Alibaba Cloud v3.77.0, May 2 25

Alibaba Cloud v3.77.0 published on Friday, May 2, 2025 by Pulumi

alicloud.vpn.getGatewayVpnAttachments

Explore with Pulumi AI

Alibaba Cloud v3.77.0 published on Friday, May 2, 2025 by Pulumi

Using getGatewayVpnAttachments

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getGatewayVpnAttachments(args: GetGatewayVpnAttachmentsArgs, opts?: InvokeOptions): Promise<GetGatewayVpnAttachmentsResult>
function getGatewayVpnAttachmentsOutput(args: GetGatewayVpnAttachmentsOutputArgs, opts?: InvokeOptions): Output<GetGatewayVpnAttachmentsResult>

def get_gateway_vpn_attachments(ids: Optional[Sequence[str]] = None,
                                name_regex: Optional[str] = None,
                                output_file: Optional[str] = None,
                                page_number: Optional[int] = None,
                                page_size: Optional[int] = None,
                                status: Optional[str] = None,
                                opts: Optional[InvokeOptions] = None) -> GetGatewayVpnAttachmentsResult
def get_gateway_vpn_attachments_output(ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                name_regex: Optional[pulumi.Input[str]] = None,
                                output_file: Optional[pulumi.Input[str]] = None,
                                page_number: Optional[pulumi.Input[int]] = None,
                                page_size: Optional[pulumi.Input[int]] = None,
                                status: Optional[pulumi.Input[str]] = None,
                                opts: Optional[InvokeOptions] = None) -> Output[GetGatewayVpnAttachmentsResult]

func GetGatewayVpnAttachments(ctx *Context, args *GetGatewayVpnAttachmentsArgs, opts ...InvokeOption) (*GetGatewayVpnAttachmentsResult, error)
func GetGatewayVpnAttachmentsOutput(ctx *Context, args *GetGatewayVpnAttachmentsOutputArgs, opts ...InvokeOption) GetGatewayVpnAttachmentsResultOutput

> Note: This function is named GetGatewayVpnAttachments in the Go SDK.

public static class GetGatewayVpnAttachments 
{
    public static Task<GetGatewayVpnAttachmentsResult> InvokeAsync(GetGatewayVpnAttachmentsArgs args, InvokeOptions? opts = null)
    public static Output<GetGatewayVpnAttachmentsResult> Invoke(GetGatewayVpnAttachmentsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetGatewayVpnAttachmentsResult> getGatewayVpnAttachments(GetGatewayVpnAttachmentsArgs args, InvokeOptions options)
public static Output<GetGatewayVpnAttachmentsResult> getGatewayVpnAttachments(GetGatewayVpnAttachmentsArgs args, InvokeOptions options)

fn::invoke:
  function: alicloud:vpn/getGatewayVpnAttachments:getGatewayVpnAttachments
  arguments:
    # arguments dictionary

The following arguments are supported:

Ids List<string>: A list of Vpn Attachment IDs.
NameRegex string: A regex string to filter results by Group Metric Rule name.
OutputFile string: File name where to save data source results (after running pulumi preview).
PageNumber int: Current page number.
PageSize int: Number of records per page.
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

Ids []string: A list of Vpn Attachment IDs.
NameRegex string: A regex string to filter results by Group Metric Rule name.
OutputFile string: File name where to save data source results (after running pulumi preview).
PageNumber int: Current page number.
PageSize int: Number of records per page.
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

ids List<String>: A list of Vpn Attachment IDs.
nameRegex String: A regex string to filter results by Group Metric Rule name.
outputFile String: File name where to save data source results (after running pulumi preview).
pageNumber Integer: Current page number.
pageSize Integer: Number of records per page.
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

ids string[]: A list of Vpn Attachment IDs.
nameRegex string: A regex string to filter results by Group Metric Rule name.
outputFile string: File name where to save data source results (after running pulumi preview).
pageNumber number: Current page number.
pageSize number: Number of records per page.
status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

ids Sequence[str]: A list of Vpn Attachment IDs.
name_regex str: A regex string to filter results by Group Metric Rule name.
output_file str: File name where to save data source results (after running pulumi preview).
page_number int: Current page number.
page_size int: Number of records per page.
status str: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

ids List<String>: A list of Vpn Attachment IDs.
nameRegex String: A regex string to filter results by Group Metric Rule name.
outputFile String: File name where to save data source results (after running pulumi preview).
pageNumber Number: Current page number.
pageSize Number: Number of records per page.
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

getGatewayVpnAttachments Result

The following output properties are available:

