tencentcloud 1.81.189, Apr 30 25

tencentcloud 1.81.189 published on Wednesday, Apr 30, 2025 by tencentcloudstack

tencentcloudstack/terraform-provider-tencentcloud

tencentcloud.VpnConnection

Explore with Pulumi AI

tencentcloud 1.81.189 published on Wednesday, Apr 30, 2025 by tencentcloudstack

tencentcloudstack/terraform-provider-tencentcloud

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";

const example = new tencentcloud.VpnConnection("example", {
    customerGatewayId: "cgw-e503id2z",
    enableHealthCheck: true,
    healthCheckConfig: {
        probeInterval: 5000,
        probeThreshold: 3,
        probeTimeout: 150,
        probeType: "NQA",
    },
    healthCheckLocalIp: "169.254.227.187",
    healthCheckRemoteIp: "169.254.164.37",
    ikeDhGroupName: "GROUP2",
    ikeExchangeMode: "AGGRESSIVE",
    ikeLocalAddress: "159.75.204.38",
    ikeLocalIdentity: "ADDRESS",
    ikeProtoAuthenAlgorithm: "SHA",
    ikeProtoEncryAlgorithm: "3DES-CBC",
    ikeRemoteAddress: "109.244.60.154",
    ikeRemoteIdentity: "ADDRESS",
    ikeSaLifetimeSeconds: 86400,
    ipsecEncryptAlgorithm: "3DES-CBC",
    ipsecIntegrityAlgorithm: "SHA1",
    ipsecPfsDhGroup: "NULL",
    ipsecSaLifetimeSeconds: 14400,
    ipsecSaLifetimeTraffic: 4096000000,
    negotiationType: "flowTrigger",
    preShareKey: "your_pre_share_key",
    routeType: "StaticRoute",
    securityGroupPolicies: [{
        localCidrBlock: "172.16.0.0/16",
        remoteCidrBlocks: ["2.2.2.0/26"],
    }],
    tags: {
        createBy: "Terraform",
    },
    vpcId: "vpc-6ccw0s5l",
    vpnGatewayId: "vpngw-33p5vnwd",
});

import pulumi
import pulumi_tencentcloud as tencentcloud

example = tencentcloud.VpnConnection("example",
    customer_gateway_id="cgw-e503id2z",
    enable_health_check=True,
    health_check_config={
        "probe_interval": 5000,
        "probe_threshold": 3,
        "probe_timeout": 150,
        "probe_type": "NQA",
    },
    health_check_local_ip="169.254.227.187",
    health_check_remote_ip="169.254.164.37",
    ike_dh_group_name="GROUP2",
    ike_exchange_mode="AGGRESSIVE",
    ike_local_address="159.75.204.38",
    ike_local_identity="ADDRESS",
    ike_proto_authen_algorithm="SHA",
    ike_proto_encry_algorithm="3DES-CBC",
    ike_remote_address="109.244.60.154",
    ike_remote_identity="ADDRESS",
    ike_sa_lifetime_seconds=86400,
    ipsec_encrypt_algorithm="3DES-CBC",
    ipsec_integrity_algorithm="SHA1",
    ipsec_pfs_dh_group="NULL",
    ipsec_sa_lifetime_seconds=14400,
    ipsec_sa_lifetime_traffic=4096000000,
    negotiation_type="flowTrigger",
    pre_share_key="your_pre_share_key",
    route_type="StaticRoute",
    security_group_policies=[{
        "local_cidr_block": "172.16.0.0/16",
        "remote_cidr_blocks": ["2.2.2.0/26"],
    }],
    tags={
        "createBy": "Terraform",
    },
    vpc_id="vpc-6ccw0s5l",
    vpn_gateway_id="vpngw-33p5vnwd")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tencentcloud.NewVpnConnection(ctx, "example", &tencentcloud.VpnConnectionArgs{
			CustomerGatewayId: pulumi.String("cgw-e503id2z"),
			EnableHealthCheck: pulumi.Bool(true),
			HealthCheckConfig: &tencentcloud.VpnConnectionHealthCheckConfigArgs{
				ProbeInterval:  pulumi.Float64(5000),
				ProbeThreshold: pulumi.Float64(3),
				ProbeTimeout:   pulumi.Float64(150),
				ProbeType:      pulumi.String("NQA"),
			},
			HealthCheckLocalIp:      pulumi.String("169.254.227.187"),
			HealthCheckRemoteIp:     pulumi.String("169.254.164.37"),
			IkeDhGroupName:          pulumi.String("GROUP2"),
			IkeExchangeMode:         pulumi.String("AGGRESSIVE"),
			IkeLocalAddress:         pulumi.String("159.75.204.38"),
			IkeLocalIdentity:        pulumi.String("ADDRESS"),
			IkeProtoAuthenAlgorithm: pulumi.String("SHA"),
			IkeProtoEncryAlgorithm:  pulumi.String("3DES-CBC"),
			IkeRemoteAddress:        pulumi.String("109.244.60.154"),
			IkeRemoteIdentity:       pulumi.String("ADDRESS"),
			IkeSaLifetimeSeconds:    pulumi.Float64(86400),
			IpsecEncryptAlgorithm:   pulumi.String("3DES-CBC"),
			IpsecIntegrityAlgorithm: pulumi.String("SHA1"),
			IpsecPfsDhGroup:         pulumi.String("NULL"),
			IpsecSaLifetimeSeconds:  pulumi.Float64(14400),
			IpsecSaLifetimeTraffic:  pulumi.Float64(4096000000),
			NegotiationType:         pulumi.String("flowTrigger"),
			PreShareKey:             pulumi.String("your_pre_share_key"),
			RouteType:               pulumi.String("StaticRoute"),
			SecurityGroupPolicies: tencentcloud.VpnConnectionSecurityGroupPolicyArray{
				&tencentcloud.VpnConnectionSecurityGroupPolicyArgs{
					LocalCidrBlock: pulumi.String("172.16.0.0/16"),
					RemoteCidrBlocks: pulumi.StringArray{
						pulumi.String("2.2.2.0/26"),
					},
				},
			},
			Tags: pulumi.StringMap{
				"createBy": pulumi.String("Terraform"),
			},
			VpcId:        pulumi.String("vpc-6ccw0s5l"),
			VpnGatewayId: pulumi.String("vpngw-33p5vnwd"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;

