ALIYUN::VPC::SslVpnServer類型用於建立SSL-VPN服務端。
文法
{
"Type": "ALIYUN::VPC::SslVpnServer",
"Properties": {
"Name": String,
"Proto": String,
"ClientIpPool": String,
"Compress": Boolean,
"LocalSubnet": String,
"Cipher": String,
"VpnGatewayId": String,
"Port": Integer,
"EnableMultiFactorAuth": Boolean,
"IDaaSRegionId": String,
"IDaaSInstanceId": String,
"IDaaSApplicationId": String
}
}屬性
屬性名稱 | 類型 | 必須 | 允許更新 | 描述 | 約束 |
Name | String | 否 | 是 | SSL-VPN服務端的名稱。 | 長度為2~128個字元。必須以字母或中文開頭,可包含數字、點號(.)、底線(_)和虛線(-),但不能以http://或https://開頭。 |
Proto | String | 否 | 是 | SSL-VPN服務端所使用的協議。 | 取值:UDP、TCP。預設值:UDP。 |
ClientIpPool | String | 是 | 是 | 給用戶端虛擬網卡分配訪問地址的位址區段(不是指用戶端已有的內網網段)。 | 當用戶端通過SSL-VPN串連訪問本端時,VPN網關會從指定的用戶端網段中分配一個IP地址給用戶端使用。該網段不能與LocalSubnet位址區段衝突。 |
Compress | Boolean | 否 | 是 | 是否壓縮。 | 無。 |
LocalSubnet | String | 是 | 是 | 用戶端通過SSL-VPN串連要訪問的位址區段。 | 本端網段可以是VPC的網段、交換器的網段、通過專線和VPC互連的IDC的網段,以及雲端服務如RDS、OSS等的網段。 |
Cipher | String | 否 | 是 | SSL-VPN使用的密碼編譯演算法。 | 取值:AES-128-CBC、AES-192-CBC、AES-256-CBC、none。預設值:AES-128-CBC。 |
VpnGatewayId | String | 是 | 否 | VPN網關的ID。 | 無。 |
Port | Integer | 否 | 是 | SSL-VPN服務端所使用的連接埠。 | 預設值:1194。不能用使用以下連接埠:22、2222、22222、9000、9001、9002、7505、80、443、53、68、123、4510、4560、500、4500。 |
EnableMultiFactorAuth | Boolean | 否 | 是 | 是否開啟了雙因子認證。 | 取值:
|
IDaaSRegionId | String | 否 | 是 | IDaaS EIAM 執行個體所屬地區 ID。 | 無 |
IDaaSInstanceId | String | 否 | 是 | IDaaS EIAM 執行個體 ID。 | 無 |
IDaaSApplicationId | String | 否 | 是 | IDaaS 應用 ID。 | 無 |
傳回值
Fn::GetAtt
SslVpnServerId:SSL-VPN服務端的ID。
樣本
{
"ROSTemplateFormatVersion": "2015-09-01",
"Resources": {
"SslVpnServer": {
"Type": "ALIYUN::VPC::SslVpnServer",
"Properties": {
"Name": {
"Ref": "Name"
},
"Proto": {
"Ref": "Proto"
},
"ClientIpPool": {
"Ref": "ClientIpPool"
},
"Compress": {
"Ref": "Compress"
},
"Port": {
"Ref": "Port"
},
"Cipher": {
"Ref": "Cipher"
},
"VpnGatewayId": {
"Ref": "VpnGatewayId"
},
"LocalSubnet": {
"Ref": "LocalSubnet"
}
}
}
},
"Parameters": {
"Name": {
"MinLength": 2,
"Type": "String",
"Description": "The name of the SSL-VPN server. The length is 2-128 characters and must start with a letter or Chinese. It can contain numbers, periods (.), underscores (_), and dashes (-). But it can't start with http:// or https://.",
"MaxLength": 128
},
"Proto": {
"Default": "UDP",
"Type": "String",
"Description": "The protocol used by the SSL-VPN server. Allowed values: UDP (default) | TCP.",
"AllowedValues": [
"UDP",
"TCP"
]
},
"ClientIpPool": {
"Type": "String",
"Description": "It is the address segment that assigns the access address to the client virtual NIC. It does not refer to the existing intranet segment of the client. When the client accesses the local end through an SSL-VPN connection, the VPN gateway allocates an IP address to the client from the specified client network segment. The network segment cannot conflict with the LocalSubnet address segment."
},
"Compress": {
"Default": false,
"Type": "Boolean",
"Description": "Whether it is compressed.",
"AllowedValues": [
"True",
"true",
"False",
"false"
]
},
"Port": {
"Default": 1194,
"Type": "Number",
"Description": "The port used by the SSL-VPN server. The default value is 1194. Cannot use the following ports: 22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, 4500"
},
"Cipher": {
"Default": "AES-128-CBC",
"Type": "String",
"Description": "The encryption algorithm used by SSL-VPN. Value: AES-128-CBC (default) | AES-192-CBC | AES-256-CBC | none",
"AllowedValues": [
"AES-128-CBC",
"AES-192-CBC",
"AES-256-CBC",
"none"
]
},
"VpnGatewayId": {
"Type": "String",
"Description": "ID of the VPN gateway."
},
"LocalSubnet": {
"Type": "String",
"Description": "Is the address segment that the client wants to access through an SSL-VPN connection. The local network segment can be the network segment of the VPC, the network segment of the switch, the network segment of the IDC interconnected by the leased line and the VPC, and the network segment of the cloud service such as RDS/OSS."
}
},
"Outputs": {
"SslVpnServerId": {
"Description": "ID of the SSL-VPN server.",
"Value": {
"Fn::GetAtt": [
"SslVpnServer",
"SslVpnServerId"
]
}
}
}
}