Creates a VPN gateway.
Operation description
-
Before you create a VPN gateway, we recommend that you know more about the limits of VPN gateways. For more information, see the Limits section in the "Create and manage a VPN gateway" topic.
-
VPN gateways in some regions support only IPsec-VPN connections in dual-tunnel mode. If you call
CreateVpnGateway
in these regions, you must specify VSwitchId and DisasterRecoveryVSwitchId in addition to the required parameters. For more information about the regions and zones that support the IPsec-VPN connections in dual-tunnel mode, see IPsec-VPN connections support the dual-tunnel mode. -
CreateVpnGateway is an asynchronous operation. After you send a request to call this operation, the system returns a request ID and the endpoint service is being created in the backend. You can call DescribeVpnGateway to query the status of a VPN gateway.
- If the VPN gateway is in the provisioning state, the VPN gateway is being created.
- If the VPN gateway is in the active state, the VPN gateway is created.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action
policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resources
is used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
Operation | Access level | Resource type | Condition key | Associated operation |
---|---|---|---|---|
vpc:CreateVpnGateway | create | *VpnGateway acs:vpc:{#regionId}:{#accountId}:vpngateway/* |
| none |
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
RegionId | string | Yes | The region ID of the VPN gateway. You can call the DescribeRegions operation to query the most recent region list. | cn-hangzhou |
Name | string | No | The name of the VPN gateway. The default value is the ID of the VPN gateway. The name must be 2 to 100 characters in length and cannot start with | MYVPN |
VpcId | string | Yes | The ID of the virtual private cloud (VPC) where you want to create the VPN gateway. | vpc-bp1ub1yt9cvakoelj**** |
InstanceChargeType | string | No | The billing method of the VPN gateway. Set the value to POSTPAY, which specifies the pay-as-you-go billing method. | Example value for the Alibaba Cloud China site: PREPAY. Example value for the Alibaba Cloud International site: POSTPAY. |
Period | integer | No | The subscription duration. Unit: month. Valid values: 1 to 9, 12, 24, and 36. | 1 |
AutoPay | boolean | No | Specifies whether to enable automatic payment. Valid values:
Note
To create a VPN gateway, we recommend that you enable automatic payment. If you disable automatic payment, you must manually pay the bill to create the VPN gateway.
| false |
Bandwidth | integer | Yes | The maximum bandwidth of the VPN gateway. Unit: Mbit/s.
Note
The maximum bandwidth supported by VPN gateways in some regions is 500 Mbit/s. For more information, see VPN gateway limits.
| 5 |
EnableIpsec | boolean | No | Specifies whether to enable IPsec-VPN for the VPN gateway. Valid values:
| true |
EnableSsl | boolean | No | Specifies whether to enable SSL-VPN. Valid values:
| false |
SslConnections | integer | No | The maximum number of clients that can be connected at the same time. Valid values: 5 (default), 10, 20, 50, 100, 200, 500, and 1000. | 5 |
VSwitchId | string | No | The vSwitch with which you want to associate the VPN gateway.
| vsw-bp1j5miw2bae9s2vt**** |
VpnType | string | No | The type of the VPN gateway. Valid values: Set the value to Normal (default), which specifies a standard NAT gateway. | Normal |
ClientToken | string | No | The client token that is used to ensure the idempotence of the request. You can use the client to generate a value, and you must make sure that each request has a unique token value. The client token can contain only ASCII characters. Note
If you do not specify this parameter, the system automatically uses the value of RequestId as the value of ClientToken. The value of RequestId for each API request is different.
| 02fb3da4**** |
NetworkType | string | No | The network type of the VPN gateway. Valid values:
| public |
DisasterRecoveryVSwitchId | string | No | The second vSwitch with which you want to associate the VPN gateway.
