volcenginecc.vpn.getVpnConnection

volcenginecc v0.0.32, Apr 23 26

Viewing docs for volcenginecc v0.0.32
published on Thursday, Apr 23, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcenginecc

Viewing docs for volcenginecc v0.0.32
published on Thursday, Apr 23, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcenginecc

Using getVpnConnection

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getVpnConnection(args: GetVpnConnectionArgs, opts?: InvokeOptions): Promise<GetVpnConnectionResult>
function getVpnConnectionOutput(args: GetVpnConnectionOutputArgs, opts?: InvokeOptions): Output<GetVpnConnectionResult>

def get_vpn_connection(id: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetVpnConnectionResult
def get_vpn_connection_output(id: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetVpnConnectionResult]

func LookupVpnConnection(ctx *Context, args *LookupVpnConnectionArgs, opts ...InvokeOption) (*LookupVpnConnectionResult, error)
func LookupVpnConnectionOutput(ctx *Context, args *LookupVpnConnectionOutputArgs, opts ...InvokeOption) LookupVpnConnectionResultOutput

> Note: This function is named LookupVpnConnection in the Go SDK.

public static class GetVpnConnection 
{
    public static Task<GetVpnConnectionResult> InvokeAsync(GetVpnConnectionArgs args, InvokeOptions? opts = null)
    public static Output<GetVpnConnectionResult> Invoke(GetVpnConnectionInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetVpnConnectionResult> getVpnConnection(GetVpnConnectionArgs args, InvokeOptions options)
public static Output<GetVpnConnectionResult> getVpnConnection(GetVpnConnectionArgs args, InvokeOptions options)

fn::invoke:
  function: volcenginecc:vpn/getVpnConnection:getVpnConnection
  arguments:
    # arguments dictionary

The following arguments are supported:

Id string: Uniquely identifies the resource.

Id string: Uniquely identifies the resource.

id String: Uniquely identifies the resource.

id string: Uniquely identifies the resource.

id str: Uniquely identifies the resource.

id String: Uniquely identifies the resource.

getVpnConnection Result

The following output properties are available:

AccountId string: ID of the account to which the IPsec connection belongs.
AttachStatus string: IPsec connection status, VpnGateway: Attached: Bound; TransitRouter: Attached: Bound; Attaching: Binding; Detached: Unbound; Detaching: Unbinding.
AttachType string: Type of gateway associated with the IPsec connection. VpnGateway: VPN gateway; TransitRouter: transit router.
BgpInfo Volcengine.GetVpnConnectionBgpInfo: BGP information for the IPsec connection.
BusinessStatus string: Billing status of the IPsec connection. This parameter is returned only when AttachType is 'TransitRouter'. Normal: Normal. FinancialLocked: Financially locked.
ConnectStatus string: Status of the tunnel connection. ikesanegotiationfailed: Phase 1 negotiation failed. ikesanegotiationcompleted: Phase 1 negotiation succeeded. ipsecsanegotiationfailed: Phase 2 negotiation failed. ipsecsanegotiationcompleted: Phase 2 negotiation succeeded.
CreationTime string: Time when the IPsec connection was created.
CustomerGatewayId string: ID of the customer gateway associated with the IPsec connection. This parameter is required when creating a single-tunnel IPsec connection. If the customer gateway IP address is 0.0.0.0, NegotiateInstantly can only be set to false, IkeConfig.Version can only be set to ikev1, and IkeConfig.Mode can only be set to aggressive in IkeConfig.
DeletedTime string: Expected resource forced reclamation time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, the value is empty.
Description string: Description of the IPsec connection. Must start with a Chinese character, letter, or number, and can only contain Chinese characters, letters, numbers, period (.), space ( ), underscore (_), hyphen (-), equals sign (=), English comma (,), Chinese comma (，), and Chinese period (。). Length limit: 0–255 characters. If not specified, defaults to an empty string.
DpdAction string: Status of the DPD feature. none: DPD feature disabled. clear (default): DPD feature enabled; IKE SA is cleared after DPD timeout. hold: DPD feature enabled; current state is maintained after DPD timeout; the connection is re-established when new traffic is detected. restart: DPD feature enabled; reconnect immediately after DPD timeout.
DualTunnelEnabled bool: Enable dual tunnel feature. true: Enabled. false: Not enabled.
EnableTunnelsBgp bool: Whether to enable BGP. Valid values: false (default): No, use static routing mode. true: Yes, use BGP routing mode.
HealthCheckers List<Volcengine.GetVpnConnectionHealthChecker>: Health check information for the IPsec connection
Id string: Uniquely identifies the resource.
IkeConfig Volcengine.GetVpnConnectionIkeConfig: IKE configuration information for the IPsec connection
IpAddress string: Public IP address of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
IpsecConfig Volcengine.GetVpnConnectionIpsecConfig: IPsec configuration information for the IPsec connection.
IsBlocked bool: Whether the current resource is blocked. true: Blocked; false: Not blocked
LocalSubnets List<string>: Local network segment of the IPsec connection.
LogEnabled bool: Enable connection logs. After connection logs are enabled, you can view and download IPsec connection logs and troubleshoot IPsec connection issues using the log information. true: Enabled. false: Not enabled.
NatTraversal bool: Enable NAT traversal. true: Enabled. When NAT traversal is enabled, IKE negotiation does not verify UDP port numbers and can detect NAT gateway devices in the VPN connection tunnel. false (default): Not enabled.
NegotiateInstantly bool: Whether to initiate negotiation mode immediately. true: The system actively initiates negotiation after the IPsec connection is configured. false (default): The system does not actively initiate negotiation after configuration; negotiation is initiated passively when traffic passes through.
OverdueTime string: Resource freeze time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, this parameter is empty.
ProjectName string: Project to which the IPsec connection belongs.
RemoteSubnets List<string>: Peer CIDR block of the IPsec connection
Spec string: IPsec connection instance specification. Only effective for IPsec associated with TR instances; ineffective for IPsec associated with VPN gateway instances. This parameter takes effect only when AttachType is set to TransitRouter. default (default): Default specification, bandwidth limit is 200 Mbps. large: Large specification, bandwidth limit is 1 Gbps. xlarge: Extra large specification, bandwidth limit is 3 Gbps.
Status string: Status of the IPsec connection. Creating: Creating. Deleting: Deleting. Pending: Configuring. Available: Available.
Tags List<Volcengine.GetVpnConnectionTag>: All tag information added to the IPsec connection.
TransitRouterId string: The ID of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
TunnelOptions List<Volcengine.GetVpnConnectionTunnelOption>: Tunnel configuration information for the IPsec connection.
UpdateTime string: The time when the IPsec connection was updated.
VpnConnectionId string: ID of the IPsec connection
VpnConnectionName string: Name of the IPsec connection. Must start with a Chinese character, English letter, or number, and can only contain Chinese characters, English letters, numbers, dot (.), underscore (_), and hyphen (-). Length must be between 1 and 128 characters. If not specified, defaults to the IPsec connection ID.
VpnGatewayId string: The ID of the VPN gateway associated with the IPsec connection. If AttachType is not specified or set to VpnGateway, this parameter must be provided. If AttachType is set to TransitRouter, this parameter is not required.
ZoneId string: Availability zone of the transit router attachment point. This parameter is returned only when AttachType is 'TransitRouter'.

