
    status string
    The negotiation status of Tunnel.
    tunnelCidr string
    IPSec tunnel Cidr.
    enable bool
    Bgp enable.
    local_asn str
    Local asn.
    local_bgp_ip str
    Local bgp IP.
    status str
    The negotiation status of Tunnel.
    tunnel_cidr str
    IPSec tunnel Cidr.
    enable Boolean
    Bgp enable.
    localAsn String
    Local asn.
    localBgpIp String
    Local bgp IP.
    status String
    The negotiation status of Tunnel.
    tunnelCidr String
    IPSec tunnel Cidr.

    ConnectionHealthCheckConfig, ConnectionHealthCheckConfigArgs

    Dip string
    Destination IP.
    Enable bool
    Specifies whether to enable healthcheck.
    Interval int
    Retry interval.
    Retry int
    retry times.
    Sip string
    Source IP.
    Dip string
    Destination IP.
    Enable bool
    Specifies whether to enable healthcheck.
    Interval int
    Retry interval.
    Retry int
    retry times.
    Sip string
    Source IP.
    dip String
    Destination IP.
    enable Boolean
    Specifies whether to enable healthcheck.
    interval Integer
    Retry interval.
    retry Integer
    retry times.
    sip String
    Source IP.
    dip string
    Destination IP.
    enable boolean
    Specifies whether to enable healthcheck.
    interval number
    Retry interval.
    retry number
    retry times.
    sip string
    Source IP.
    dip str
    Destination IP.
    enable bool
    Specifies whether to enable healthcheck.
    interval int
    Retry interval.
    retry int
    retry times.
    sip str
    Source IP.
    dip String
    Destination IP.
    enable Boolean
    Specifies whether to enable healthcheck.
    interval Number
    Retry interval.
    retry Number
    retry times.
    sip String
    Source IP.

    ConnectionIkeConfig, ConnectionIkeConfigArgs

    IkeAuthAlg string
    IKE auth Algorithm.
    IkeEncAlg string
    IKE encript algorithm.
    IkeLifetime int
    IKE lifetime.
    IkeLocalId string
    The local ID, which supports the FQDN and IP formats, and defaults to the IP address of the selected VPN gateway.
    IkeMode string
    IKE mode, supports main and aggressive mode. The main mode is highly secure. If NAT traversal is enabled, we recommend that you use the aggressive mode.
    IkePfs string
    DH group.
    IkeRemoteId string
    The peer ID. The FQDN and IP address formats are supported. The default value is the IP address of the selected customer gateway.
    IkeVersion string
    IKE version.
    Psk string
    Preshared secret key.
    IkeAuthAlg string
    IKE auth Algorithm.
    IkeEncAlg string
    IKE encript algorithm.
    IkeLifetime int
    IKE lifetime.
    IkeLocalId string
    The local ID, which supports the FQDN and IP formats, and defaults to the IP address of the selected VPN gateway.
    IkeMode string
    IKE mode, supports main and aggressive mode. The main mode is highly secure. If NAT traversal is enabled, we recommend that you use the aggressive mode.
    IkePfs string
    DH group.
    IkeRemoteId string
    The peer ID. The FQDN and IP address formats are supported. The default value is the IP address of the selected customer gateway.
    IkeVersion string
    IKE version.
    Psk string
    Preshared secret key.
    ikeAuthAlg String
    IKE auth Algorithm.
    ikeEncAlg String
    IKE encript algorithm.
    ikeLifetime Integer
    IKE lifetime.
    ikeLocalId String
    The local ID, which supports the FQDN and IP formats, and defaults to the IP address of the selected VPN gateway.
    ikeMode String
    IKE mode, supports main and aggressive mode. The main mode is highly secure. If NAT traversal is enabled, we recommend that you use the aggressive mode.
    ikePfs String
    DH group.
    ikeRemoteId String
    The peer ID. The FQDN and IP address formats are supported. The default value is the IP address of the selected customer gateway.
    ikeVersion String
    IKE version.
    psk String
    Preshared secret key.
    ikeAuthAlg string
    IKE auth Algorithm.
    ikeEncAlg string
    IKE encript algorithm.
    ikeLifetime number
    IKE lifetime.
    ikeLocalId string
    The local ID, which supports the FQDN and IP formats, and defaults to the IP address of the selected VPN gateway.
    ikeMode string
    IKE mode, supports main and aggressive mode. The main mode is highly secure. If NAT traversal is enabled, we recommend that you use the aggressive mode.
    ikePfs string
    DH group.
    ikeRemoteId string
    The peer ID. The FQDN and IP address formats are supported. The default value is the IP address of the selected customer gateway.
    ikeVersion string
    IKE version.
    psk string
    Preshared secret key.
    ike_auth_alg str
    IKE auth Algorithm.
    ike_enc_alg str
    IKE encript algorithm.
    ike_lifetime int
    IKE lifetime.
    ike_local_id str
    The local ID, which supports the FQDN and IP formats, and defaults to the IP address of the selected VPN gateway.
    ike_mode str
    IKE mode, supports main and aggressive mode. The main mode is highly secure. If NAT traversal is enabled, we recommend that you use the aggressive mode.
    ike_pfs str
    DH group.
    ike_remote_id str
    The peer ID. The FQDN and IP address formats are supported. The default value is the IP address of the selected customer gateway.
    ike_version str
    IKE version.
    psk str
    Preshared secret key.
    ikeAuthAlg String
    IKE auth Algorithm.
    ikeEncAlg String
    IKE encript algorithm.
    ikeLifetime Number
    IKE lifetime.
    ikeLocalId String
    The local ID, which supports the FQDN and IP formats, and defaults to the IP address of the selected VPN gateway.
    ikeMode String
    IKE mode, supports main and aggressive mode. The main mode is highly secure. If NAT traversal is enabled, we recommend that you use the aggressive mode.
    ikePfs String
    DH group.
    ikeRemoteId String
    The peer ID. The FQDN and IP address formats are supported. The default value is the IP address of the selected customer gateway.
    ikeVersion String
    IKE version.
    psk String
    Preshared secret key.