Attachments List<Pulumi.AliCloud.Vpn.Outputs.GetGatewayVpnAttachmentsAttachment>: A list of Vpn Attachment Entries. Each element contains the following attributes:
Id string: The provider-assigned unique ID for this managed resource.
Ids List<string>: A list of Vpn Attachment IDs.
Names List<string>: A list of name of Vpn Attachments.
NameRegex string
OutputFile string
PageNumber int
PageSize int
Status string: The negotiation status of Tunnel. - ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.

Attachments []GetGatewayVpnAttachmentsAttachment: A list of Vpn Attachment Entries. Each element contains the following attributes:
Id string: The provider-assigned unique ID for this managed resource.
Ids []string: A list of Vpn Attachment IDs.
Names []string: A list of name of Vpn Attachments.
NameRegex string
OutputFile string
PageNumber int
PageSize int
Status string: The negotiation status of Tunnel. - ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.

attachments List<GetGatewayVpnAttachmentsAttachment>: A list of Vpn Attachment Entries. Each element contains the following attributes:
id String: The provider-assigned unique ID for this managed resource.
ids List<String>: A list of Vpn Attachment IDs.
names List<String>: A list of name of Vpn Attachments.
nameRegex String
outputFile String
pageNumber Integer
pageSize Integer
status String: The negotiation status of Tunnel. - ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.

attachments GetGatewayVpnAttachmentsAttachment[]: A list of Vpn Attachment Entries. Each element contains the following attributes:
id string: The provider-assigned unique ID for this managed resource.
ids string[]: A list of Vpn Attachment IDs.
names string[]: A list of name of Vpn Attachments.
nameRegex string
outputFile string
pageNumber number
pageSize number
status string: The negotiation status of Tunnel. - ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.

attachments Sequence[GetGatewayVpnAttachmentsAttachment]: A list of Vpn Attachment Entries. Each element contains the following attributes:
id str: The provider-assigned unique ID for this managed resource.
ids Sequence[str]: A list of Vpn Attachment IDs.
names Sequence[str]: A list of name of Vpn Attachments.
name_regex str
output_file str
page_number int
page_size int
status str: The negotiation status of Tunnel. - ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.

attachments List<Property Map>: A list of Vpn Attachment Entries. Each element contains the following attributes:
id String: The provider-assigned unique ID for this managed resource.
ids List<String>: A list of Vpn Attachment IDs.
names List<String>: A list of name of Vpn Attachments.
nameRegex String
outputFile String
pageNumber Number
pageSize Number
status String: The negotiation status of Tunnel. - ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.

Supporting Types

GetGatewayVpnAttachmentsAttachment

AttachType string: attach type- CEN: indicates that the IPsec-VPN connection is associated with a transit router of a Cloud Enterprise Network (CEN) instance.- NO_ASSOCIATED: indicates that the IPsec-VPN connection is not associated with any resource.
BgpConfigs List<Pulumi.AliCloud.Vpn.Inputs.GetGatewayVpnAttachmentsAttachmentBgpConfig>: Bgp configuration information.- This parameter is supported when you create an vpn attachment in single-tunnel mode.
ConnectionStatus string: IPsec connection status- ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.
CreateTime string: The creation time of the resource
CustomerGatewayId string: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
EffectImmediately bool: Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:- true: immediately starts IPsec negotiations after the configuration is complete.- false (default): starts IPsec negotiations when inbound traffic is received.
EnableDpd bool: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
EnableNatTraversal bool: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
EnableTunnelsBgp bool: You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value: true or false (default).> before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
HealthCheckConfigs List<Pulumi.AliCloud.Vpn.Inputs.GetGatewayVpnAttachmentsAttachmentHealthCheckConfig>: This parameter is supported if you create an vpn attachment in single-tunnel mode.Health check configuration information.
Id string: The ID of the resource supplied above.
IkeConfigs List<Pulumi.AliCloud.Vpn.Inputs.GetGatewayVpnAttachmentsAttachmentIkeConfig>: The configurations of Phase 1 negotiations. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
InternetIp string: The local internet IP in Tunnel.
IpsecConfigs List<Pulumi.AliCloud.Vpn.Inputs.GetGatewayVpnAttachmentsAttachmentIpsecConfig>: Configuration negotiated in the second stage. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
LocalSubnet string: The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
NetworkType string: network type- public (default)- private
RemoteSubnet string: The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
ResourceGroupId string: The ID of the resource group
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
Tags Dictionary<string, string>: Tags
TunnelOptionsSpecifications List<Pulumi.AliCloud.Vpn.Inputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecification>: Configure the tunnel.-You can configure parameters in the tunnel_options_specification array when you create a vpn attachment in dual-tunnel mode.-When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment.
VpnAttachmentName string: vpn attachment name
VpnConnectionId string: The first ID of the resource