AccountId string: ID of the account to which the IPsec connection belongs.
AttachStatus string: IPsec connection status, VpnGateway: Attached: Bound; TransitRouter: Attached: Bound; Attaching: Binding; Detached: Unbound; Detaching: Unbinding.
AttachType string: Type of gateway associated with the IPsec connection. VpnGateway: VPN gateway; TransitRouter: transit router.
BgpInfo GetVpnConnectionBgpInfo: BGP information for the IPsec connection.
BusinessStatus string: Billing status of the IPsec connection. This parameter is returned only when AttachType is 'TransitRouter'. Normal: Normal. FinancialLocked: Financially locked.
ConnectStatus string: Status of the tunnel connection. ikesanegotiationfailed: Phase 1 negotiation failed. ikesanegotiationcompleted: Phase 1 negotiation succeeded. ipsecsanegotiationfailed: Phase 2 negotiation failed. ipsecsanegotiationcompleted: Phase 2 negotiation succeeded.
CreationTime string: Time when the IPsec connection was created.
CustomerGatewayId string: ID of the customer gateway associated with the IPsec connection. This parameter is required when creating a single-tunnel IPsec connection. If the customer gateway IP address is 0.0.0.0, NegotiateInstantly can only be set to false, IkeConfig.Version can only be set to ikev1, and IkeConfig.Mode can only be set to aggressive in IkeConfig.
DeletedTime string: Expected resource forced reclamation time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, the value is empty.
Description string: Description of the IPsec connection. Must start with a Chinese character, letter, or number, and can only contain Chinese characters, letters, numbers, period (.), space ( ), underscore (_), hyphen (-), equals sign (=), English comma (,), Chinese comma (，), and Chinese period (。). Length limit: 0–255 characters. If not specified, defaults to an empty string.
DpdAction string: Status of the DPD feature. none: DPD feature disabled. clear (default): DPD feature enabled; IKE SA is cleared after DPD timeout. hold: DPD feature enabled; current state is maintained after DPD timeout; the connection is re-established when new traffic is detected. restart: DPD feature enabled; reconnect immediately after DPD timeout.
DualTunnelEnabled bool: Enable dual tunnel feature. true: Enabled. false: Not enabled.
EnableTunnelsBgp bool: Whether to enable BGP. Valid values: false (default): No, use static routing mode. true: Yes, use BGP routing mode.
HealthCheckers []GetVpnConnectionHealthChecker: Health check information for the IPsec connection
Id string: Uniquely identifies the resource.
IkeConfig GetVpnConnectionIkeConfig: IKE configuration information for the IPsec connection
IpAddress string: Public IP address of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
IpsecConfig GetVpnConnectionIpsecConfig: IPsec configuration information for the IPsec connection.
IsBlocked bool: Whether the current resource is blocked. true: Blocked; false: Not blocked
LocalSubnets []string: Local network segment of the IPsec connection.
LogEnabled bool: Enable connection logs. After connection logs are enabled, you can view and download IPsec connection logs and troubleshoot IPsec connection issues using the log information. true: Enabled. false: Not enabled.
NatTraversal bool: Enable NAT traversal. true: Enabled. When NAT traversal is enabled, IKE negotiation does not verify UDP port numbers and can detect NAT gateway devices in the VPN connection tunnel. false (default): Not enabled.
NegotiateInstantly bool: Whether to initiate negotiation mode immediately. true: The system actively initiates negotiation after the IPsec connection is configured. false (default): The system does not actively initiate negotiation after configuration; negotiation is initiated passively when traffic passes through.
OverdueTime string: Resource freeze time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, this parameter is empty.
ProjectName string: Project to which the IPsec connection belongs.
RemoteSubnets []string: Peer CIDR block of the IPsec connection
Spec string: IPsec connection instance specification. Only effective for IPsec associated with TR instances; ineffective for IPsec associated with VPN gateway instances. This parameter takes effect only when AttachType is set to TransitRouter. default (default): Default specification, bandwidth limit is 200 Mbps. large: Large specification, bandwidth limit is 1 Gbps. xlarge: Extra large specification, bandwidth limit is 3 Gbps.
Status string: Status of the IPsec connection. Creating: Creating. Deleting: Deleting. Pending: Configuring. Available: Available.
Tags []GetVpnConnectionTag: All tag information added to the IPsec connection.
TransitRouterId string: The ID of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
TunnelOptions []GetVpnConnectionTunnelOption: Tunnel configuration information for the IPsec connection.
UpdateTime string: The time when the IPsec connection was updated.
VpnConnectionId string: ID of the IPsec connection
VpnConnectionName string: Name of the IPsec connection. Must start with a Chinese character, English letter, or number, and can only contain Chinese characters, English letters, numbers, dot (.), underscore (_), and hyphen (-). Length must be between 1 and 128 characters. If not specified, defaults to the IPsec connection ID.
VpnGatewayId string: The ID of the VPN gateway associated with the IPsec connection. If AttachType is not specified or set to VpnGateway, this parameter must be provided. If AttachType is set to TransitRouter, this parameter is not required.
ZoneId string: Availability zone of the transit router attachment point. This parameter is returned only when AttachType is 'TransitRouter'.

