All Products
Search
Document Center

Virtual Private Cloud:CreateVpnGateway

Last Updated:Dec 20, 2024

Creates a VPN gateway.

Operation description

  • Before you create a VPN gateway, we recommend that you know more about the limits of VPN gateways. For more information, see the Limits section in the "Create and manage a VPN gateway" topic.

  • VPN gateways in some regions support only IPsec-VPN connections in dual-tunnel mode. If you call CreateVpnGateway in these regions, you must specify VSwitchId and DisasterRecoveryVSwitchId in addition to the required parameters. For more information about the regions and zones that support the IPsec-VPN connections in dual-tunnel mode, see IPsec-VPN connections support the dual-tunnel mode.

  • CreateVpnGateway is an asynchronous operation. After you send a request to call this operation, the system returns a request ID and the endpoint service is being created in the backend. You can call DescribeVpnGateway to query the status of a VPN gateway.

    • If the VPN gateway is in the provisioning state, the VPN gateway is being created.
    • If the VPN gateway is in the active state, the VPN gateway is created.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
vpc:CreateVpnGatewaycreate
*VpnGateway
acs:vpc:{#regionId}:{#accountId}:vpngateway/*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
RegionIdstringYes

The region ID of the VPN gateway. You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou
NamestringNo

The name of the VPN gateway. The default value is the ID of the VPN gateway.

The name must be 2 to 100 characters in length and cannot start with http:// or https://. It must start with a letter and can contain letters, digits, underscores (_), hyphens (-), and periods (.). Other special characters are not supported.

MYVPN
VpcIdstringYes

The ID of the virtual private cloud (VPC) where you want to create the VPN gateway.

vpc-bp1ub1yt9cvakoelj****
InstanceChargeTypestringNo

The billing method of the VPN gateway. Set the value to POSTPAY, which specifies the pay-as-you-go billing method.

Example value for the Alibaba Cloud China site: PREPAY. Example value for the Alibaba Cloud International site: POSTPAY.
PeriodintegerNo

The subscription duration. Unit: month. Valid values: 1 to 9, 12, 24, and 36.

1
AutoPaybooleanNo

Specifies whether to enable automatic payment. Valid values:

  • true
  • false (default)
Note To create a VPN gateway, we recommend that you enable automatic payment. If you disable automatic payment, you must manually pay the bill to create the VPN gateway.
false
BandwidthintegerYes

The maximum bandwidth of the VPN gateway. Unit: Mbit/s.

  • If you want to create a public VPN gateway, valid values are 10, 100, 200, 500, and 1000.
  • If you want to create a private VPN gateway, valid values are 200 and 1000.
Note The maximum bandwidth supported by VPN gateways in some regions is 500 Mbit/s. For more information, see VPN gateway limits.
5
EnableIpsecbooleanNo

Specifies whether to enable IPsec-VPN for the VPN gateway. Valid values:

  • true (default)
  • false
true
EnableSslbooleanNo

Specifies whether to enable SSL-VPN. Valid values:

  • true
  • false (default)
false
SslConnectionsintegerNo

The maximum number of clients that can be connected at the same time. Valid values: 5 (default), 10, 20, 50, 100, 200, 500, and 1000.

5
VSwitchIdstringNo

The vSwitch with which you want to associate the VPN gateway.

  • If you call this operation in a region that supports the IPsec-VPN connections in dual-tunnel mode, this parameter is required. You must specify a vSwitch and specify DisasterRecoveryVSwitchId.
  • If you call this operation in a region that supports the IPsec-VPN connections in single-tunnel mode and do not specify a vSwitch, the system automatically specifies a vSwitch.
vsw-bp1j5miw2bae9s2vt****
VpnTypestringNo

The type of the VPN gateway. Valid values:

Set the value to Normal (default), which specifies a standard NAT gateway.

Normal
ClientTokenstringNo

The client token that is used to ensure the idempotence of the request.

You can use the client to generate a value, and you must make sure that each request has a unique token value. The client token can contain only ASCII characters.

Note If you do not specify this parameter, the system automatically uses the value of RequestId as the value of ClientToken. The value of RequestId for each API request is different.
02fb3da4****
NetworkTypestringNo

The network type of the VPN gateway. Valid values:

  • public (default)
  • private
public
DisasterRecoveryVSwitchIdstringNo

The second vSwitch with which you want to associate the VPN gateway.

  • If you call this operation in a region that supports the IPsec-VPN connections in dual-tunnel mode, this parameter is required.
  • You need to specify two vSwitches in different zones in the virtual private cloud (VPC) that is associated with the VPN gateway to implement disaster recovery across zones.
  • For a region that supports only one zone, disaster recovery across zones is not supported. We recommend that you specify two vSwitches in the zone to implement high availability. You can specify the same vSwitch.

For more information about the regions and zones that support the IPsec-VPN connections in dual-tunnel mode, see IPsec-VPN connections support the dual-tunnel mode.

vsw-p0wiz7obm0tbimu4r****
ResourceGroupIdstringNo

The ID of the resource group to which the VPN gateway belongs.

  • You can call the ListResourceGroups operation to query resource group IDs.