AttachType string: attach type- CEN: indicates that the IPsec-VPN connection is associated with a transit router of a Cloud Enterprise Network (CEN) instance.- NO_ASSOCIATED: indicates that the IPsec-VPN connection is not associated with any resource.
BgpConfigs []GetGatewayVpnAttachmentsAttachmentBgpConfig: Bgp configuration information.- This parameter is supported when you create an vpn attachment in single-tunnel mode.
ConnectionStatus string: IPsec connection status- ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.
CreateTime string: The creation time of the resource
CustomerGatewayId string: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
EffectImmediately bool: Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:- true: immediately starts IPsec negotiations after the configuration is complete.- false (default): starts IPsec negotiations when inbound traffic is received.
EnableDpd bool: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
EnableNatTraversal bool: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
EnableTunnelsBgp bool: You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value: true or false (default).> before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
HealthCheckConfigs []GetGatewayVpnAttachmentsAttachmentHealthCheckConfig: This parameter is supported if you create an vpn attachment in single-tunnel mode.Health check configuration information.
Id string: The ID of the resource supplied above.
IkeConfigs []GetGatewayVpnAttachmentsAttachmentIkeConfig: The configurations of Phase 1 negotiations. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
InternetIp string: The local internet IP in Tunnel.
IpsecConfigs []GetGatewayVpnAttachmentsAttachmentIpsecConfig: Configuration negotiated in the second stage. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
LocalSubnet string: The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
NetworkType string: network type- public (default)- private
RemoteSubnet string: The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
ResourceGroupId string: The ID of the resource group
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
Tags map[string]string: Tags
TunnelOptionsSpecifications []GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecification: Configure the tunnel.-You can configure parameters in the tunnel_options_specification array when you create a vpn attachment in dual-tunnel mode.-When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment.
VpnAttachmentName string: vpn attachment name
VpnConnectionId string: The first ID of the resource

attachType String: attach type- CEN: indicates that the IPsec-VPN connection is associated with a transit router of a Cloud Enterprise Network (CEN) instance.- NO_ASSOCIATED: indicates that the IPsec-VPN connection is not associated with any resource.
bgpConfigs List<GetGatewayVpnAttachmentsAttachmentBgpConfig>: Bgp configuration information.- This parameter is supported when you create an vpn attachment in single-tunnel mode.
connectionStatus String: IPsec connection status- ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.
createTime String: The creation time of the resource
customerGatewayId String: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
effectImmediately Boolean: Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:- true: immediately starts IPsec negotiations after the configuration is complete.- false (default): starts IPsec negotiations when inbound traffic is received.
enableDpd Boolean: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
enableNatTraversal Boolean: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
enableTunnelsBgp Boolean: You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value: true or false (default).> before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
healthCheckConfigs List<GetGatewayVpnAttachmentsAttachmentHealthCheckConfig>: This parameter is supported if you create an vpn attachment in single-tunnel mode.Health check configuration information.
id String: The ID of the resource supplied above.
ikeConfigs List<GetGatewayVpnAttachmentsAttachmentIkeConfig>: The configurations of Phase 1 negotiations. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
internetIp String: The local internet IP in Tunnel.
ipsecConfigs List<GetGatewayVpnAttachmentsAttachmentIpsecConfig>: Configuration negotiated in the second stage. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
localSubnet String: The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
networkType String: network type- public (default)- private
remoteSubnet String: The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
resourceGroupId String: The ID of the resource group
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tags Map<String,String>: Tags
tunnelOptionsSpecifications List<GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecification>: Configure the tunnel.-You can configure parameters in the tunnel_options_specification array when you create a vpn attachment in dual-tunnel mode.-When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment.
vpnAttachmentName String: vpn attachment name
vpnConnectionId String: The first ID of the resource