return await Deployment.RunAsync(() => 
{
    var example = new Tencentcloud.VpnConnection("example", new()
    {
        CustomerGatewayId = "cgw-e503id2z",
        EnableHealthCheck = true,
        HealthCheckConfig = new Tencentcloud.Inputs.VpnConnectionHealthCheckConfigArgs
        {
            ProbeInterval = 5000,
            ProbeThreshold = 3,
            ProbeTimeout = 150,
            ProbeType = "NQA",
        },
        HealthCheckLocalIp = "169.254.227.187",
        HealthCheckRemoteIp = "169.254.164.37",
        IkeDhGroupName = "GROUP2",
        IkeExchangeMode = "AGGRESSIVE",
        IkeLocalAddress = "159.75.204.38",
        IkeLocalIdentity = "ADDRESS",
        IkeProtoAuthenAlgorithm = "SHA",
        IkeProtoEncryAlgorithm = "3DES-CBC",
        IkeRemoteAddress = "109.244.60.154",
        IkeRemoteIdentity = "ADDRESS",
        IkeSaLifetimeSeconds = 86400,
        IpsecEncryptAlgorithm = "3DES-CBC",
        IpsecIntegrityAlgorithm = "SHA1",
        IpsecPfsDhGroup = "NULL",
        IpsecSaLifetimeSeconds = 14400,
        IpsecSaLifetimeTraffic = 4096000000,
        NegotiationType = "flowTrigger",
        PreShareKey = "your_pre_share_key",
        RouteType = "StaticRoute",
        SecurityGroupPolicies = new[]
        {
            new Tencentcloud.Inputs.VpnConnectionSecurityGroupPolicyArgs
            {
                LocalCidrBlock = "172.16.0.0/16",
                RemoteCidrBlocks = new[]
                {
                    "2.2.2.0/26",
                },
            },
        },
        Tags = 
        {
            { "createBy", "Terraform" },
        },
        VpcId = "vpc-6ccw0s5l",
        VpnGatewayId = "vpngw-33p5vnwd",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.VpnConnection;
import com.pulumi.tencentcloud.VpnConnectionArgs;
import com.pulumi.tencentcloud.inputs.VpnConnectionHealthCheckConfigArgs;
import com.pulumi.tencentcloud.inputs.VpnConnectionSecurityGroupPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new VpnConnection("example", VpnConnectionArgs.builder()
            .customerGatewayId("cgw-e503id2z")
            .enableHealthCheck(true)
            .healthCheckConfig(VpnConnectionHealthCheckConfigArgs.builder()
                .probeInterval(5000)
                .probeThreshold(3)
                .probeTimeout(150)
                .probeType("NQA")
                .build())
            .healthCheckLocalIp("169.254.227.187")
            .healthCheckRemoteIp("169.254.164.37")
            .ikeDhGroupName("GROUP2")
            .ikeExchangeMode("AGGRESSIVE")
            .ikeLocalAddress("159.75.204.38")
            .ikeLocalIdentity("ADDRESS")
            .ikeProtoAuthenAlgorithm("SHA")
            .ikeProtoEncryAlgorithm("3DES-CBC")
            .ikeRemoteAddress("109.244.60.154")
            .ikeRemoteIdentity("ADDRESS")
            .ikeSaLifetimeSeconds(86400)
            .ipsecEncryptAlgorithm("3DES-CBC")
            .ipsecIntegrityAlgorithm("SHA1")
            .ipsecPfsDhGroup("NULL")
            .ipsecSaLifetimeSeconds(14400)
            .ipsecSaLifetimeTraffic(4096000000)
            .negotiationType("flowTrigger")
            .preShareKey("your_pre_share_key")
            .routeType("StaticRoute")
            .securityGroupPolicies(VpnConnectionSecurityGroupPolicyArgs.builder()
                .localCidrBlock("172.16.0.0/16")
                .remoteCidrBlocks("2.2.2.0/26")
                .build())
            .tags(Map.of("createBy", "Terraform"))
            .vpcId("vpc-6ccw0s5l")
            .vpnGatewayId("vpngw-33p5vnwd")
            .build());

    }
}

resources:
  example:
    type: tencentcloud:VpnConnection
    properties:
      customerGatewayId: cgw-e503id2z
      # health check setting
      enableHealthCheck: true
      healthCheckConfig:
        probeInterval: 5000
        probeThreshold: 3
        probeTimeout: 150
        probeType: NQA
      healthCheckLocalIp: 169.254.227.187
      healthCheckRemoteIp: 169.254.164.37
      ikeDhGroupName: GROUP2
      ikeExchangeMode: AGGRESSIVE
      ikeLocalAddress: 159.75.204.38
      ikeLocalIdentity: ADDRESS
      ikeProtoAuthenAlgorithm: SHA
      # IKE setting
      ikeProtoEncryAlgorithm: 3DES-CBC
      ikeRemoteAddress: 109.244.60.154
      ikeRemoteIdentity: ADDRESS
      ikeSaLifetimeSeconds: 86400
      # IPSEC setting
      ipsecEncryptAlgorithm: 3DES-CBC
      ipsecIntegrityAlgorithm: SHA1
      ipsecPfsDhGroup: NULL
      ipsecSaLifetimeSeconds: 14400
      ipsecSaLifetimeTraffic: 4.096e+09
      negotiationType: flowTrigger
      preShareKey: your_pre_share_key
      routeType: StaticRoute
      securityGroupPolicies:
        - localCidrBlock: 172.16.0.0/16
          remoteCidrBlocks:
            - 2.2.2.0/26
      tags:
        createBy: Terraform
      vpcId: vpc-6ccw0s5l
      vpnGatewayId: vpngw-33p5vnwd

Create VpnConnection Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new VpnConnection(name: string, args: VpnConnectionArgs, opts?: CustomResourceOptions);

@overload
def VpnConnection(resource_name: str,
                  args: VpnConnectionArgs,
                  opts: Optional[ResourceOptions] = None)