accountId String: ID of the account to which the IPsec connection belongs.
attachStatus String: IPsec connection status, VpnGateway: Attached: Bound; TransitRouter: Attached: Bound; Attaching: Binding; Detached: Unbound; Detaching: Unbinding.
attachType String: Type of gateway associated with the IPsec connection. VpnGateway: VPN gateway; TransitRouter: transit router.
bgpInfo GetVpnConnectionBgpInfo: BGP information for the IPsec connection.
businessStatus String: Billing status of the IPsec connection. This parameter is returned only when AttachType is 'TransitRouter'. Normal: Normal. FinancialLocked: Financially locked.
connectStatus String: Status of the tunnel connection. ikesanegotiationfailed: Phase 1 negotiation failed. ikesanegotiationcompleted: Phase 1 negotiation succeeded. ipsecsanegotiationfailed: Phase 2 negotiation failed. ipsecsanegotiationcompleted: Phase 2 negotiation succeeded.
creationTime String: Time when the IPsec connection was created.
customerGatewayId String: ID of the customer gateway associated with the IPsec connection. This parameter is required when creating a single-tunnel IPsec connection. If the customer gateway IP address is 0.0.0.0, NegotiateInstantly can only be set to false, IkeConfig.Version can only be set to ikev1, and IkeConfig.Mode can only be set to aggressive in IkeConfig.
deletedTime String: Expected resource forced reclamation time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, the value is empty.
description String: Description of the IPsec connection. Must start with a Chinese character, letter, or number, and can only contain Chinese characters, letters, numbers, period (.), space ( ), underscore (_), hyphen (-), equals sign (=), English comma (,), Chinese comma (，), and Chinese period (。). Length limit: 0–255 characters. If not specified, defaults to an empty string.
dpdAction String: Status of the DPD feature. none: DPD feature disabled. clear (default): DPD feature enabled; IKE SA is cleared after DPD timeout. hold: DPD feature enabled; current state is maintained after DPD timeout; the connection is re-established when new traffic is detected. restart: DPD feature enabled; reconnect immediately after DPD timeout.
dualTunnelEnabled Boolean: Enable dual tunnel feature. true: Enabled. false: Not enabled.
enableTunnelsBgp Boolean: Whether to enable BGP. Valid values: false (default): No, use static routing mode. true: Yes, use BGP routing mode.
healthCheckers List<GetVpnConnectionHealthChecker>: Health check information for the IPsec connection
id String: Uniquely identifies the resource.
ikeConfig GetVpnConnectionIkeConfig: IKE configuration information for the IPsec connection
ipAddress String: Public IP address of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
ipsecConfig GetVpnConnectionIpsecConfig: IPsec configuration information for the IPsec connection.
isBlocked Boolean: Whether the current resource is blocked. true: Blocked; false: Not blocked
localSubnets List<String>: Local network segment of the IPsec connection.
logEnabled Boolean: Enable connection logs. After connection logs are enabled, you can view and download IPsec connection logs and troubleshoot IPsec connection issues using the log information. true: Enabled. false: Not enabled.
natTraversal Boolean: Enable NAT traversal. true: Enabled. When NAT traversal is enabled, IKE negotiation does not verify UDP port numbers and can detect NAT gateway devices in the VPN connection tunnel. false (default): Not enabled.
negotiateInstantly Boolean: Whether to initiate negotiation mode immediately. true: The system actively initiates negotiation after the IPsec connection is configured. false (default): The system does not actively initiate negotiation after configuration; negotiation is initiated passively when traffic passes through.
overdueTime String: Resource freeze time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, this parameter is empty.
projectName String: Project to which the IPsec connection belongs.
remoteSubnets List<String>: Peer CIDR block of the IPsec connection
spec String: IPsec connection instance specification. Only effective for IPsec associated with TR instances; ineffective for IPsec associated with VPN gateway instances. This parameter takes effect only when AttachType is set to TransitRouter. default (default): Default specification, bandwidth limit is 200 Mbps. large: Large specification, bandwidth limit is 1 Gbps. xlarge: Extra large specification, bandwidth limit is 3 Gbps.
status String: Status of the IPsec connection. Creating: Creating. Deleting: Deleting. Pending: Configuring. Available: Available.
tags List<GetVpnConnectionTag>: All tag information added to the IPsec connection.
transitRouterId String: The ID of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
tunnelOptions List<GetVpnConnectionTunnelOption>: Tunnel configuration information for the IPsec connection.
updateTime String: The time when the IPsec connection was updated.
vpnConnectionId String: ID of the IPsec connection
vpnConnectionName String: Name of the IPsec connection. Must start with a Chinese character, English letter, or number, and can only contain Chinese characters, English letters, numbers, dot (.), underscore (_), and hyphen (-). Length must be between 1 and 128 characters. If not specified, defaults to the IPsec connection ID.
vpnGatewayId String: The ID of the VPN gateway associated with the IPsec connection. If AttachType is not specified or set to VpnGateway, this parameter must be provided. If AttachType is set to TransitRouter, this parameter is not required.
zoneId String: Availability zone of the transit router attachment point. This parameter is returned only when AttachType is 'TransitRouter'.

accountId string: ID of the account to which the IPsec connection belongs.
attachStatus string: IPsec connection status, VpnGateway: Attached: Bound; TransitRouter: Attached: Bound; Attaching: Binding; Detached: Unbound; Detaching: Unbinding.
attachType string: Type of gateway associated with the IPsec connection. VpnGateway: VPN gateway; TransitRouter: transit router.
bgpInfo GetVpnConnectionBgpInfo: BGP information for the IPsec connection.
businessStatus string: Billing status of the IPsec connection. This parameter is returned only when AttachType is 'TransitRouter'. Normal: Normal. FinancialLocked: Financially locked.
connectStatus string: Status of the tunnel connection. ikesanegotiationfailed: Phase 1 negotiation failed. ikesanegotiationcompleted: Phase 1 negotiation succeeded. ipsecsanegotiationfailed: Phase 2 negotiation failed. ipsecsanegotiationcompleted: Phase 2 negotiation succeeded.
creationTime string: Time when the IPsec connection was created.
customerGatewayId string: ID of the customer gateway associated with the IPsec connection. This parameter is required when creating a single-tunnel IPsec connection. If the customer gateway IP address is 0.0.0.0, NegotiateInstantly can only be set to false, IkeConfig.Version can only be set to ikev1, and IkeConfig.Mode can only be set to aggressive in IkeConfig.
deletedTime string: Expected resource forced reclamation time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, the value is empty.
description string: Description of the IPsec connection. Must start with a Chinese character, letter, or number, and can only contain Chinese characters, letters, numbers, period (.), space ( ), underscore (_), hyphen (-), equals sign (=), English comma (,), Chinese comma (，), and Chinese period (。). Length limit: 0–255 characters. If not specified, defaults to an empty string.
dpdAction string: Status of the DPD feature. none: DPD feature disabled. clear (default): DPD feature enabled; IKE SA is cleared after DPD timeout. hold: DPD feature enabled; current state is maintained after DPD timeout; the connection is re-established when new traffic is detected. restart: DPD feature enabled; reconnect immediately after DPD timeout.
dualTunnelEnabled boolean: Enable dual tunnel feature. true: Enabled. false: Not enabled.
enableTunnelsBgp boolean: Whether to enable BGP. Valid values: false (default): No, use static routing mode. true: Yes, use BGP routing mode.
healthCheckers GetVpnConnectionHealthChecker[]: Health check information for the IPsec connection
id string: Uniquely identifies the resource.
ikeConfig GetVpnConnectionIkeConfig: IKE configuration information for the IPsec connection
ipAddress string: Public IP address of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
ipsecConfig GetVpnConnectionIpsecConfig: IPsec configuration information for the IPsec connection.
isBlocked boolean: Whether the current resource is blocked. true: Blocked; false: Not blocked
localSubnets string[]: Local network segment of the IPsec connection.
logEnabled boolean: Enable connection logs. After connection logs are enabled, you can view and download IPsec connection logs and troubleshoot IPsec connection issues using the log information. true: Enabled. false: Not enabled.
natTraversal boolean: Enable NAT traversal. true: Enabled. When NAT traversal is enabled, IKE negotiation does not verify UDP port numbers and can detect NAT gateway devices in the VPN connection tunnel. false (default): Not enabled.
negotiateInstantly boolean: Whether to initiate negotiation mode immediately. true: The system actively initiates negotiation after the IPsec connection is configured. false (default): The system does not actively initiate negotiation after configuration; negotiation is initiated passively when traffic passes through.
overdueTime string: Resource freeze time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, this parameter is empty.
projectName string: Project to which the IPsec connection belongs.
remoteSubnets string[]: Peer CIDR block of the IPsec connection
spec string: IPsec connection instance specification. Only effective for IPsec associated with TR instances; ineffective for IPsec associated with VPN gateway instances. This parameter takes effect only when AttachType is set to TransitRouter. default (default): Default specification, bandwidth limit is 200 Mbps. large: Large specification, bandwidth limit is 1 Gbps. xlarge: Extra large specification, bandwidth limit is 3 Gbps.
status string: Status of the IPsec connection. Creating: Creating. Deleting: Deleting. Pending: Configuring. Available: Available.
tags GetVpnConnectionTag[]: All tag information added to the IPsec connection.
transitRouterId string: The ID of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
tunnelOptions GetVpnConnectionTunnelOption[]: Tunnel configuration information for the IPsec connection.
updateTime string: The time when the IPsec connection was updated.
vpnConnectionId string: ID of the IPsec connection
vpnConnectionName string: Name of the IPsec connection. Must start with a Chinese character, English letter, or number, and can only contain Chinese characters, English letters, numbers, dot (.), underscore (_), and hyphen (-). Length must be between 1 and 128 characters. If not specified, defaults to the IPsec connection ID.
vpnGatewayId string: The ID of the VPN gateway associated with the IPsec connection. If AttachType is not specified or set to VpnGateway, this parameter must be provided. If AttachType is set to TransitRouter, this parameter is not required.
zoneId string: Availability zone of the transit router attachment point. This parameter is returned only when AttachType is 'TransitRouter'.