attachType string: attach type- CEN: indicates that the IPsec-VPN connection is associated with a transit router of a Cloud Enterprise Network (CEN) instance.- NO_ASSOCIATED: indicates that the IPsec-VPN connection is not associated with any resource.
bgpConfigs GetGatewayVpnAttachmentsAttachmentBgpConfig[]: Bgp configuration information.- This parameter is supported when you create an vpn attachment in single-tunnel mode.
connectionStatus string: IPsec connection status- ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.
createTime string: The creation time of the resource
customerGatewayId string: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
effectImmediately boolean: Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:- true: immediately starts IPsec negotiations after the configuration is complete.- false (default): starts IPsec negotiations when inbound traffic is received.
enableDpd boolean: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
enableNatTraversal boolean: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
enableTunnelsBgp boolean: You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value: true or false (default).> before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
healthCheckConfigs GetGatewayVpnAttachmentsAttachmentHealthCheckConfig[]: This parameter is supported if you create an vpn attachment in single-tunnel mode.Health check configuration information.
id string: The ID of the resource supplied above.
ikeConfigs GetGatewayVpnAttachmentsAttachmentIkeConfig[]: The configurations of Phase 1 negotiations. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
internetIp string: The local internet IP in Tunnel.
ipsecConfigs GetGatewayVpnAttachmentsAttachmentIpsecConfig[]: Configuration negotiated in the second stage. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
localSubnet string: The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
networkType string: network type- public (default)- private
remoteSubnet string: The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
resourceGroupId string: The ID of the resource group
status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tags {[key: string]: string}: Tags
tunnelOptionsSpecifications GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecification[]: Configure the tunnel.-You can configure parameters in the tunnel_options_specification array when you create a vpn attachment in dual-tunnel mode.-When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment.
vpnAttachmentName string: vpn attachment name
vpnConnectionId string: The first ID of the resource

attach_type str: attach type- CEN: indicates that the IPsec-VPN connection is associated with a transit router of a Cloud Enterprise Network (CEN) instance.- NO_ASSOCIATED: indicates that the IPsec-VPN connection is not associated with any resource.
bgp_configs Sequence[GetGatewayVpnAttachmentsAttachmentBgpConfig]: Bgp configuration information.- This parameter is supported when you create an vpn attachment in single-tunnel mode.
connection_status str: IPsec connection status- ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.
create_time str: The creation time of the resource
customer_gateway_id str: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
effect_immediately bool: Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:- true: immediately starts IPsec negotiations after the configuration is complete.- false (default): starts IPsec negotiations when inbound traffic is received.
enable_dpd bool: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
enable_nat_traversal bool: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
enable_tunnels_bgp bool: You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value: true or false (default).> before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
health_check_configs Sequence[GetGatewayVpnAttachmentsAttachmentHealthCheckConfig]: This parameter is supported if you create an vpn attachment in single-tunnel mode.Health check configuration information.
id str: The ID of the resource supplied above.
ike_configs Sequence[GetGatewayVpnAttachmentsAttachmentIkeConfig]: The configurations of Phase 1 negotiations. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
internet_ip str: The local internet IP in Tunnel.
ipsec_configs Sequence[GetGatewayVpnAttachmentsAttachmentIpsecConfig]: Configuration negotiated in the second stage. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
local_subnet str: The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
network_type str: network type- public (default)- private
remote_subnet str: The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
resource_group_id str: The ID of the resource group
status str: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tags Mapping[str, str]: Tags
tunnel_options_specifications Sequence[GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecification]: Configure the tunnel.-You can configure parameters in the tunnel_options_specification array when you create a vpn attachment in dual-tunnel mode.-When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment.
vpn_attachment_name str: vpn attachment name
vpn_connection_id str: The first ID of the resource