@overload
def VpnConnection(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  pre_share_key: Optional[str] = None,
                  customer_gateway_id: Optional[str] = None,
                  vpn_gateway_id: Optional[str] = None,
                  ike_remote_address: Optional[str] = None,
                  ike_version: Optional[str] = None,
                  enable_health_check: Optional[bool] = None,
                  health_check_config: Optional[VpnConnectionHealthCheckConfigArgs] = None,
                  health_check_local_ip: Optional[str] = None,
                  health_check_remote_ip: Optional[str] = None,
                  ike_dh_group_name: Optional[str] = None,
                  ike_exchange_mode: Optional[str] = None,
                  ike_sa_lifetime_seconds: Optional[float] = None,
                  ike_local_fqdn_name: Optional[str] = None,
                  ike_local_identity: Optional[str] = None,
                  ike_proto_authen_algorithm: Optional[str] = None,
                  ike_proto_encry_algorithm: Optional[str] = None,
                  bgp_config: Optional[VpnConnectionBgpConfigArgs] = None,
                  dpd_timeout: Optional[float] = None,
                  ike_remote_fqdn_name: Optional[str] = None,
                  ike_local_address: Optional[str] = None,
                  ike_remote_identity: Optional[str] = None,
                  ipsec_encrypt_algorithm: Optional[str] = None,
                  ipsec_integrity_algorithm: Optional[str] = None,
                  ipsec_pfs_dh_group: Optional[str] = None,
                  ipsec_sa_lifetime_seconds: Optional[float] = None,
                  ipsec_sa_lifetime_traffic: Optional[float] = None,
                  name: Optional[str] = None,
                  negotiation_type: Optional[str] = None,
                  dpd_enable: Optional[float] = None,
                  route_type: Optional[str] = None,
                  security_group_policies: Optional[Sequence[VpnConnectionSecurityGroupPolicyArgs]] = None,
                  tags: Optional[Mapping[str, str]] = None,
                  vpc_id: Optional[str] = None,
                  vpn_connection_id: Optional[str] = None,
                  dpd_action: Optional[str] = None)

func NewVpnConnection(ctx *Context, name string, args VpnConnectionArgs, opts ...ResourceOption) (*VpnConnection, error)

public VpnConnection(string name, VpnConnectionArgs args, CustomResourceOptions? opts = null)

public VpnConnection(String name, VpnConnectionArgs args)
public VpnConnection(String name, VpnConnectionArgs args, CustomResourceOptions options)

type: tencentcloud:VpnConnection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args VpnConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args VpnConnectionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args VpnConnectionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VpnConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args VpnConnectionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

VpnConnection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The VpnConnection resource accepts the following input properties:

CustomerGatewayId string: ID of the customer gateway.
PreShareKey string: Pre-shared key of the VPN connection.
VpnGatewayId string: ID of the VPN gateway.
BgpConfig VpnConnectionBgpConfig: BGP config.
DpdAction string: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
DpdEnable double: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
DpdTimeout double: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
EnableHealthCheck bool: Whether intra-tunnel health checks are supported.
HealthCheckConfig VpnConnectionHealthCheckConfig: VPN channel health check configuration.
HealthCheckLocalIp string: Health check the address of this terminal.
HealthCheckRemoteIp string: Health check peer address.
IkeDhGroupName string: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
IkeExchangeMode string: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
IkeLocalAddress string: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
IkeLocalFqdnName string: Local FQDN name of the IKE operation specification.
IkeLocalIdentity string: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
IkeProtoAuthenAlgorithm string: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
IkeProtoEncryAlgorithm string: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
IkeRemoteAddress string: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
IkeRemoteFqdnName string: Remote FQDN name of the IKE operation specification.
IkeRemoteIdentity string: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
IkeSaLifetimeSeconds double: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
IkeVersion string: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
IpsecEncryptAlgorithm string: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
IpsecIntegrityAlgorithm string: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
IpsecPfsDhGroup string: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
IpsecSaLifetimeSeconds double: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
IpsecSaLifetimeTraffic double: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
Name string: Name of the VPN connection. The length of character is limited to 1-60.
NegotiationType string: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
RouteType string: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
SecurityGroupPolicies List<VpnConnectionSecurityGroupPolicy>: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
Tags Dictionary<string, string>: A list of tags used to associate different resources.
VpcId string: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
VpnConnectionId string: ID of the resource.

CustomerGatewayId string: ID of the customer gateway.
PreShareKey string: Pre-shared key of the VPN connection.
VpnGatewayId string: ID of the VPN gateway.
BgpConfig VpnConnectionBgpConfigArgs: BGP config.
DpdAction string: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
DpdEnable float64: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
DpdTimeout float64: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
EnableHealthCheck bool: Whether intra-tunnel health checks are supported.
HealthCheckConfig VpnConnectionHealthCheckConfigArgs: VPN channel health check configuration.
HealthCheckLocalIp string: Health check the address of this terminal.
HealthCheckRemoteIp string: Health check peer address.
IkeDhGroupName string: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
IkeExchangeMode string: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
IkeLocalAddress string: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
IkeLocalFqdnName string: Local FQDN name of the IKE operation specification.
IkeLocalIdentity string: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
IkeProtoAuthenAlgorithm string: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
IkeProtoEncryAlgorithm string: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
IkeRemoteAddress string: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
IkeRemoteFqdnName string: Remote FQDN name of the IKE operation specification.
IkeRemoteIdentity string: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
IkeSaLifetimeSeconds float64: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
IkeVersion string: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
IpsecEncryptAlgorithm string: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
IpsecIntegrityAlgorithm string: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
IpsecPfsDhGroup string: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
IpsecSaLifetimeSeconds float64: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
IpsecSaLifetimeTraffic float64: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
Name string: Name of the VPN connection. The length of character is limited to 1-60.
NegotiationType string: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
RouteType string: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
SecurityGroupPolicies []VpnConnectionSecurityGroupPolicyArgs: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
Tags map[string]string: A list of tags used to associate different resources.
VpcId string: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
VpnConnectionId string: ID of the resource.