account_id str: ID of the account to which the IPsec connection belongs.
attach_status str: IPsec connection status, VpnGateway: Attached: Bound; TransitRouter: Attached: Bound; Attaching: Binding; Detached: Unbound; Detaching: Unbinding.
attach_type str: Type of gateway associated with the IPsec connection. VpnGateway: VPN gateway; TransitRouter: transit router.
bgp_info GetVpnConnectionBgpInfo: BGP information for the IPsec connection.
business_status str: Billing status of the IPsec connection. This parameter is returned only when AttachType is 'TransitRouter'. Normal: Normal. FinancialLocked: Financially locked.
connect_status str: Status of the tunnel connection. ikesanegotiationfailed: Phase 1 negotiation failed. ikesanegotiationcompleted: Phase 1 negotiation succeeded. ipsecsanegotiationfailed: Phase 2 negotiation failed. ipsecsanegotiationcompleted: Phase 2 negotiation succeeded.
creation_time str: Time when the IPsec connection was created.
customer_gateway_id str: ID of the customer gateway associated with the IPsec connection. This parameter is required when creating a single-tunnel IPsec connection. If the customer gateway IP address is 0.0.0.0, NegotiateInstantly can only be set to false, IkeConfig.Version can only be set to ikev1, and IkeConfig.Mode can only be set to aggressive in IkeConfig.
deleted_time str: Expected resource forced reclamation time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, the value is empty.
description str: Description of the IPsec connection. Must start with a Chinese character, letter, or number, and can only contain Chinese characters, letters, numbers, period (.), space ( ), underscore (_), hyphen (-), equals sign (=), English comma (,), Chinese comma (，), and Chinese period (。). Length limit: 0–255 characters. If not specified, defaults to an empty string.
dpd_action str: Status of the DPD feature. none: DPD feature disabled. clear (default): DPD feature enabled; IKE SA is cleared after DPD timeout. hold: DPD feature enabled; current state is maintained after DPD timeout; the connection is re-established when new traffic is detected. restart: DPD feature enabled; reconnect immediately after DPD timeout.
dual_tunnel_enabled bool: Enable dual tunnel feature. true: Enabled. false: Not enabled.
enable_tunnels_bgp bool: Whether to enable BGP. Valid values: false (default): No, use static routing mode. true: Yes, use BGP routing mode.
health_checkers Sequence[GetVpnConnectionHealthChecker]: Health check information for the IPsec connection
id str: Uniquely identifies the resource.
ike_config GetVpnConnectionIkeConfig: IKE configuration information for the IPsec connection
ip_address str: Public IP address of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
ipsec_config GetVpnConnectionIpsecConfig: IPsec configuration information for the IPsec connection.
is_blocked bool: Whether the current resource is blocked. true: Blocked; false: Not blocked
local_subnets Sequence[str]: Local network segment of the IPsec connection.
log_enabled bool: Enable connection logs. After connection logs are enabled, you can view and download IPsec connection logs and troubleshoot IPsec connection issues using the log information. true: Enabled. false: Not enabled.
nat_traversal bool: Enable NAT traversal. true: Enabled. When NAT traversal is enabled, IKE negotiation does not verify UDP port numbers and can detect NAT gateway devices in the VPN connection tunnel. false (default): Not enabled.
negotiate_instantly bool: Whether to initiate negotiation mode immediately. true: The system actively initiates negotiation after the IPsec connection is configured. false (default): The system does not actively initiate negotiation after configuration; negotiation is initiated passively when traffic passes through.
overdue_time str: Resource freeze time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, this parameter is empty.
project_name str: Project to which the IPsec connection belongs.
remote_subnets Sequence[str]: Peer CIDR block of the IPsec connection
spec str: IPsec connection instance specification. Only effective for IPsec associated with TR instances; ineffective for IPsec associated with VPN gateway instances. This parameter takes effect only when AttachType is set to TransitRouter. default (default): Default specification, bandwidth limit is 200 Mbps. large: Large specification, bandwidth limit is 1 Gbps. xlarge: Extra large specification, bandwidth limit is 3 Gbps.
status str: Status of the IPsec connection. Creating: Creating. Deleting: Deleting. Pending: Configuring. Available: Available.
tags Sequence[GetVpnConnectionTag]: All tag information added to the IPsec connection.
transit_router_id str: The ID of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
tunnel_options Sequence[GetVpnConnectionTunnelOption]: Tunnel configuration information for the IPsec connection.
update_time str: The time when the IPsec connection was updated.
vpn_connection_id str: ID of the IPsec connection
vpn_connection_name str: Name of the IPsec connection. Must start with a Chinese character, English letter, or number, and can only contain Chinese characters, English letters, numbers, dot (.), underscore (_), and hyphen (-). Length must be between 1 and 128 characters. If not specified, defaults to the IPsec connection ID.
vpn_gateway_id str: The ID of the VPN gateway associated with the IPsec connection. If AttachType is not specified or set to VpnGateway, this parameter must be provided. If AttachType is set to TransitRouter, this parameter is not required.
zone_id str: Availability zone of the transit router attachment point. This parameter is returned only when AttachType is 'TransitRouter'.