attachType String: attach type- CEN: indicates that the IPsec-VPN connection is associated with a transit router of a Cloud Enterprise Network (CEN) instance.- NO_ASSOCIATED: indicates that the IPsec-VPN connection is not associated with any resource.
bgpConfigs List<Property Map>: Bgp configuration information.- This parameter is supported when you create an vpn attachment in single-tunnel mode.
connectionStatus String: IPsec connection status- ike_sa_not_established: Phase 1 negotiations failed.- ike_sa_established: Phase 1 negotiations succeeded.- ipsec_sa_not_established: Phase 2 negotiations failed.- ipsec_sa_established: Phase 2 negotiations succeeded.
createTime String: The creation time of the resource
customerGatewayId String: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
effectImmediately Boolean: Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:- true: immediately starts IPsec negotiations after the configuration is complete.- false (default): starts IPsec negotiations when inbound traffic is received.
enableDpd Boolean: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
enableNatTraversal Boolean: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
enableTunnelsBgp Boolean: You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value: true or false (default).> before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
healthCheckConfigs List<Property Map>: This parameter is supported if you create an vpn attachment in single-tunnel mode.Health check configuration information.
id String: The ID of the resource supplied above.
ikeConfigs List<Property Map>: The configurations of Phase 1 negotiations. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
internetIp String: The local internet IP in Tunnel.
ipsecConfigs List<Property Map>: Configuration negotiated in the second stage. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
localSubnet String: The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
networkType String: network type- public (default)- private
remoteSubnet String: The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
resourceGroupId String: The ID of the resource group
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tags Map<String>: Tags
tunnelOptionsSpecifications List<Property Map>: Configure the tunnel.-You can configure parameters in the tunnel_options_specification array when you create a vpn attachment in dual-tunnel mode.-When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment.
vpnAttachmentName String: vpn attachment name
vpnConnectionId String: The first ID of the resource

GetGatewayVpnAttachmentsAttachmentBgpConfig

LocalAsn int: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
LocalBgpIp string: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
TunnelCidr string: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

LocalAsn int: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
LocalBgpIp string: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
TunnelCidr string: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

localAsn Integer: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
localBgpIp String: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tunnelCidr String: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

localAsn number: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
localBgpIp string: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tunnelCidr string: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

local_asn int: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
local_bgp_ip str: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
status str: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tunnel_cidr str: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

localAsn Number: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
localBgpIp String: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tunnelCidr String: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

GetGatewayVpnAttachmentsAttachmentHealthCheckConfig

Dip string: Target IP.
Enable bool: Whether health check is enabled:-false: not enabled. -true: enabled.
Interval int: The health check retry interval, in seconds.
Policy string: Whether to revoke the published route when the health check fails- revoke_route(default): withdraws published routes.- reserve_route: does not withdraw published routes.
Retry int: Number of retries for health check.
Sip string: SOURCE IP.
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

Dip string: Target IP.
Enable bool: Whether health check is enabled:-false: not enabled. -true: enabled.
Interval int: The health check retry interval, in seconds.
Policy string: Whether to revoke the published route when the health check fails- revoke_route(default): withdraws published routes.- reserve_route: does not withdraw published routes.
Retry int: Number of retries for health check.
Sip string: SOURCE IP.
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

dip String: Target IP.
enable Boolean: Whether health check is enabled:-false: not enabled. -true: enabled.
interval Integer: The health check retry interval, in seconds.
policy String: Whether to revoke the published route when the health check fails- revoke_route(default): withdraws published routes.- reserve_route: does not withdraw published routes.
retry Integer: Number of retries for health check.
sip String: SOURCE IP.
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

dip string: Target IP.
enable boolean: Whether health check is enabled:-false: not enabled. -true: enabled.
interval number: The health check retry interval, in seconds.
policy string: Whether to revoke the published route when the health check fails- revoke_route(default): withdraws published routes.- reserve_route: does not withdraw published routes.
retry number: Number of retries for health check.
sip string: SOURCE IP.
status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

dip str: Target IP.
enable bool: Whether health check is enabled:-false: not enabled. -true: enabled.
interval int: The health check retry interval, in seconds.
policy str: Whether to revoke the published route when the health check fails- revoke_route(default): withdraws published routes.- reserve_route: does not withdraw published routes.
retry int: Number of retries for health check.
sip str: SOURCE IP.
status str: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

dip String: Target IP.
enable Boolean: Whether health check is enabled:-false: not enabled. -true: enabled.
interval Number: The health check retry interval, in seconds.
policy String: Whether to revoke the published route when the health check fails- revoke_route(default): withdraws published routes.- reserve_route: does not withdraw published routes.
retry Number: Number of retries for health check.
sip String: SOURCE IP.
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.