customerGatewayId String: ID of the customer gateway.
preShareKey String: Pre-shared key of the VPN connection.
vpnGatewayId String: ID of the VPN gateway.
bgpConfig VpnConnectionBgpConfig: BGP config.
dpdAction String: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
dpdEnable Double: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
dpdTimeout Double: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
enableHealthCheck Boolean: Whether intra-tunnel health checks are supported.
healthCheckConfig VpnConnectionHealthCheckConfig: VPN channel health check configuration.
healthCheckLocalIp String: Health check the address of this terminal.
healthCheckRemoteIp String: Health check peer address.
ikeDhGroupName String: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
ikeExchangeMode String: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
ikeLocalAddress String: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
ikeLocalFqdnName String: Local FQDN name of the IKE operation specification.
ikeLocalIdentity String: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeProtoAuthenAlgorithm String: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
ikeProtoEncryAlgorithm String: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ikeRemoteAddress String: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
ikeRemoteFqdnName String: Remote FQDN name of the IKE operation specification.
ikeRemoteIdentity String: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeSaLifetimeSeconds Double: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
ikeVersion String: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
ipsecEncryptAlgorithm String: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ipsecIntegrityAlgorithm String: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
ipsecPfsDhGroup String: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
ipsecSaLifetimeSeconds Double: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
ipsecSaLifetimeTraffic Double: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
name String: Name of the VPN connection. The length of character is limited to 1-60.
negotiationType String: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
routeType String: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
securityGroupPolicies List<VpnConnectionSecurityGroupPolicy>: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
tags Map<String,String>: A list of tags used to associate different resources.
vpcId String: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
vpnConnectionId String: ID of the resource.

customerGatewayId string: ID of the customer gateway.
preShareKey string: Pre-shared key of the VPN connection.
vpnGatewayId string: ID of the VPN gateway.
bgpConfig VpnConnectionBgpConfig: BGP config.
dpdAction string: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
dpdEnable number: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
dpdTimeout number: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
enableHealthCheck boolean: Whether intra-tunnel health checks are supported.
healthCheckConfig VpnConnectionHealthCheckConfig: VPN channel health check configuration.
healthCheckLocalIp string: Health check the address of this terminal.
healthCheckRemoteIp string: Health check peer address.
ikeDhGroupName string: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
ikeExchangeMode string: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
ikeLocalAddress string: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
ikeLocalFqdnName string: Local FQDN name of the IKE operation specification.
ikeLocalIdentity string: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeProtoAuthenAlgorithm string: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
ikeProtoEncryAlgorithm string: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ikeRemoteAddress string: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
ikeRemoteFqdnName string: Remote FQDN name of the IKE operation specification.
ikeRemoteIdentity string: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeSaLifetimeSeconds number: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
ikeVersion string: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
ipsecEncryptAlgorithm string: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ipsecIntegrityAlgorithm string: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
ipsecPfsDhGroup string: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
ipsecSaLifetimeSeconds number: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
ipsecSaLifetimeTraffic number: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
name string: Name of the VPN connection. The length of character is limited to 1-60.
negotiationType string: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
routeType string: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
securityGroupPolicies VpnConnectionSecurityGroupPolicy[]: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
tags {[key: string]: string}: A list of tags used to associate different resources.
vpcId string: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
vpnConnectionId string: ID of the resource.

customer_gateway_id str: ID of the customer gateway.
pre_share_key str: Pre-shared key of the VPN connection.
vpn_gateway_id str: ID of the VPN gateway.
bgp_config VpnConnectionBgpConfigArgs: BGP config.
dpd_action str: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
dpd_enable float: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
dpd_timeout float: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
enable_health_check bool: Whether intra-tunnel health checks are supported.
health_check_config VpnConnectionHealthCheckConfigArgs: VPN channel health check configuration.
health_check_local_ip str: Health check the address of this terminal.
health_check_remote_ip str: Health check peer address.
ike_dh_group_name str: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
ike_exchange_mode str: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
ike_local_address str: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
ike_local_fqdn_name str: Local FQDN name of the IKE operation specification.
ike_local_identity str: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ike_proto_authen_algorithm str: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
ike_proto_encry_algorithm str: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ike_remote_address str: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
ike_remote_fqdn_name str: Remote FQDN name of the IKE operation specification.
ike_remote_identity str: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ike_sa_lifetime_seconds float: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
ike_version str: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
ipsec_encrypt_algorithm str: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ipsec_integrity_algorithm str: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
ipsec_pfs_dh_group str: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
ipsec_sa_lifetime_seconds float: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
ipsec_sa_lifetime_traffic float: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
name str: Name of the VPN connection. The length of character is limited to 1-60.
negotiation_type str: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
route_type str: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
security_group_policies Sequence[VpnConnectionSecurityGroupPolicyArgs]: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
tags Mapping[str, str]: A list of tags used to associate different resources.
vpc_id str: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
vpn_connection_id str: ID of the resource.

customerGatewayId String: ID of the customer gateway.
preShareKey String: Pre-shared key of the VPN connection.
vpnGatewayId String: ID of the VPN gateway.
bgpConfig Property Map: BGP config.
dpdAction String: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
dpdEnable Number: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
dpdTimeout Number: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
enableHealthCheck Boolean: Whether intra-tunnel health checks are supported.
healthCheckConfig Property Map: VPN channel health check configuration.
healthCheckLocalIp String: Health check the address of this terminal.
healthCheckRemoteIp String: Health check peer address.
ikeDhGroupName String: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
ikeExchangeMode String: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
ikeLocalAddress String: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
ikeLocalFqdnName String: Local FQDN name of the IKE operation specification.
ikeLocalIdentity String: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeProtoAuthenAlgorithm String: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
ikeProtoEncryAlgorithm String: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ikeRemoteAddress String: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
ikeRemoteFqdnName String: Remote FQDN name of the IKE operation specification.
ikeRemoteIdentity String: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeSaLifetimeSeconds Number: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
ikeVersion String: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
ipsecEncryptAlgorithm String: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ipsecIntegrityAlgorithm String: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
ipsecPfsDhGroup String: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
ipsecSaLifetimeSeconds Number: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
ipsecSaLifetimeTraffic Number: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
name String: Name of the VPN connection. The length of character is limited to 1-60.
negotiationType String: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
routeType String: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
securityGroupPolicies List<Property Map>: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
tags Map<String>: A list of tags used to associate different resources.
vpcId String: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
vpnConnectionId String: ID of the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the VpnConnection resource produces the following output properties:

CreateTime string: Create time of the VPN connection.
EncryptProto string: Encrypt proto of the VPN connection.
Id string: The provider-assigned unique ID for this managed resource.
IsCcnType bool: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
NetStatus string: Net status of the VPN connection. Valid value: AVAILABLE.
State string: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
VpnProto string: Vpn proto of the VPN connection.