accountId String: ID of the account to which the IPsec connection belongs.
attachStatus String: IPsec connection status, VpnGateway: Attached: Bound; TransitRouter: Attached: Bound; Attaching: Binding; Detached: Unbound; Detaching: Unbinding.
attachType String: Type of gateway associated with the IPsec connection. VpnGateway: VPN gateway; TransitRouter: transit router.
bgpInfo Property Map: BGP information for the IPsec connection.
businessStatus String: Billing status of the IPsec connection. This parameter is returned only when AttachType is 'TransitRouter'. Normal: Normal. FinancialLocked: Financially locked.
connectStatus String: Status of the tunnel connection. ikesanegotiationfailed: Phase 1 negotiation failed. ikesanegotiationcompleted: Phase 1 negotiation succeeded. ipsecsanegotiationfailed: Phase 2 negotiation failed. ipsecsanegotiationcompleted: Phase 2 negotiation succeeded.
creationTime String: Time when the IPsec connection was created.
customerGatewayId String: ID of the customer gateway associated with the IPsec connection. This parameter is required when creating a single-tunnel IPsec connection. If the customer gateway IP address is 0.0.0.0, NegotiateInstantly can only be set to false, IkeConfig.Version can only be set to ikev1, and IkeConfig.Mode can only be set to aggressive in IkeConfig.
deletedTime String: Expected resource forced reclamation time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, the value is empty.
description String: Description of the IPsec connection. Must start with a Chinese character, letter, or number, and can only contain Chinese characters, letters, numbers, period (.), space ( ), underscore (_), hyphen (-), equals sign (=), English comma (,), Chinese comma (，), and Chinese period (。). Length limit: 0–255 characters. If not specified, defaults to an empty string.
dpdAction String: Status of the DPD feature. none: DPD feature disabled. clear (default): DPD feature enabled; IKE SA is cleared after DPD timeout. hold: DPD feature enabled; current state is maintained after DPD timeout; the connection is re-established when new traffic is detected. restart: DPD feature enabled; reconnect immediately after DPD timeout.
dualTunnelEnabled Boolean: Enable dual tunnel feature. true: Enabled. false: Not enabled.
enableTunnelsBgp Boolean: Whether to enable BGP. Valid values: false (default): No, use static routing mode. true: Yes, use BGP routing mode.
healthCheckers List<Property Map>: Health check information for the IPsec connection
id String: Uniquely identifies the resource.
ikeConfig Property Map: IKE configuration information for the IPsec connection
ipAddress String: Public IP address of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
ipsecConfig Property Map: IPsec configuration information for the IPsec connection.
isBlocked Boolean: Whether the current resource is blocked. true: Blocked; false: Not blocked
localSubnets List<String>: Local network segment of the IPsec connection.
logEnabled Boolean: Enable connection logs. After connection logs are enabled, you can view and download IPsec connection logs and troubleshoot IPsec connection issues using the log information. true: Enabled. false: Not enabled.
natTraversal Boolean: Enable NAT traversal. true: Enabled. When NAT traversal is enabled, IKE negotiation does not verify UDP port numbers and can detect NAT gateway devices in the VPN connection tunnel. false (default): Not enabled.
negotiateInstantly Boolean: Whether to initiate negotiation mode immediately. true: The system actively initiates negotiation after the IPsec connection is configured. false (default): The system does not actively initiate negotiation after configuration; negotiation is initiated passively when traffic passes through.
overdueTime String: Resource freeze time. This parameter is returned only when AttachType is 'TransitRouter', and only when the resource is frozen due to overdue payment. Otherwise, this parameter is empty.
projectName String: Project to which the IPsec connection belongs.
remoteSubnets List<String>: Peer CIDR block of the IPsec connection
spec String: IPsec connection instance specification. Only effective for IPsec associated with TR instances; ineffective for IPsec associated with VPN gateway instances. This parameter takes effect only when AttachType is set to TransitRouter. default (default): Default specification, bandwidth limit is 200 Mbps. large: Large specification, bandwidth limit is 1 Gbps. xlarge: Extra large specification, bandwidth limit is 3 Gbps.
status String: Status of the IPsec connection. Creating: Creating. Deleting: Deleting. Pending: Configuring. Available: Available.
tags List<Property Map>: All tag information added to the IPsec connection.
transitRouterId String: The ID of the transit router. This parameter is returned only when AttachType is 'TransitRouter'.
tunnelOptions List<Property Map>: Tunnel configuration information for the IPsec connection.
updateTime String: The time when the IPsec connection was updated.
vpnConnectionId String: ID of the IPsec connection
vpnConnectionName String: Name of the IPsec connection. Must start with a Chinese character, English letter, or number, and can only contain Chinese characters, English letters, numbers, dot (.), underscore (_), and hyphen (-). Length must be between 1 and 128 characters. If not specified, defaults to the IPsec connection ID.
vpnGatewayId String: The ID of the VPN gateway associated with the IPsec connection. If AttachType is not specified or set to VpnGateway, this parameter must be provided. If AttachType is set to TransitRouter, this parameter is not required.
zoneId String: Availability zone of the transit router attachment point. This parameter is returned only when AttachType is 'TransitRouter'.

Supporting Types

GetVpnConnectionBgpInfo

EnableBgp bool: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
LocalAsn int: The ASN of the VPN gateway.
LocalBgpIp string: The local tunnel IP, which is the BGP address configured on the VPN gateway and defaults to the first host address of BgpConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel subnet. If BgpConfig.EnableBgp is set to true, this parameter must be provided.
PeerAsn int: ASN of the customer gateway.
PeerBgpIp string: BGP peer IP, that is, the BGP address on the customer gateway side.
SessionStatus string: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
TunnelCidr string: CIDR address range for the local and peer IPs of the BGP session.

EnableBgp bool: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
LocalAsn int: The ASN of the VPN gateway.
LocalBgpIp string: The local tunnel IP, which is the BGP address configured on the VPN gateway and defaults to the first host address of BgpConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel subnet. If BgpConfig.EnableBgp is set to true, this parameter must be provided.
PeerAsn int: ASN of the customer gateway.
PeerBgpIp string: BGP peer IP, that is, the BGP address on the customer gateway side.
SessionStatus string: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
TunnelCidr string: CIDR address range for the local and peer IPs of the BGP session.

enableBgp Boolean: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
localAsn Integer: The ASN of the VPN gateway.
localBgpIp String: The local tunnel IP, which is the BGP address configured on the VPN gateway and defaults to the first host address of BgpConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel subnet. If BgpConfig.EnableBgp is set to true, this parameter must be provided.
peerAsn Integer: ASN of the customer gateway.
peerBgpIp String: BGP peer IP, that is, the BGP address on the customer gateway side.
sessionStatus String: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
tunnelCidr String: CIDR address range for the local and peer IPs of the BGP session.

enableBgp boolean: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
localAsn number: The ASN of the VPN gateway.
localBgpIp string: The local tunnel IP, which is the BGP address configured on the VPN gateway and defaults to the first host address of BgpConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel subnet. If BgpConfig.EnableBgp is set to true, this parameter must be provided.
peerAsn number: ASN of the customer gateway.
peerBgpIp string: BGP peer IP, that is, the BGP address on the customer gateway side.
sessionStatus string: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
tunnelCidr string: CIDR address range for the local and peer IPs of the BGP session.

enable_bgp bool: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
local_asn int: The ASN of the VPN gateway.
local_bgp_ip str: The local tunnel IP, which is the BGP address configured on the VPN gateway and defaults to the first host address of BgpConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel subnet. If BgpConfig.EnableBgp is set to true, this parameter must be provided.
peer_asn int: ASN of the customer gateway.
peer_bgp_ip str: BGP peer IP, that is, the BGP address on the customer gateway side.
session_status str: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
tunnel_cidr str: CIDR address range for the local and peer IPs of the BGP session.

enableBgp Boolean: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
localAsn Number: The ASN of the VPN gateway.
localBgpIp String: The local tunnel IP, which is the BGP address configured on the VPN gateway and defaults to the first host address of BgpConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel subnet. If BgpConfig.EnableBgp is set to true, this parameter must be provided.
peerAsn Number: ASN of the customer gateway.
peerBgpIp String: BGP peer IP, that is, the BGP address on the customer gateway side.
sessionStatus String: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
tunnelCidr String: CIDR address range for the local and peer IPs of the BGP session.