GetGatewayVpnAttachmentsAttachmentIkeConfig

IkeAuthAlg string: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
IkeEncAlg string: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
IkeLifetime int: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
IkeMode string: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
IkePfs string: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
IkeVersion string: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
LocalId string: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
Psk string: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
RemoteId string: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

IkeAuthAlg string: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
IkeEncAlg string: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
IkeLifetime int: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
IkeMode string: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
IkePfs string: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
IkeVersion string: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
LocalId string: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
Psk string: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
RemoteId string: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

ikeAuthAlg String: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ikeEncAlg String: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ikeLifetime Integer: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ikeMode String: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
ikePfs String: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
ikeVersion String: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
localId String: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
psk String: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
remoteId String: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

ikeAuthAlg string: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ikeEncAlg string: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ikeLifetime number: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ikeMode string: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
ikePfs string: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
ikeVersion string: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
localId string: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
psk string: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
remoteId string: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

ike_auth_alg str: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ike_enc_alg str: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ike_lifetime int: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ike_mode str: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
ike_pfs str: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
ike_version str: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
local_id str: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
psk str: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
remote_id str: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

ikeAuthAlg String: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ikeEncAlg String: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ikeLifetime Number: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ikeMode String: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
ikePfs String: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
ikeVersion String: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
localId String: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
psk String: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
remoteId String: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

GetGatewayVpnAttachmentsAttachmentIpsecConfig

IpsecAuthAlg string: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
IpsecEncAlg string: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
IpsecLifetime int: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
IpsecPfs string: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

IpsecAuthAlg string: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
IpsecEncAlg string: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
IpsecLifetime int: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
IpsecPfs string: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

ipsecAuthAlg String: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ipsecEncAlg String: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ipsecLifetime Integer: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ipsecPfs String: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

ipsecAuthAlg string: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ipsecEncAlg string: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ipsecLifetime number: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ipsecPfs string: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

ipsec_auth_alg str: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ipsec_enc_alg str: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ipsec_lifetime int: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ipsec_pfs str: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

ipsecAuthAlg String: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ipsecEncAlg String: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ipsecLifetime Number: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ipsecPfs String: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecification

CustomerGatewayId string: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
EnableDpd bool: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
EnableNatTraversal bool: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
InternetIp string: The local internet IP in Tunnel.
Role string: The role of Tunnel.
State string: The state of Tunnel.
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
TunnelBgpConfig Pulumi.AliCloud.Vpn.Inputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfig: Add the BGP configuration for the tunnel.> After you enable the BGP function for IPsec connections (that is, specify EnableTunnelsBgp as true), you must configure this parameter.
TunnelId string: The tunnel ID of IPsec-VPN connection.
TunnelIkeConfig Pulumi.AliCloud.Vpn.Inputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfig: Configuration information for the first phase negotiation.
TunnelIndex int: The order in which the tunnel was created.-1: First tunnel.-2: The second tunnel.
TunnelIpsecConfig Pulumi.AliCloud.Vpn.Inputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfig: Configuration information for the second-stage negotiation.
ZoneNo string: The zoneNo of tunnel.