CreateTime string: Create time of the VPN connection.
EncryptProto string: Encrypt proto of the VPN connection.
Id string: The provider-assigned unique ID for this managed resource.
IsCcnType bool: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
NetStatus string: Net status of the VPN connection. Valid value: AVAILABLE.
State string: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
VpnProto string: Vpn proto of the VPN connection.

createTime String: Create time of the VPN connection.
encryptProto String: Encrypt proto of the VPN connection.
id String: The provider-assigned unique ID for this managed resource.
isCcnType Boolean: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
netStatus String: Net status of the VPN connection. Valid value: AVAILABLE.
state String: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
vpnProto String: Vpn proto of the VPN connection.

createTime string: Create time of the VPN connection.
encryptProto string: Encrypt proto of the VPN connection.
id string: The provider-assigned unique ID for this managed resource.
isCcnType boolean: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
netStatus string: Net status of the VPN connection. Valid value: AVAILABLE.
state string: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
vpnProto string: Vpn proto of the VPN connection.

create_time str: Create time of the VPN connection.
encrypt_proto str: Encrypt proto of the VPN connection.
id str: The provider-assigned unique ID for this managed resource.
is_ccn_type bool: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
net_status str: Net status of the VPN connection. Valid value: AVAILABLE.
state str: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
vpn_proto str: Vpn proto of the VPN connection.

createTime String: Create time of the VPN connection.
encryptProto String: Encrypt proto of the VPN connection.
id String: The provider-assigned unique ID for this managed resource.
isCcnType Boolean: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
netStatus String: Net status of the VPN connection. Valid value: AVAILABLE.
state String: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
vpnProto String: Vpn proto of the VPN connection.

Look up Existing VpnConnection Resource

Get an existing VpnConnection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VpnConnectionState, opts?: CustomResourceOptions): VpnConnection

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        bgp_config: Optional[VpnConnectionBgpConfigArgs] = None,
        create_time: Optional[str] = None,
        customer_gateway_id: Optional[str] = None,
        dpd_action: Optional[str] = None,
        dpd_enable: Optional[float] = None,
        dpd_timeout: Optional[float] = None,
        enable_health_check: Optional[bool] = None,
        encrypt_proto: Optional[str] = None,
        health_check_config: Optional[VpnConnectionHealthCheckConfigArgs] = None,
        health_check_local_ip: Optional[str] = None,
        health_check_remote_ip: Optional[str] = None,
        ike_dh_group_name: Optional[str] = None,
        ike_exchange_mode: Optional[str] = None,
        ike_local_address: Optional[str] = None,
        ike_local_fqdn_name: Optional[str] = None,
        ike_local_identity: Optional[str] = None,
        ike_proto_authen_algorithm: Optional[str] = None,
        ike_proto_encry_algorithm: Optional[str] = None,
        ike_remote_address: Optional[str] = None,
        ike_remote_fqdn_name: Optional[str] = None,
        ike_remote_identity: Optional[str] = None,
        ike_sa_lifetime_seconds: Optional[float] = None,
        ike_version: Optional[str] = None,
        ipsec_encrypt_algorithm: Optional[str] = None,
        ipsec_integrity_algorithm: Optional[str] = None,
        ipsec_pfs_dh_group: Optional[str] = None,
        ipsec_sa_lifetime_seconds: Optional[float] = None,
        ipsec_sa_lifetime_traffic: Optional[float] = None,
        is_ccn_type: Optional[bool] = None,
        name: Optional[str] = None,
        negotiation_type: Optional[str] = None,
        net_status: Optional[str] = None,
        pre_share_key: Optional[str] = None,
        route_type: Optional[str] = None,
        security_group_policies: Optional[Sequence[VpnConnectionSecurityGroupPolicyArgs]] = None,
        state: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        vpc_id: Optional[str] = None,
        vpn_connection_id: Optional[str] = None,
        vpn_gateway_id: Optional[str] = None,
        vpn_proto: Optional[str] = None) -> VpnConnection

func GetVpnConnection(ctx *Context, name string, id IDInput, state *VpnConnectionState, opts ...ResourceOption) (*VpnConnection, error)

public static VpnConnection Get(string name, Input<string> id, VpnConnectionState? state, CustomResourceOptions? opts = null)

public static VpnConnection get(String name, Output<String> id, VpnConnectionState state, CustomResourceOptions options)

resources:  _:    type: tencentcloud:VpnConnection    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

BgpConfig VpnConnectionBgpConfig: BGP config.
CreateTime string: Create time of the VPN connection.
CustomerGatewayId string: ID of the customer gateway.
DpdAction string: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
DpdEnable double: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
DpdTimeout double: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
EnableHealthCheck bool: Whether intra-tunnel health checks are supported.
EncryptProto string: Encrypt proto of the VPN connection.
HealthCheckConfig VpnConnectionHealthCheckConfig: VPN channel health check configuration.
HealthCheckLocalIp string: Health check the address of this terminal.
HealthCheckRemoteIp string: Health check peer address.
IkeDhGroupName string: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
IkeExchangeMode string: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
IkeLocalAddress string: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
IkeLocalFqdnName string: Local FQDN name of the IKE operation specification.
IkeLocalIdentity string: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
IkeProtoAuthenAlgorithm string: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
IkeProtoEncryAlgorithm string: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
IkeRemoteAddress string: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
IkeRemoteFqdnName string: Remote FQDN name of the IKE operation specification.
IkeRemoteIdentity string: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
IkeSaLifetimeSeconds double: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
IkeVersion string: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
IpsecEncryptAlgorithm string: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
IpsecIntegrityAlgorithm string: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
IpsecPfsDhGroup string: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
IpsecSaLifetimeSeconds double: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
IpsecSaLifetimeTraffic double: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
IsCcnType bool: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
Name string: Name of the VPN connection. The length of character is limited to 1-60.
NegotiationType string: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
NetStatus string: Net status of the VPN connection. Valid value: AVAILABLE.
PreShareKey string: Pre-shared key of the VPN connection.
RouteType string: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
SecurityGroupPolicies List<VpnConnectionSecurityGroupPolicy>: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
State string: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
Tags Dictionary<string, string>: A list of tags used to associate different resources.
VpcId string: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
VpnConnectionId string: ID of the resource.
VpnGatewayId string: ID of the VPN gateway.
VpnProto string: Vpn proto of the VPN connection.