GetVpnConnectionHealthChecker

CheckInterval int: Interval for performing health checks
CheckResult string: Health check result. Up: Normal. Down: Abnormal.
CheckerId string: ID of the IPsec connection health check
DownTime int: Health check unhealthy threshold. If the health check result is 'abnormal' for the specified number of consecutive times, the IPsec connection is considered unhealthy.
LocalIp string: Health check source IP.
RemoteIp string: Health check target IP.
Timeout int: Health check response timeout. If the IPsec connection does not respond correctly within the specified response time, it is considered 'abnormal' for health check.
UpTime int: Health check threshold. If the specified number of consecutive health checks are all 'healthy', the IPsec connection is considered 'healthy' by health check.

CheckInterval int: Interval for performing health checks
CheckResult string: Health check result. Up: Normal. Down: Abnormal.
CheckerId string: ID of the IPsec connection health check
DownTime int: Health check unhealthy threshold. If the health check result is 'abnormal' for the specified number of consecutive times, the IPsec connection is considered unhealthy.
LocalIp string: Health check source IP.
RemoteIp string: Health check target IP.
Timeout int: Health check response timeout. If the IPsec connection does not respond correctly within the specified response time, it is considered 'abnormal' for health check.
UpTime int: Health check threshold. If the specified number of consecutive health checks are all 'healthy', the IPsec connection is considered 'healthy' by health check.

checkInterval Integer: Interval for performing health checks
checkResult String: Health check result. Up: Normal. Down: Abnormal.
checkerId String: ID of the IPsec connection health check
downTime Integer: Health check unhealthy threshold. If the health check result is 'abnormal' for the specified number of consecutive times, the IPsec connection is considered unhealthy.
localIp String: Health check source IP.
remoteIp String: Health check target IP.
timeout Integer: Health check response timeout. If the IPsec connection does not respond correctly within the specified response time, it is considered 'abnormal' for health check.
upTime Integer: Health check threshold. If the specified number of consecutive health checks are all 'healthy', the IPsec connection is considered 'healthy' by health check.

checkInterval number: Interval for performing health checks
checkResult string: Health check result. Up: Normal. Down: Abnormal.
checkerId string: ID of the IPsec connection health check
downTime number: Health check unhealthy threshold. If the health check result is 'abnormal' for the specified number of consecutive times, the IPsec connection is considered unhealthy.
localIp string: Health check source IP.
remoteIp string: Health check target IP.
timeout number: Health check response timeout. If the IPsec connection does not respond correctly within the specified response time, it is considered 'abnormal' for health check.
upTime number: Health check threshold. If the specified number of consecutive health checks are all 'healthy', the IPsec connection is considered 'healthy' by health check.

check_interval int: Interval for performing health checks
check_result str: Health check result. Up: Normal. Down: Abnormal.
checker_id str: ID of the IPsec connection health check
down_time int: Health check unhealthy threshold. If the health check result is 'abnormal' for the specified number of consecutive times, the IPsec connection is considered unhealthy.
local_ip str: Health check source IP.
remote_ip str: Health check target IP.
timeout int: Health check response timeout. If the IPsec connection does not respond correctly within the specified response time, it is considered 'abnormal' for health check.
up_time int: Health check threshold. If the specified number of consecutive health checks are all 'healthy', the IPsec connection is considered 'healthy' by health check.

checkInterval Number: Interval for performing health checks
checkResult String: Health check result. Up: Normal. Down: Abnormal.
checkerId String: ID of the IPsec connection health check
downTime Number: Health check unhealthy threshold. If the health check result is 'abnormal' for the specified number of consecutive times, the IPsec connection is considered unhealthy.
localIp String: Health check source IP.
remoteIp String: Health check target IP.
timeout Number: Health check response timeout. If the IPsec connection does not respond correctly within the specified response time, it is considered 'abnormal' for health check.
upTime Number: Health check threshold. If the specified number of consecutive health checks are all 'healthy', the IPsec connection is considered 'healthy' by health check.

GetVpnConnectionIkeConfig

AuthAlg string: Authentication algorithm for phase one.
DhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
EncAlg string: Encryption algorithm for phase 1 negotiation.
Lifetime int: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
LocalId string: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
Mode string: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
Psk string: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
RemoteId string: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
Version string: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

AuthAlg string: Authentication algorithm for phase one.
DhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
EncAlg string: Encryption algorithm for phase 1 negotiation.
Lifetime int: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
LocalId string: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
Mode string: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
Psk string: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
RemoteId string: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
Version string: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

authAlg String: Authentication algorithm for phase one.
dhGroup String: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
encAlg String: Encryption algorithm for phase 1 negotiation.
lifetime Integer: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
localId String: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
mode String: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
psk String: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
remoteId String: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
version String: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

authAlg string: Authentication algorithm for phase one.
dhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
encAlg string: Encryption algorithm for phase 1 negotiation.
lifetime number: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
localId string: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
mode string: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
psk string: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
remoteId string: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
version string: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

auth_alg str: Authentication algorithm for phase one.
dh_group str: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
enc_alg str: Encryption algorithm for phase 1 negotiation.
lifetime int: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
local_id str: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
mode str: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
psk str: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
remote_id str: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
version str: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

authAlg String: Authentication algorithm for phase one.
dhGroup String: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
encAlg String: Encryption algorithm for phase 1 negotiation.
lifetime Number: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
localId String: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
mode String: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
psk String: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
remoteId String: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
version String: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

GetVpnConnectionIpsecConfig

AuthAlg string: Authentication algorithm for phase 2 negotiation
DhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 2
EncAlg string: Encryption algorithm for phase 2 negotiation
Lifetime int: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

AuthAlg string: Authentication algorithm for phase 2 negotiation
DhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 2
EncAlg string: Encryption algorithm for phase 2 negotiation
Lifetime int: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

authAlg String: Authentication algorithm for phase 2 negotiation
dhGroup String: DH (Diffie-Hellman) key exchange algorithm used in phase 2
encAlg String: Encryption algorithm for phase 2 negotiation
lifetime Integer: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

authAlg string: Authentication algorithm for phase 2 negotiation
dhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 2
encAlg string: Encryption algorithm for phase 2 negotiation
lifetime number: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

auth_alg str: Authentication algorithm for phase 2 negotiation
dh_group str: DH (Diffie-Hellman) key exchange algorithm used in phase 2
enc_alg str: Encryption algorithm for phase 2 negotiation
lifetime int: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

authAlg String: Authentication algorithm for phase 2 negotiation
dhGroup String: DH (Diffie-Hellman) key exchange algorithm used in phase 2
encAlg String: Encryption algorithm for phase 2 negotiation
lifetime Number: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

GetVpnConnectionTag

Key string: Tag key.
Value string: Tag value

Key string: Tag key.
Value string: Tag value

key String: Tag key.
value String: Tag value

key string: Tag key.
value string: Tag value

key str: Tag key.
value str: Tag value

key String: Tag key.
value String: Tag value

GetVpnConnectionTunnelOption

ConnectStatus string: IPsec tunnel status. ikesanegotiationfailed: Phase one negotiation failed; nikesanegotiationcompleted: Phase one negotiation succeeded; nipsecsanegotiationfailed: Phase two negotiation failed; nipsecsanegotiationcompleted: Phase two negotiation succeeded.
CustomerGatewayId string: ID of the customer gateway associated with the IPsec connection.
DpdAction string: Status of the DPD feature.
IkeConfig Volcengine.GetVpnConnectionTunnelOptionIkeConfig: IKE configuration information for the IPsec connection.
IpsecConfig Volcengine.GetVpnConnectionTunnelOptionIpsecConfig: Information about the IPsec configuration in the IPsec connection.
NatTraversal bool: Whether to enable NAT traversal
Role string: The role of the tunnel.
TunnelBgpInfo Volcengine.GetVpnConnectionTunnelOptionTunnelBgpInfo: BGP session information.
TunnelId string: Tunnel ID of the IPsec connection.