    ConnectionIpsecConfig, ConnectionIpsecConfigArgs

    IpsecAuthAlg string
    IPsec authentication algorithm. sha1 and md5 are supported.
    IpsecEncAlg string
    IPsec Encript algorithm.
    IpsecLifetime int
    IPsec lifetime.
    IpsecPfs string
    DH Group.
    IpsecAuthAlg string
    IPsec authentication algorithm. sha1 and md5 are supported.
    IpsecEncAlg string
    IPsec Encript algorithm.
    IpsecLifetime int
    IPsec lifetime.
    IpsecPfs string
    DH Group.
    ipsecAuthAlg String
    IPsec authentication algorithm. sha1 and md5 are supported.
    ipsecEncAlg String
    IPsec Encript algorithm.
    ipsecLifetime Integer
    IPsec lifetime.
    ipsecPfs String
    DH Group.
    ipsecAuthAlg string
    IPsec authentication algorithm. sha1 and md5 are supported.
    ipsecEncAlg string
    IPsec Encript algorithm.
    ipsecLifetime number
    IPsec lifetime.
    ipsecPfs string
    DH Group.
    ipsec_auth_alg str
    IPsec authentication algorithm. sha1 and md5 are supported.
    ipsec_enc_alg str
    IPsec Encript algorithm.
    ipsec_lifetime int
    IPsec lifetime.
    ipsec_pfs str
    DH Group.
    ipsecAuthAlg String
    IPsec authentication algorithm. sha1 and md5 are supported.
    ipsecEncAlg String
    IPsec Encript algorithm.
    ipsecLifetime Number
    IPsec lifetime.
    ipsecPfs String
    DH Group.