  • If you do not specify a resource group ID, the VPN gateway belongs to the default resource group.

  • After the VPN gateway is created, the following resources also belong to the resource group and you cannot change the resource group: SSL servers, SSL client certificates, IPsec servers, and IPsec-VPN connections.

    If you move the VPN gateway to a new resource group, the preceding resources are also moved to the new resource group.

rg-acfmzs372yg****

Response parameters

ParameterTypeDescriptionExample
object

The returned data.

VpnGatewayIdstring

The ID of the VPN gateway.

vpn-uf68lxhgr7ftbqr3p****
RequestIdstring

The request ID.

EB2C156A-41F8-49CC-A756-D55AFC8BFD69
Namestring

The name of the VPN gateway.

MYVPN
OrderIdlong

The order ID.

If automatic payment is disabled, you must manually complete the payment for the VPN gateway in the Alibaba Cloud Management console.

208240895400460

Examples

Sample success responses

JSONformat

{
  "VpnGatewayId": "vpn-uf68lxhgr7ftbqr3p****",
  "RequestId": "EB2C156A-41F8-49CC-A756-D55AFC8BFD69",
  "Name": "MYVPN",
  "OrderId": 208240895400460
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidVpcId.NotFoundThe specified VPC id does not exist in our records.-
400InvalidNameThe specified value of Name not supported.-
400InvalidSpec.NotFoundThe specified Spec does not exist in our records.-
400InvalidPeriodThe specified period is not valid-
400ChargeType.NotSupportThe specified charge type is not support.-
400InventoryNotEnoughThe inventory is not enough.-
400UnnecessarySslConnectionThe SSL connection is unnecessary for ssl vpn disabled.-
400InvalidVpnEnableEither IPsec or SSL VPN must be set enable.-
400Resource.QuotaFullThe quota of resource is fullThe resource quota is exhausted.
400InvalidVSwitchId.NotFoundThe specified vswitchId is not found.-
400OperationFailed.InventoryNotEnoughNo enough available resource. Try another vswitch with different available zone.-
400Forbidden.OperateShareResourceOperating shared resources is forbidden.-
400OperationFailed.IpNotEnoughOperation failed because private ip address of the virtual switch is not enough.-
400Forbidden.NoSLRPermissionUser not authorized to create service linked role.-
400OperationFailed.VSwitchConflictThe vswitch can't create vpn. Try another vswitch.-
400OperationFailed.AzNotSupportCurrent available zone can't create vpn. Try another vswitch with different available zone.-
400OperationFailed.NetworkTypeNotMatchCreate NationalStandard vpn with private networkType is unsupported.-
400OperationFailed.SslNotSupportEnable ssl vpn with private networkType is unsupported.You cannot enable the SSL feature for a private VPN gateway.
400Forbidden.TagKey.DuplicatedThe specified tag key already exists.The tag resources are duplicate.
400SizeLimitExceeded.TagNumThe maximum number of tags is exceeded.The number of tags has reached the upper limit.
400InvalidParameter.TagValueThe specified parameter TagValue is invalid.The error message returned because the specified tag value is invalid.
400InvalidParameter.TagKeyThe specified parameter TagKey is invalid.The error message returned because the specified tag key is invalid.
400Duplicated.TagKeyThe specified parameter TagKey is duplicated.The error message returned because the specified tag key already exists.
400InternalErrorThe request processing has failed due to some unknown error, exception or failure.An internal error occurred.
400InvalidVSwitchId.SecondVswitchNotSupportThe available zone of vswitch2 not supported.The zone of the secondary vSwitch does not support the feature.
400Resource.QuotaFullThe resources you are operating have reached the upper limit of the quota. Please increase the quota or use other solutions to avoid it according to the VPN operation document.The resources you are operating have reached the upper limit of the quota. Please refer to the VPN operation document to increase the quota or use other schemes to avoid it.
400InvalidVSwitchId.FirstVswitchNotSupportThe available zone of vswitch1 not supported.The zone where the primary vSwitch is located is not supported.
400InvalidVSwitchId.VswitchIdShouldDifferentThe VSwitch ids should be different.The primary zone cannot be the same as the secondary zone.
400InvalidVSwitchId.FirstVswitchIpNotEnoughThe ip of vswitch1 not enough.Insufficient number of available IPs in primary vSwitch.
400InvalidVSwitchId.SecondVswitchIpNotEnoughThe ip of vswitch2 not enough.Insufficient IP addresses are available in the standby vSwitch.
400InvalidVSwitchId.ZoneIdShouldDifferentTwo vSwitches should belong to different Availability Zones.When you create a dual-tunnel VPN gateway, the two vSwitches that you specify must belong to different zones.
404InvalidRegionId.NotFoundThe specified region is not found during access authentication.The specified area is not found during authentication.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-06-18The Error code has changedView Change Details
2024-01-04The Error code has changedView Change Details
2023-10-19API Description Update. The API operation is not deprecated.. The Error code has changed. The request parameters of the API has changedView Change Details
2023-06-30The Error code has changed. The request parameters of the API has changedView Change Details
2023-05-04The Error code has changedView Change Details