BgpConfig VpnConnectionBgpConfigArgs: BGP config.
CreateTime string: Create time of the VPN connection.
CustomerGatewayId string: ID of the customer gateway.
DpdAction string: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
DpdEnable float64: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
DpdTimeout float64: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
EnableHealthCheck bool: Whether intra-tunnel health checks are supported.
EncryptProto string: Encrypt proto of the VPN connection.
HealthCheckConfig VpnConnectionHealthCheckConfigArgs: VPN channel health check configuration.
HealthCheckLocalIp string: Health check the address of this terminal.
HealthCheckRemoteIp string: Health check peer address.
IkeDhGroupName string: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
IkeExchangeMode string: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
IkeLocalAddress string: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
IkeLocalFqdnName string: Local FQDN name of the IKE operation specification.
IkeLocalIdentity string: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
IkeProtoAuthenAlgorithm string: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
IkeProtoEncryAlgorithm string: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
IkeRemoteAddress string: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
IkeRemoteFqdnName string: Remote FQDN name of the IKE operation specification.
IkeRemoteIdentity string: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
IkeSaLifetimeSeconds float64: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
IkeVersion string: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
IpsecEncryptAlgorithm string: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
IpsecIntegrityAlgorithm string: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
IpsecPfsDhGroup string: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
IpsecSaLifetimeSeconds float64: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
IpsecSaLifetimeTraffic float64: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
IsCcnType bool: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
Name string: Name of the VPN connection. The length of character is limited to 1-60.
NegotiationType string: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
NetStatus string: Net status of the VPN connection. Valid value: AVAILABLE.
PreShareKey string: Pre-shared key of the VPN connection.
RouteType string: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
SecurityGroupPolicies []VpnConnectionSecurityGroupPolicyArgs: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
State string: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
Tags map[string]string: A list of tags used to associate different resources.
VpcId string: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
VpnConnectionId string: ID of the resource.
VpnGatewayId string: ID of the VPN gateway.
VpnProto string: Vpn proto of the VPN connection.

bgpConfig VpnConnectionBgpConfig: BGP config.
createTime String: Create time of the VPN connection.
customerGatewayId String: ID of the customer gateway.
dpdAction String: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
dpdEnable Double: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
dpdTimeout Double: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
enableHealthCheck Boolean: Whether intra-tunnel health checks are supported.
encryptProto String: Encrypt proto of the VPN connection.
healthCheckConfig VpnConnectionHealthCheckConfig: VPN channel health check configuration.
healthCheckLocalIp String: Health check the address of this terminal.
healthCheckRemoteIp String: Health check peer address.
ikeDhGroupName String: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
ikeExchangeMode String: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
ikeLocalAddress String: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
ikeLocalFqdnName String: Local FQDN name of the IKE operation specification.
ikeLocalIdentity String: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeProtoAuthenAlgorithm String: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
ikeProtoEncryAlgorithm String: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ikeRemoteAddress String: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
ikeRemoteFqdnName String: Remote FQDN name of the IKE operation specification.
ikeRemoteIdentity String: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeSaLifetimeSeconds Double: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
ikeVersion String: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
ipsecEncryptAlgorithm String: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ipsecIntegrityAlgorithm String: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
ipsecPfsDhGroup String: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
ipsecSaLifetimeSeconds Double: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
ipsecSaLifetimeTraffic Double: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
isCcnType Boolean: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
name String: Name of the VPN connection. The length of character is limited to 1-60.
negotiationType String: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
netStatus String: Net status of the VPN connection. Valid value: AVAILABLE.
preShareKey String: Pre-shared key of the VPN connection.
routeType String: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
securityGroupPolicies List<VpnConnectionSecurityGroupPolicy>: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
state String: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
tags Map<String,String>: A list of tags used to associate different resources.
vpcId String: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
vpnConnectionId String: ID of the resource.
vpnGatewayId String: ID of the VPN gateway.
vpnProto String: Vpn proto of the VPN connection.

bgpConfig VpnConnectionBgpConfig: BGP config.
createTime string: Create time of the VPN connection.
customerGatewayId string: ID of the customer gateway.
dpdAction string: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
dpdEnable number: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
dpdTimeout number: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
enableHealthCheck boolean: Whether intra-tunnel health checks are supported.
encryptProto string: Encrypt proto of the VPN connection.
healthCheckConfig VpnConnectionHealthCheckConfig: VPN channel health check configuration.
healthCheckLocalIp string: Health check the address of this terminal.
healthCheckRemoteIp string: Health check peer address.
ikeDhGroupName string: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
ikeExchangeMode string: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
ikeLocalAddress string: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
ikeLocalFqdnName string: Local FQDN name of the IKE operation specification.
ikeLocalIdentity string: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeProtoAuthenAlgorithm string: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
ikeProtoEncryAlgorithm string: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ikeRemoteAddress string: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
ikeRemoteFqdnName string: Remote FQDN name of the IKE operation specification.
ikeRemoteIdentity string: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeSaLifetimeSeconds number: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
ikeVersion string: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
ipsecEncryptAlgorithm string: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ipsecIntegrityAlgorithm string: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
ipsecPfsDhGroup string: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
ipsecSaLifetimeSeconds number: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
ipsecSaLifetimeTraffic number: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
isCcnType boolean: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
name string: Name of the VPN connection. The length of character is limited to 1-60.
negotiationType string: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
netStatus string: Net status of the VPN connection. Valid value: AVAILABLE.
preShareKey string: Pre-shared key of the VPN connection.
routeType string: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
securityGroupPolicies VpnConnectionSecurityGroupPolicy[]: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
state string: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
tags {[key: string]: string}: A list of tags used to associate different resources.
vpcId string: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
vpnConnectionId string: ID of the resource.
vpnGatewayId string: ID of the VPN gateway.
vpnProto string: Vpn proto of the VPN connection.