    ConnectionTunnelOptionsSpecification, ConnectionTunnelOptionsSpecificationArgs

    CustomerGatewayId string
    The ID of the customer gateway in Tunnel.
    EnableDpd bool
    Wether enable Dpd detection.
    EnableNatTraversal bool
    enable nat traversal.
    InternetIp string
    The local internet IP in Tunnel.
    Role string
    The role of Tunnel.
    State string
    The state of Tunnel.
    Status string
    The negotiation status of Tunnel.
    TunnelBgpConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelBgpConfig
    The bgp config of Tunnel. See tunnel_bgp_config below.
    TunnelId string
    The tunnel ID of IPsec-VPN connection.
    TunnelIkeConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIkeConfig
    The configuration of Phase 1 negotiations in Tunnel. See tunnel_ike_config below.
    TunnelIpsecConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionTunnelOptionsSpecificationTunnelIpsecConfig
    IPsec configuration in Tunnel. See tunnel_ipsec_config below.
    ZoneNo string
    The zoneNo of tunnel.
    CustomerGatewayId string
    The ID of the customer gateway in Tunnel.
    EnableDpd bool
    Wether enable Dpd detection.
    EnableNatTraversal bool
    enable nat traversal.
    InternetIp string
    The local internet IP in Tunnel.
    Role string
    The role of Tunnel.
    State string
    The state of Tunnel.
    Status string
    The negotiation status of Tunnel.
    TunnelBgpConfig ConnectionTunnelOptionsSpecificationTunnelBgpConfig
    The bgp config of Tunnel. See tunnel_bgp_config below.
    TunnelId string
    The tunnel ID of IPsec-VPN connection.
    TunnelIkeConfig ConnectionTunnelOptionsSpecificationTunnelIkeConfig
    The configuration of Phase 1 negotiations in Tunnel. See tunnel_ike_config below.
    TunnelIpsecConfig ConnectionTunnelOptionsSpecificationTunnelIpsecConfig
    IPsec configuration in Tunnel. See tunnel_ipsec_config below.
    ZoneNo string
    The zoneNo of tunnel.
    customerGatewayId String
    The ID of the customer gateway in Tunnel.
    enableDpd Boolean
    Wether enable Dpd detection.
    enableNatTraversal Boolean
    enable nat traversal.
    internetIp String
    The local internet IP in Tunnel.
    role String
    The role of Tunnel.
    state String
    The state of Tunnel.
    status String
    The negotiation status of Tunnel.
    tunnelBgpConfig ConnectionTunnelOptionsSpecificationTunnelBgpConfig
    The bgp config of Tunnel. See tunnel_bgp_config below.
    tunnelId String
    The tunnel ID of IPsec-VPN connection.
    tunnelIkeConfig ConnectionTunnelOptionsSpecificationTunnelIkeConfig
    The configuration of Phase 1 negotiations in Tunnel. See tunnel_ike_config below.
    tunnelIpsecConfig ConnectionTunnelOptionsSpecificationTunnelIpsecConfig
    IPsec configuration in Tunnel. See tunnel_ipsec_config below.
    zoneNo String
    The zoneNo of tunnel.
    customerGatewayId string
    The ID of the customer gateway in Tunnel.
    enableDpd boolean
    Wether enable Dpd detection.
    enableNatTraversal boolean
    enable nat traversal.
    internetIp string
    The local internet IP in Tunnel.
    role string
    The role of Tunnel.
    state string
    The state of Tunnel.
    status string
    The negotiation status of Tunnel.
    tunnelBgpConfig ConnectionTunnelOptionsSpecificationTunnelBgpConfig
    The bgp config of Tunnel. See tunnel_bgp_config below.
    tunnelId string
    The tunnel ID of IPsec-VPN connection.
    tunnelIkeConfig ConnectionTunnelOptionsSpecificationTunnelIkeConfig
    The configuration of Phase 1 negotiations in Tunnel. See tunnel_ike_config below.
    tunnelIpsecConfig ConnectionTunnelOptionsSpecificationTunnelIpsecConfig
    IPsec configuration in Tunnel. See tunnel_ipsec_config below.
    zoneNo string
    The zoneNo of tunnel.
    customer_gateway_id str
    The ID of the customer gateway in Tunnel.
    enable_dpd bool
    Wether enable Dpd detection.
    enable_nat_traversal bool
    enable nat traversal.
    internet_ip str
    The local internet IP in Tunnel.
    role str
    The role of Tunnel.
    state str
    The state of Tunnel.
    status str
    The negotiation status of Tunnel.
    tunnel_bgp_config ConnectionTunnelOptionsSpecificationTunnelBgpConfig
    The bgp config of Tunnel. See tunnel_bgp_config below.
    tunnel_id str
    The tunnel ID of IPsec-VPN connection.
    tunnel_ike_config ConnectionTunnelOptionsSpecificationTunnelIkeConfig
    The configuration of Phase 1 negotiations in Tunnel. See tunnel_ike_config below.
    tunnel_ipsec_config ConnectionTunnelOptionsSpecificationTunnelIpsecConfig
    IPsec configuration in Tunnel. See tunnel_ipsec_config below.
    zone_no str
    The zoneNo of tunnel.
    customerGatewayId String
    The ID of the customer gateway in Tunnel.
    enableDpd Boolean
    Wether enable Dpd detection.
    enableNatTraversal Boolean
    enable nat traversal.
    internetIp String
    The local internet IP in Tunnel.
    role String
    The role of Tunnel.
    state String
    The state of Tunnel.
    status String
    The negotiation status of Tunnel.
    tunnelBgpConfig Property Map
    The bgp config of Tunnel. See tunnel_bgp_config below.
    tunnelId String
    The tunnel ID of IPsec-VPN connection.
    tunnelIkeConfig Property Map
    The configuration of Phase 1 negotiations in Tunnel. See tunnel_ike_config below.
    tunnelIpsecConfig Property Map
    IPsec configuration in Tunnel. See tunnel_ipsec_config below.
    zoneNo String
    The zoneNo of tunnel.