ConnectStatus string: IPsec tunnel status. ikesanegotiationfailed: Phase one negotiation failed; nikesanegotiationcompleted: Phase one negotiation succeeded; nipsecsanegotiationfailed: Phase two negotiation failed; nipsecsanegotiationcompleted: Phase two negotiation succeeded.
CustomerGatewayId string: ID of the customer gateway associated with the IPsec connection.
DpdAction string: Status of the DPD feature.
IkeConfig GetVpnConnectionTunnelOptionIkeConfig: IKE configuration information for the IPsec connection.
IpsecConfig GetVpnConnectionTunnelOptionIpsecConfig: Information about the IPsec configuration in the IPsec connection.
NatTraversal bool: Whether to enable NAT traversal
Role string: The role of the tunnel.
TunnelBgpInfo GetVpnConnectionTunnelOptionTunnelBgpInfo: BGP session information.
TunnelId string: Tunnel ID of the IPsec connection.

connectStatus String: IPsec tunnel status. ikesanegotiationfailed: Phase one negotiation failed; nikesanegotiationcompleted: Phase one negotiation succeeded; nipsecsanegotiationfailed: Phase two negotiation failed; nipsecsanegotiationcompleted: Phase two negotiation succeeded.
customerGatewayId String: ID of the customer gateway associated with the IPsec connection.
dpdAction String: Status of the DPD feature.
ikeConfig GetVpnConnectionTunnelOptionIkeConfig: IKE configuration information for the IPsec connection.
ipsecConfig GetVpnConnectionTunnelOptionIpsecConfig: Information about the IPsec configuration in the IPsec connection.
natTraversal Boolean: Whether to enable NAT traversal
role String: The role of the tunnel.
tunnelBgpInfo GetVpnConnectionTunnelOptionTunnelBgpInfo: BGP session information.
tunnelId String: Tunnel ID of the IPsec connection.

connectStatus string: IPsec tunnel status. ikesanegotiationfailed: Phase one negotiation failed; nikesanegotiationcompleted: Phase one negotiation succeeded; nipsecsanegotiationfailed: Phase two negotiation failed; nipsecsanegotiationcompleted: Phase two negotiation succeeded.
customerGatewayId string: ID of the customer gateway associated with the IPsec connection.
dpdAction string: Status of the DPD feature.
ikeConfig GetVpnConnectionTunnelOptionIkeConfig: IKE configuration information for the IPsec connection.
ipsecConfig GetVpnConnectionTunnelOptionIpsecConfig: Information about the IPsec configuration in the IPsec connection.
natTraversal boolean: Whether to enable NAT traversal
role string: The role of the tunnel.
tunnelBgpInfo GetVpnConnectionTunnelOptionTunnelBgpInfo: BGP session information.
tunnelId string: Tunnel ID of the IPsec connection.

connect_status str: IPsec tunnel status. ikesanegotiationfailed: Phase one negotiation failed; nikesanegotiationcompleted: Phase one negotiation succeeded; nipsecsanegotiationfailed: Phase two negotiation failed; nipsecsanegotiationcompleted: Phase two negotiation succeeded.
customer_gateway_id str: ID of the customer gateway associated with the IPsec connection.
dpd_action str: Status of the DPD feature.
ike_config GetVpnConnectionTunnelOptionIkeConfig: IKE configuration information for the IPsec connection.
ipsec_config GetVpnConnectionTunnelOptionIpsecConfig: Information about the IPsec configuration in the IPsec connection.
nat_traversal bool: Whether to enable NAT traversal
role str: The role of the tunnel.
tunnel_bgp_info GetVpnConnectionTunnelOptionTunnelBgpInfo: BGP session information.
tunnel_id str: Tunnel ID of the IPsec connection.

connectStatus String: IPsec tunnel status. ikesanegotiationfailed: Phase one negotiation failed; nikesanegotiationcompleted: Phase one negotiation succeeded; nipsecsanegotiationfailed: Phase two negotiation failed; nipsecsanegotiationcompleted: Phase two negotiation succeeded.
customerGatewayId String: ID of the customer gateway associated with the IPsec connection.
dpdAction String: Status of the DPD feature.
ikeConfig Property Map: IKE configuration information for the IPsec connection.
ipsecConfig Property Map: Information about the IPsec configuration in the IPsec connection.
natTraversal Boolean: Whether to enable NAT traversal
role String: The role of the tunnel.
tunnelBgpInfo Property Map: BGP session information.
tunnelId String: Tunnel ID of the IPsec connection.

GetVpnConnectionTunnelOptionIkeConfig

AuthAlg string: Authentication algorithm for phase one.
DhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
EncAlg string: Encryption algorithm for phase 1 negotiation.
Lifetime int: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
LocalId string: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
Mode string: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
Psk string: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
RemoteId string: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
Version string: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

AuthAlg string: Authentication algorithm for phase one.
DhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
EncAlg string: Encryption algorithm for phase 1 negotiation.
Lifetime int: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
LocalId string: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
Mode string: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
Psk string: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
RemoteId string: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
Version string: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

authAlg String: Authentication algorithm for phase one.
dhGroup String: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
encAlg String: Encryption algorithm for phase 1 negotiation.
lifetime Integer: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
localId String: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
mode String: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
psk String: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
remoteId String: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
version String: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

authAlg string: Authentication algorithm for phase one.
dhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
encAlg string: Encryption algorithm for phase 1 negotiation.
lifetime number: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
localId string: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
mode string: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
psk string: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
remoteId string: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
version string: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

auth_alg str: Authentication algorithm for phase one.
dh_group str: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
enc_alg str: Encryption algorithm for phase 1 negotiation.
lifetime int: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
local_id str: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
mode str: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
psk str: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
remote_id str: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
version str: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

authAlg String: Authentication algorithm for phase one.
dhGroup String: DH (Diffie-Hellman) key exchange algorithm used in phase 1 negotiation. Valid values: group1, group2 (default), group5, group14
encAlg String: Encryption algorithm for phase 1 negotiation.
lifetime Number: Lifetime of the SA for phase 1 negotiation. After the lifetime is exceeded, negotiation restarts. Value range: 900~86400, unit: seconds. Default: 86400.
localId String: Identifier of the VPN gateway, used for phase 1 negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the current VPN gateway's egress IP address. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ; and digits are allowed.
mode String: Negotiation mode for phase 1. This parameter is required only when IkeConfig.Version is ikev1. Valid values: main (default), aggressive
psk String: Pre-shared key used for identity authentication between the VPN gateway and the user gateway in phase 1. Must not exceed 100 characters and can only contain uppercase and lowercase letters, special symbols ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and numbers.
remoteId String: Identifier of the customer gateway, used for phase one negotiation. Supports IP format and FQDN (Fully Qualified Domain Name) format. If not specified, defaults to the public IP address of the currently selected customer gateway. If you manually set it to FQDN format, it is recommended to set the negotiation mode to 'aggressive'. Maximum length is 100 characters. Only uppercase and lowercase letters, special characters ~ ` | ! @ # $ % ^ ( ) - _ + = [ ] { } \ , . / : ;, and digits are allowed.
version String: Version of the IKE key exchange protocol. Valid values: ikev1, ikev2 (default).