bgp_config VpnConnectionBgpConfigArgs: BGP config.
create_time str: Create time of the VPN connection.
customer_gateway_id str: ID of the customer gateway.
dpd_action str: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
dpd_enable float: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
dpd_timeout float: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
enable_health_check bool: Whether intra-tunnel health checks are supported.
encrypt_proto str: Encrypt proto of the VPN connection.
health_check_config VpnConnectionHealthCheckConfigArgs: VPN channel health check configuration.
health_check_local_ip str: Health check the address of this terminal.
health_check_remote_ip str: Health check peer address.
ike_dh_group_name str: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
ike_exchange_mode str: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
ike_local_address str: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
ike_local_fqdn_name str: Local FQDN name of the IKE operation specification.
ike_local_identity str: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ike_proto_authen_algorithm str: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
ike_proto_encry_algorithm str: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ike_remote_address str: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
ike_remote_fqdn_name str: Remote FQDN name of the IKE operation specification.
ike_remote_identity str: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ike_sa_lifetime_seconds float: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
ike_version str: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
ipsec_encrypt_algorithm str: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ipsec_integrity_algorithm str: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
ipsec_pfs_dh_group str: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
ipsec_sa_lifetime_seconds float: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
ipsec_sa_lifetime_traffic float: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
is_ccn_type bool: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
name str: Name of the VPN connection. The length of character is limited to 1-60.
negotiation_type str: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
net_status str: Net status of the VPN connection. Valid value: AVAILABLE.
pre_share_key str: Pre-shared key of the VPN connection.
route_type str: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
security_group_policies Sequence[VpnConnectionSecurityGroupPolicyArgs]: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
state str: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
tags Mapping[str, str]: A list of tags used to associate different resources.
vpc_id str: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
vpn_connection_id str: ID of the resource.
vpn_gateway_id str: ID of the VPN gateway.
vpn_proto str: Vpn proto of the VPN connection.

bgpConfig Property Map: BGP config.
createTime String: Create time of the VPN connection.
customerGatewayId String: ID of the customer gateway.
dpdAction String: The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.
dpdEnable Number: Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).
dpdTimeout Number: DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.
enableHealthCheck Boolean: Whether intra-tunnel health checks are supported.
encryptProto String: Encrypt proto of the VPN connection.
healthCheckConfig Property Map: VPN channel health check configuration.
healthCheckLocalIp String: Health check the address of this terminal.
healthCheckRemoteIp String: Health check peer address.
ikeDhGroupName String: DH group name of the IKE operation specification. Valid values: GROUP1, GROUP2, GROUP5, GROUP14, GROUP24. Default value is GROUP1.
ikeExchangeMode String: Exchange mode of the IKE operation specification. Valid values: AGGRESSIVE, MAIN. Default value is MAIN.
ikeLocalAddress String: Local address of IKE operation specification, valid when ike_local_identity is ADDRESS, generally the value is public_ip_address of the related VPN gateway.
ikeLocalFqdnName String: Local FQDN name of the IKE operation specification.
ikeLocalIdentity String: Local identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeProtoAuthenAlgorithm String: Proto authenticate algorithm of the IKE operation specification. Valid values: MD5, SHA, SHA-256. Default Value is MD5.
ikeProtoEncryAlgorithm String: Proto encrypt algorithm of the IKE operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, AES128GCM128, AES192GCM128, AES256GCM128,AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ikeRemoteAddress String: Remote address of IKE operation specification, valid when ike_remote_identity is ADDRESS, generally the value is public_ip_address of the related customer gateway.
ikeRemoteFqdnName String: Remote FQDN name of the IKE operation specification.
ikeRemoteIdentity String: Remote identity way of IKE operation specification. Valid values: ADDRESS, FQDN. Default value is ADDRESS.
ikeSaLifetimeSeconds Number: SA lifetime of the IKE operation specification, unit is second. The value ranges from 60 to 604800. Default value is 86400 seconds.
ikeVersion String: Version of the IKE operation specification, values: IKEV1, IKEV2. Default value is IKEV1.
ipsecEncryptAlgorithm String: Encrypt algorithm of the IPSEC operation specification. Valid values: 3DES-CBC, AES-CBC-128, AES-CBC-192, AES-CBC-256, DES-CBC, SM4, NULL, AES128GCM128, AES192GCM128, AES256GCM128. Default value is 3DES-CBC.
ipsecIntegrityAlgorithm String: Integrity algorithm of the IPSEC operation specification. Valid values: SHA1, MD5, SHA-256. Default value is MD5.
ipsecPfsDhGroup String: PFS DH group. Valid value: DH-GROUP1, DH-GROUP2, DH-GROUP5, DH-GROUP14, DH-GROUP24, NULL. Default value is NULL.
ipsecSaLifetimeSeconds Number: SA lifetime of the IPSEC operation specification, unit is second. Valid value ranges: [180~604800]. Default value is 3600 seconds.
ipsecSaLifetimeTraffic Number: SA lifetime of the IPSEC operation specification, unit is KB. The value should not be less then 2560. Default value is 1843200.
isCcnType Boolean: Indicate whether is ccn type. Modification of this field only impacts force new logic of vpc_id. If is_ccn_type is true, modification of vpc_id will be ignored.
name String: Name of the VPN connection. The length of character is limited to 1-60.
negotiationType String: The default negotiation type is active. Optional values: active (active negotiation), passive (passive negotiation), flowTrigger (traffic negotiation).
netStatus String: Net status of the VPN connection. Valid value: AVAILABLE.
preShareKey String: Pre-shared key of the VPN connection.
routeType String: Route type of the VPN connection. Valid value: STATIC, StaticRoute, Policy, Bgp.
securityGroupPolicies List<Property Map>: SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}, 10.0.0.5/24 is the vpc intranet segment, and 172.123.10.5/16 is the IDC network segment. Users specify which network segments in the VPC can communicate with which network segments in your IDC.
state String: State of the connection. Valid value: PENDING, AVAILABLE, DELETING.
tags Map<String>: A list of tags used to associate different resources.
vpcId String: ID of the VPC. Required if vpn gateway is not in CCN type, and doesn't make sense for CCN vpn gateway.
vpnConnectionId String: ID of the resource.
vpnGatewayId String: ID of the VPN gateway.
vpnProto String: Vpn proto of the VPN connection.