For more information about the regions and zones that support the IPsec-VPN connections in dual-tunnel mode, see IPsec-VPN connections support the dual-tunnel mode. | vsw-p0wiz7obm0tbimu4r**** |
ResourceGroupId | string | No | The ID of the resource group to which the VPN gateway belongs.
| rg-acfmzs372yg**** |
Response parameters
Examples
Sample success responses
JSON
format
{
"VpnGatewayId": "vpn-uf68lxhgr7ftbqr3p****",
"RequestId": "EB2C156A-41F8-49CC-A756-D55AFC8BFD69",
"Name": "MYVPN",
"OrderId": 208240895400460
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidVpcId.NotFound | The specified VPC id does not exist in our records. | - |
400 | InvalidName | The specified value of Name not supported. | - |
400 | InvalidSpec.NotFound | The specified Spec does not exist in our records. | - |
400 | InvalidPeriod | The specified period is not valid | - |
400 | ChargeType.NotSupport | The specified charge type is not support. | - |
400 | InventoryNotEnough | The inventory is not enough. | - |
400 | UnnecessarySslConnection | The SSL connection is unnecessary for ssl vpn disabled. | - |
400 | InvalidVpnEnable | Either IPsec or SSL VPN must be set enable. | - |
400 | Resource.QuotaFull | The quota of resource is full | The resource quota is exhausted. |
400 | InvalidVSwitchId.NotFound | The specified vswitchId is not found. | - |
400 | OperationFailed.InventoryNotEnough | No enough available resource. Try another vswitch with different available zone. | - |
400 | Forbidden.OperateShareResource | Operating shared resources is forbidden. | - |
400 | OperationFailed.IpNotEnough | Operation failed because private ip address of the virtual switch is not enough. | - |
400 | Forbidden.NoSLRPermission | User not authorized to create service linked role. | - |
400 | OperationFailed.VSwitchConflict | The vswitch can't create vpn. Try another vswitch. | - |
400 | OperationFailed.AzNotSupport | Current available zone can't create vpn. Try another vswitch with different available zone. | - |
400 | OperationFailed.NetworkTypeNotMatch | Create NationalStandard vpn with private networkType is unsupported. | - |
400 | OperationFailed.SslNotSupport | Enable ssl vpn with private networkType is unsupported. | You cannot enable the SSL feature for a private VPN gateway. |
400 | Forbidden.TagKey.Duplicated | The specified tag key already exists. | The tag resources are duplicate. |
400 | SizeLimitExceeded.TagNum | The maximum number of tags is exceeded. | The number of tags has reached the upper limit. |
400 | InvalidParameter.TagValue | The specified parameter TagValue is invalid. | The error message returned because the specified tag value is invalid. |
400 | InvalidParameter.TagKey | The specified parameter TagKey is invalid. | The error message returned because the specified tag key is invalid. |
400 | Duplicated.TagKey | The specified parameter TagKey is duplicated. | The error message returned because the specified tag key already exists. |
400 | InternalError | The request processing has failed due to some unknown error, exception or failure. | An internal error occurred. |
400 | InvalidVSwitchId.SecondVswitchNotSupport | The available zone of vswitch2 not supported. | The zone of the secondary vSwitch does not support the feature. |
400 | Resource.QuotaFull | The resources you are operating have reached the upper limit of the quota. Please increase the quota or use other solutions to avoid it according to the VPN operation document. | The resources you are operating have reached the upper limit of the quota. Please refer to the VPN operation document to increase the quota or use other schemes to avoid it. |
400 | InvalidVSwitchId.FirstVswitchNotSupport | The available zone of vswitch1 not supported. | The zone where the primary vSwitch is located is not supported. |
400 | InvalidVSwitchId.VswitchIdShouldDifferent | The VSwitch ids should be different. | The primary zone cannot be the same as the secondary zone. |
400 | InvalidVSwitchId.FirstVswitchIpNotEnough | The ip of vswitch1 not enough. | Insufficient number of available IPs in primary vSwitch. |
400 | InvalidVSwitchId.SecondVswitchIpNotEnough | The ip of vswitch2 not enough. | Insufficient IP addresses are available in the standby vSwitch. |
400 | InvalidVSwitchId.ZoneIdShouldDifferent | Two vSwitches should belong to different Availability Zones. | When you create a dual-tunnel VPN gateway, the two vSwitches that you specify must belong to different zones. |
404 | InvalidRegionId.NotFound | The specified region is not found during access authentication. | The specified area is not found during authentication. |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation |
---|---|---|
2024-06-18 | The Error code has changed | View Change Details |
2024-01-04 | The Error code has changed | View Change Details |
2023-10-19 | API Description Update. The API operation is not deprecated.. The Error code has changed. The request parameters of the API has changed | View Change Details |
2023-06-30 | The Error code has changed. The request parameters of the API has changed | View Change Details |
2023-05-04 | The Error code has changed | View Change Details |