GetVpnConnectionTunnelOptionIpsecConfig

AuthAlg string: Authentication algorithm for phase 2 negotiation
DhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 2
EncAlg string: Encryption algorithm for phase 2 negotiation
Lifetime int: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

AuthAlg string: Authentication algorithm for phase 2 negotiation
DhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 2
EncAlg string: Encryption algorithm for phase 2 negotiation
Lifetime int: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

authAlg String: Authentication algorithm for phase 2 negotiation
dhGroup String: DH (Diffie-Hellman) key exchange algorithm used in phase 2
encAlg String: Encryption algorithm for phase 2 negotiation
lifetime Integer: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

authAlg string: Authentication algorithm for phase 2 negotiation
dhGroup string: DH (Diffie-Hellman) key exchange algorithm used in phase 2
encAlg string: Encryption algorithm for phase 2 negotiation
lifetime number: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

auth_alg str: Authentication algorithm for phase 2 negotiation
dh_group str: DH (Diffie-Hellman) key exchange algorithm used in phase 2
enc_alg str: Encryption algorithm for phase 2 negotiation
lifetime int: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

authAlg String: Authentication algorithm for phase 2 negotiation
dhGroup String: DH (Diffie-Hellman) key exchange algorithm used in phase 2
encAlg String: Encryption algorithm for phase 2 negotiation
lifetime Number: Lifetime of the SA for phase 2 negotiation. Negotiation will be re-initiated after the lifetime expires.

GetVpnConnectionTunnelOptionTunnelBgpInfo

EnableBgp bool: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
LocalAsn int: The ASN of the VPN gateway.
LocalBgpIp string: BGP address. Defaults to the first host address of TunnelOptions.N.BGPConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel CIDR block. If EnableTunnelsBgp is set to true, this parameter must be specified.
PeerAsn int: ASN of the customer gateway.
PeerBgpIp string: BGP peer IP, that is, the BGP address on the customer gateway side.
SessionStatus string: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
TunnelCidr string: The CIDR address range for the local and peer IPs of the BGP session. This range must be within the 169.254.0.0/16 subnet with a subnet mask length of 30. If EnableTunnelsBgp is set to true, this parameter must be provided.

EnableBgp bool: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
LocalAsn int: The ASN of the VPN gateway.
LocalBgpIp string: BGP address. Defaults to the first host address of TunnelOptions.N.BGPConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel CIDR block. If EnableTunnelsBgp is set to true, this parameter must be specified.
PeerAsn int: ASN of the customer gateway.
PeerBgpIp string: BGP peer IP, that is, the BGP address on the customer gateway side.
SessionStatus string: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
TunnelCidr string: The CIDR address range for the local and peer IPs of the BGP session. This range must be within the 169.254.0.0/16 subnet with a subnet mask length of 30. If EnableTunnelsBgp is set to true, this parameter must be provided.

enableBgp Boolean: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
localAsn Integer: The ASN of the VPN gateway.
localBgpIp String: BGP address. Defaults to the first host address of TunnelOptions.N.BGPConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel CIDR block. If EnableTunnelsBgp is set to true, this parameter must be specified.
peerAsn Integer: ASN of the customer gateway.
peerBgpIp String: BGP peer IP, that is, the BGP address on the customer gateway side.
sessionStatus String: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
tunnelCidr String: The CIDR address range for the local and peer IPs of the BGP session. This range must be within the 169.254.0.0/16 subnet with a subnet mask length of 30. If EnableTunnelsBgp is set to true, this parameter must be provided.

enableBgp boolean: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
localAsn number: The ASN of the VPN gateway.
localBgpIp string: BGP address. Defaults to the first host address of TunnelOptions.N.BGPConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel CIDR block. If EnableTunnelsBgp is set to true, this parameter must be specified.
peerAsn number: ASN of the customer gateway.
peerBgpIp string: BGP peer IP, that is, the BGP address on the customer gateway side.
sessionStatus string: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
tunnelCidr string: The CIDR address range for the local and peer IPs of the BGP session. This range must be within the 169.254.0.0/16 subnet with a subnet mask length of 30. If EnableTunnelsBgp is set to true, this parameter must be provided.

enable_bgp bool: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
local_asn int: The ASN of the VPN gateway.
local_bgp_ip str: BGP address. Defaults to the first host address of TunnelOptions.N.BGPConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel CIDR block. If EnableTunnelsBgp is set to true, this parameter must be specified.
peer_asn int: ASN of the customer gateway.
peer_bgp_ip str: BGP peer IP, that is, the BGP address on the customer gateway side.
session_status str: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
tunnel_cidr str: The CIDR address range for the local and peer IPs of the BGP session. This range must be within the 169.254.0.0/16 subnet with a subnet mask length of 30. If EnableTunnelsBgp is set to true, this parameter must be provided.

enableBgp Boolean: Enable dynamic route propagation. false (default): No, use static routing mode. true: Yes, use BGP routing mode.
localAsn Number: The ASN of the VPN gateway.
localBgpIp String: BGP address. Defaults to the first host address of TunnelOptions.N.BGPConfig.TunnelCidr. This address must be an IP address within the IPsec tunnel CIDR block. If EnableTunnelsBgp is set to true, this parameter must be specified.
peerAsn Number: ASN of the customer gateway.
peerBgpIp String: BGP peer IP, that is, the BGP address on the customer gateway side.
sessionStatus String: Status of the BGP connection. Up: BGP connection is normal. Down: BGP connection is not working.
tunnelCidr String: The CIDR address range for the local and peer IPs of the BGP session. This range must be within the 169.254.0.0/16 subnet with a subnet mask length of 30. If EnableTunnelsBgp is set to true, this parameter must be provided.

Package Details

Repository: volcenginecc volcengine/pulumi-volcenginecc
License: MPL-2.0
Notes: This Pulumi package is based on the volcenginecc Terraform Provider.

Viewing docs for volcenginecc v0.0.32
published on Thursday, Apr 23, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcenginecc

volcenginecc.vpn.getVpnConnection

On this page

On this page

Using getVpnConnection

getVpnConnection Result

Supporting Types

GetVpnConnectionBgpInfo

GetVpnConnectionHealthChecker

GetVpnConnectionIkeConfig

GetVpnConnectionIpsecConfig

GetVpnConnectionTag

GetVpnConnectionTunnelOption

GetVpnConnectionTunnelOptionIkeConfig

GetVpnConnectionTunnelOptionIpsecConfig

GetVpnConnectionTunnelOptionTunnelBgpInfo

Package Details

On this page

On this page