Supporting Types

VpnConnectionBgpConfig, VpnConnectionBgpConfigArgs

LocalBgpIp string: Cloud BGP address. It must be allocated from within the BGP tunnel network segment.
RemoteBgpIp string: User side BGP address. It must be allocated from within the BGP tunnel network segment.
TunnelCidr string: BGP tunnel segment.

LocalBgpIp string: Cloud BGP address. It must be allocated from within the BGP tunnel network segment.
RemoteBgpIp string: User side BGP address. It must be allocated from within the BGP tunnel network segment.
TunnelCidr string: BGP tunnel segment.

localBgpIp String: Cloud BGP address. It must be allocated from within the BGP tunnel network segment.
remoteBgpIp String: User side BGP address. It must be allocated from within the BGP tunnel network segment.
tunnelCidr String: BGP tunnel segment.

localBgpIp string: Cloud BGP address. It must be allocated from within the BGP tunnel network segment.
remoteBgpIp string: User side BGP address. It must be allocated from within the BGP tunnel network segment.
tunnelCidr string: BGP tunnel segment.

local_bgp_ip str: Cloud BGP address. It must be allocated from within the BGP tunnel network segment.
remote_bgp_ip str: User side BGP address. It must be allocated from within the BGP tunnel network segment.
tunnel_cidr str: BGP tunnel segment.

localBgpIp String: Cloud BGP address. It must be allocated from within the BGP tunnel network segment.
remoteBgpIp String: User side BGP address. It must be allocated from within the BGP tunnel network segment.
tunnelCidr String: BGP tunnel segment.

VpnConnectionHealthCheckConfig, VpnConnectionHealthCheckConfigArgs

ProbeInterval double: Detection interval, Tencent Cloud's interval between two health checks, range [1000-5000], Unit: ms.
ProbeThreshold double: Detection times, perform route switching after N consecutive health check failures, range [3-8], Unit: times.
ProbeTimeout double: Detection timeout, range [10-5000], Unit: ms.
ProbeType string: Detection mode, default is NQA, cannot be modified.

ProbeInterval float64: Detection interval, Tencent Cloud's interval between two health checks, range [1000-5000], Unit: ms.
ProbeThreshold float64: Detection times, perform route switching after N consecutive health check failures, range [3-8], Unit: times.
ProbeTimeout float64: Detection timeout, range [10-5000], Unit: ms.
ProbeType string: Detection mode, default is NQA, cannot be modified.

probeInterval Double: Detection interval, Tencent Cloud's interval between two health checks, range [1000-5000], Unit: ms.
probeThreshold Double: Detection times, perform route switching after N consecutive health check failures, range [3-8], Unit: times.
probeTimeout Double: Detection timeout, range [10-5000], Unit: ms.
probeType String: Detection mode, default is NQA, cannot be modified.

probeInterval number: Detection interval, Tencent Cloud's interval between two health checks, range [1000-5000], Unit: ms.
probeThreshold number: Detection times, perform route switching after N consecutive health check failures, range [3-8], Unit: times.
probeTimeout number: Detection timeout, range [10-5000], Unit: ms.
probeType string: Detection mode, default is NQA, cannot be modified.

probe_interval float: Detection interval, Tencent Cloud's interval between two health checks, range [1000-5000], Unit: ms.
probe_threshold float: Detection times, perform route switching after N consecutive health check failures, range [3-8], Unit: times.
probe_timeout float: Detection timeout, range [10-5000], Unit: ms.
probe_type str: Detection mode, default is NQA, cannot be modified.

probeInterval Number: Detection interval, Tencent Cloud's interval between two health checks, range [1000-5000], Unit: ms.
probeThreshold Number: Detection times, perform route switching after N consecutive health check failures, range [3-8], Unit: times.
probeTimeout Number: Detection timeout, range [10-5000], Unit: ms.
probeType String: Detection mode, default is NQA, cannot be modified.

VpnConnectionSecurityGroupPolicy, VpnConnectionSecurityGroupPolicyArgs

LocalCidrBlock string: Local cidr block.
RemoteCidrBlocks List<string>: Remote cidr block list.

LocalCidrBlock string: Local cidr block.
RemoteCidrBlocks []string: Remote cidr block list.

localCidrBlock String: Local cidr block.
remoteCidrBlocks List<String>: Remote cidr block list.

localCidrBlock string: Local cidr block.
remoteCidrBlocks string[]: Remote cidr block list.

local_cidr_block str: Local cidr block.
remote_cidr_blocks Sequence[str]: Remote cidr block list.

localCidrBlock String: Local cidr block.
remoteCidrBlocks List<String>: Remote cidr block list.

Import

VPN connection can be imported using the id, e.g.

$ pulumi import tencentcloud:index/vpnConnection:VpnConnection foo vpnx-nadifg3s

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: tencentcloud tencentcloudstack/terraform-provider-tencentcloud
License
Notes: This Pulumi package is based on the tencentcloud Terraform Provider.

tencentcloud 1.81.189 published on Wednesday, Apr 30, 2025 by tencentcloudstack

tencentcloudstack/terraform-provider-tencentcloud

tencentcloud.VpnConnection

On this page

On this page

Example Usage

Create VpnConnection Resource

Constructor syntax

Parameters

VpnConnection Resource Properties

Inputs

Outputs

Look up Existing VpnConnection Resource

Supporting Types

VpnConnectionBgpConfig, VpnConnectionBgpConfigArgs

VpnConnectionHealthCheckConfig, VpnConnectionHealthCheckConfigArgs

VpnConnectionSecurityGroupPolicy, VpnConnectionSecurityGroupPolicyArgs

Import

Package Details

On this page

On this page