    ConnectionTunnelOptionsSpecificationTunnelBgpConfig, ConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs

    BgpStatus string
    Whether BGP function is turned on.
    LocalAsn string
    LocalBgpIp string
    PeerAsn string
    Peer asn.
    PeerBgpIp string
    Peer bgp ip.
    TunnelCidr string
    BgpStatus string
    Whether BGP function is turned on.
    LocalAsn string
    LocalBgpIp string
    PeerAsn string
    Peer asn.
    PeerBgpIp string
    Peer bgp ip.
    TunnelCidr string
    bgpStatus String
    Whether BGP function is turned on.
    localAsn String
    localBgpIp String
    peerAsn String
    Peer asn.
    peerBgpIp String
    Peer bgp ip.
    tunnelCidr String
    bgpStatus string
    Whether BGP function is turned on.
    localAsn string
    localBgpIp string
    peerAsn string
    Peer asn.
    peerBgpIp string
    Peer bgp ip.
    tunnelCidr string
    bgp_status str
    Whether BGP function is turned on.
    local_asn str
    local_bgp_ip str
    peer_asn str
    Peer asn.
    peer_bgp_ip str
    Peer bgp ip.
    tunnel_cidr str
    bgpStatus String
    Whether BGP function is turned on.
    localAsn String
    localBgpIp String
    peerAsn String
    Peer asn.
    peerBgpIp String
    Peer bgp ip.
    tunnelCidr String

    ConnectionTunnelOptionsSpecificationTunnelIkeConfig, ConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs

    IkeAuthAlg string
    IkeEncAlg string
    IkeLifetime int
    IkeMode string
    IkePfs string
    IkeVersion string
    LocalId string
    The local Id.
    Psk string
    RemoteId string
    Remote ID.
    IkeAuthAlg string
    IkeEncAlg string
    IkeLifetime int
    IkeMode string
    IkePfs string
    IkeVersion string
    LocalId string
    The local Id.
    Psk string
    RemoteId string
    Remote ID.
    ikeAuthAlg String
    ikeEncAlg String
    ikeLifetime Integer
    ikeMode String
    ikePfs String
    ikeVersion String
    localId String
    The local Id.
    psk String
    remoteId String
    Remote ID.
    ikeAuthAlg string
    ikeEncAlg string
    ikeLifetime number
    ikeMode string
    ikePfs string
    ikeVersion string
    localId string
    The local Id.
    psk string
    remoteId string
    Remote ID.
    ike_auth_alg str
    ike_enc_alg str
    ike_lifetime int
    ike_mode str
    ike_pfs str
    ike_version str
    local_id str
    The local Id.
    psk str
    remote_id str
    Remote ID.
    ikeAuthAlg String
    ikeEncAlg String
    ikeLifetime Number
    ikeMode String
    ikePfs String
    ikeVersion String
    localId String
    The local Id.
    psk String
    remoteId String
    Remote ID.

    ConnectionTunnelOptionsSpecificationTunnelIpsecConfig, ConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs

    Import

    VPN connection can be imported using the id, e.g.

    $ pulumi import alicloud:vpn/connection:Connection example <id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Alibaba Cloud pulumi/pulumi-alicloud
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the alicloud Terraform Provider.
    alicloud logo
    Alibaba Cloud v3.68.0 published on Monday, Dec 2, 2024 by Pulumi