CustomerGatewayId string: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
EnableDpd bool: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
EnableNatTraversal bool: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
InternetIp string: The local internet IP in Tunnel.
Role string: The role of Tunnel.
State string: The state of Tunnel.
Status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
TunnelBgpConfig GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfig: Add the BGP configuration for the tunnel.> After you enable the BGP function for IPsec connections (that is, specify EnableTunnelsBgp as true), you must configure this parameter.
TunnelId string: The tunnel ID of IPsec-VPN connection.
TunnelIkeConfig GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfig: Configuration information for the first phase negotiation.
TunnelIndex int: The order in which the tunnel was created.-1: First tunnel.-2: The second tunnel.
TunnelIpsecConfig GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfig: Configuration information for the second-stage negotiation.
ZoneNo string: The zoneNo of tunnel.

customerGatewayId String: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
enableDpd Boolean: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
enableNatTraversal Boolean: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
internetIp String: The local internet IP in Tunnel.
role String: The role of Tunnel.
state String: The state of Tunnel.
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tunnelBgpConfig GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfig: Add the BGP configuration for the tunnel.> After you enable the BGP function for IPsec connections (that is, specify EnableTunnelsBgp as true), you must configure this parameter.
tunnelId String: The tunnel ID of IPsec-VPN connection.
tunnelIkeConfig GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfig: Configuration information for the first phase negotiation.
tunnelIndex Integer: The order in which the tunnel was created.-1: First tunnel.-2: The second tunnel.
tunnelIpsecConfig GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfig: Configuration information for the second-stage negotiation.
zoneNo String: The zoneNo of tunnel.

customerGatewayId string: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
enableDpd boolean: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
enableNatTraversal boolean: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
internetIp string: The local internet IP in Tunnel.
role string: The role of Tunnel.
state string: The state of Tunnel.
status string: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tunnelBgpConfig GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfig: Add the BGP configuration for the tunnel.> After you enable the BGP function for IPsec connections (that is, specify EnableTunnelsBgp as true), you must configure this parameter.
tunnelId string: The tunnel ID of IPsec-VPN connection.
tunnelIkeConfig GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfig: Configuration information for the first phase negotiation.
tunnelIndex number: The order in which the tunnel was created.-1: First tunnel.-2: The second tunnel.
tunnelIpsecConfig GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfig: Configuration information for the second-stage negotiation.
zoneNo string: The zoneNo of tunnel.

customer_gateway_id str: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
enable_dpd bool: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
enable_nat_traversal bool: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
internet_ip str: The local internet IP in Tunnel.
role str: The role of Tunnel.
state str: The state of Tunnel.
status str: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tunnel_bgp_config GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfig: Add the BGP configuration for the tunnel.> After you enable the BGP function for IPsec connections (that is, specify EnableTunnelsBgp as true), you must configure this parameter.
tunnel_id str: The tunnel ID of IPsec-VPN connection.
tunnel_ike_config GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfig: Configuration information for the first phase negotiation.
tunnel_index int: The order in which the tunnel was created.-1: First tunnel.-2: The second tunnel.
tunnel_ipsec_config GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfig: Configuration information for the second-stage negotiation.
zone_no str: The zoneNo of tunnel.

customerGatewayId String: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
enableDpd Boolean: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-true (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-false: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
enableNatTraversal Boolean: Whether the NAT crossing function is enabled for the tunnel. Value:-true (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-false: does not enable the NAT Traversal function.
internetIp String: The local internet IP in Tunnel.
role String: The role of Tunnel.
state String: The state of Tunnel.
status String: The status of the resource. Valid values: init, active, attaching, attached, detaching, financialLocked, provisioning, updating, upgrading, deleted.
tunnelBgpConfig Property Map: Add the BGP configuration for the tunnel.> After you enable the BGP function for IPsec connections (that is, specify EnableTunnelsBgp as true), you must configure this parameter.
tunnelId String: The tunnel ID of IPsec-VPN connection.
tunnelIkeConfig Property Map: Configuration information for the first phase negotiation.
tunnelIndex Number: The order in which the tunnel was created.-1: First tunnel.-2: The second tunnel.
tunnelIpsecConfig Property Map: Configuration information for the second-stage negotiation.
zoneNo String: The zoneNo of tunnel.

GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfig

BgpStatus string: BGP status.
LocalAsn int: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
LocalBgpIp string: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
PeerAsn string: Peer asn.
PeerBgpIp string: Peer bgp ip.
TunnelCidr string: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

BgpStatus string: BGP status.
LocalAsn int: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
LocalBgpIp string: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
PeerAsn string: Peer asn.
PeerBgpIp string: Peer bgp ip.
TunnelCidr string: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

bgpStatus String: BGP status.
localAsn Integer: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
localBgpIp String: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
peerAsn String: Peer asn.
peerBgpIp String: Peer bgp ip.
tunnelCidr String: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

bgpStatus string: BGP status.
localAsn number: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
localBgpIp string: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
peerAsn string: Peer asn.
peerBgpIp string: Peer bgp ip.
tunnelCidr string: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

bgp_status str: BGP status.
local_asn int: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
local_bgp_ip str: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
peer_asn str: Peer asn.
peer_bgp_ip str: Peer bgp ip.
tunnel_cidr str: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

bgpStatus String: BGP status.
localAsn Number: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is 1 to 4294967295. Default value: 45104.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
localBgpIp String: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
peerAsn String: Peer asn.
peerBgpIp String: Peer bgp ip.
tunnelCidr String: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.

GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfig

IkeAuthAlg string: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
IkeEncAlg string: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
IkeLifetime int: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
IkeMode string: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
IkePfs string: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
IkeVersion string: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
LocalId string: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
Psk string: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
RemoteId string: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

IkeAuthAlg string: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
IkeEncAlg string: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
IkeLifetime int: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
IkeMode string: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
IkePfs string: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
IkeVersion string: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
LocalId string: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
Psk string: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
RemoteId string: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

ikeAuthAlg String: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ikeEncAlg String: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ikeLifetime Integer: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ikeMode String: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
ikePfs String: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
ikeVersion String: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
localId String: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
psk String: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
remoteId String: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

ikeAuthAlg string: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ikeEncAlg string: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ikeLifetime number: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ikeMode string: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
ikePfs string: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
ikeVersion string: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
localId string: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
psk string: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
remoteId string: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

ike_auth_alg str: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ike_enc_alg str: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ike_lifetime int: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ike_mode str: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
ike_pfs str: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
ike_version str: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
local_id str: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
psk str: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
remote_id str: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

ikeAuthAlg String: The authentication algorithm negotiated in the first stage. Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ikeEncAlg String: The encryption algorithm negotiated in the first stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ikeLifetime Number: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ikeMode String: IKE version of the negotiation mode. Value: main or aggressive. Default value: main.-main: main mode, high security during negotiation.-aggressive: Savage mode, fast negotiation and high negotiation success rate.
ikePfs String: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: group1, group2, group5, group14.
ikeVersion String: Version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev2.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
localId String: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.LocalId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.
psk String: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! '@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
remoteId String: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- RemoteId supports the FQDN format. If you use the FQDN format, we recommend that you select aggressive (barbaric mode) as the negotiation mode.

GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfig

IpsecAuthAlg string: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
IpsecEncAlg string: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
IpsecLifetime int: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
IpsecPfs string: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

IpsecAuthAlg string: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
IpsecEncAlg string: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
IpsecLifetime int: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
IpsecPfs string: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

ipsecAuthAlg String: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ipsecEncAlg String: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ipsecLifetime Integer: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ipsecPfs String: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

ipsecAuthAlg string: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ipsecEncAlg string: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ipsecLifetime number: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ipsecPfs string: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

ipsec_auth_alg str: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ipsec_enc_alg str: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ipsec_lifetime int: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ipsec_pfs str: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

ipsecAuthAlg String: The second stage negotiated authentication algorithm.Values: md5, sha1, sha256, sha384, sha512. Default value: sha1.
ipsecEncAlg String: The encryption algorithm negotiated in the second stage. Value: aes, aes192, aes256, des, or 3des. Default value: aes.
ipsecLifetime Number: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: 0 to 86400. Default value: 86400.
ipsecPfs String: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: group2.Values: disabled, group1, group2, group5, group14.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.77.0 published on Friday, May 2, 2025 by Pulumi

pulumi/pulumi-alicloud

alicloud.vpn.getGatewayVpnAttachments

On this page

On this page

Using getGatewayVpnAttachments

getGatewayVpnAttachments Result

Supporting Types

GetGatewayVpnAttachmentsAttachment

GetGatewayVpnAttachmentsAttachmentBgpConfig

GetGatewayVpnAttachmentsAttachmentHealthCheckConfig

GetGatewayVpnAttachmentsAttachmentIkeConfig

GetGatewayVpnAttachmentsAttachmentIpsecConfig

GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecification

GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfig

GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfig

GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfig

Package Details

On this page

On this page