CreateVpnGateway -

Creates a VPN gateway.

Usage notes

Before you create a VPN gateway, we recommend that you understand its limits. For more information, see Limits on VPN gateways.
VPN gateways in some regions support only IPsec-VPN connections in dual-tunnel mode. When you call CreateVpnGateway in these regions, you must specify VSwitchId and DisasterRecoveryVSwitchId in addition to the required parameters. For more information about the regions and zones that support the dual-tunnel mode, see Upgrade a VPN gateway to enable the dual-tunnel mode.
CreateVpnGateway is asynchronous. After a request is sent, the system returns a request ID and runs the task in the background. You can call DescribeVpnGateway to query the status of the task.
- If the VPN gateway is in the provisioning state, the VPN gateway is being created.
- If the VPN gateway is in the active state, the VPN gateway is created.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter	Type	Required	Example	Description
Action	String	Yes	CreateVpnGateway	The operation that you want to perform. Set the value to CreateVpnGateway.
RegionId	String	Yes	cn-hangzhou	The region ID of the VPN gateway. You can call the DescribeRegions operation to query the most recent region list.
Name	String	No	MYVPN	The name of the VPN gateway. The default value is the ID of the VPN gateway. The name must be 2 to 100 characters in length and cannot start with `http://` or `https://`. It must start with a letter and can contain letters, digits, underscores (_), hyphens (-), and periods (.). Other special characters are not supported.
VpcId	String	Yes	vpc-bp1ub1yt9cvakoelj****	The ID of the virtual private cloud (VPC) where you want to create the VPN gateway.
InstanceChargeType	String	No	Example value for the Alibaba Cloud China site: PREPAY. Example value for the Alibaba Cloud International site: POSTPAY.	The billing method of the VPN gateway. Set the value to POSTPAY, which specifies the pay-as-you-go billing method.
Period	Integer	No	1	The subscription duration. Unit: months. Valid values: 1 to 9, 12, 24, and 36.
AutoPay	Boolean	No	false	Specifies whether to enable automatic payment for the VPN gateway. Valid values: true false (default)
Bandwidth	Integer	Yes	5	The maximum bandwidth of the VPN gateway. Unit: Mbit/s. If you want to create a public VPN gateway, valid values are 10, 100, 200, 500, and 1000. If you want to create a private VPN gateway, valid values are 200 and 1000. Note In some regions, the maximum bandwidth supported by a VPN gateway is 200 Mbit/s. For more information, see Limits on VPN gateways.
EnableIpsec	Boolean	No	true	Specifies whether to enable the IPsec-VPN feature. Valid values: true (default) false
EnableSsl	Boolean	No	false	Specifies whether to enable the SSL-VPN feature for the VPN gateway. Valid values: true false (default)
SslConnections	Integer	No	5	The maximum number of clients that can be connected at the same time. Valid values: 5 (default), 10, 20, 50, 100, 200, 500, and 1000.
VSwitchId	String	No	vsw-bp1j5miw2bae9s2vt****	The vSwitch with which you want to associate the VPN gateway. If you call this operation in a region that supports the dual-tunnel mode, this parameter is required. You must specify a vSwitch and specify DisasterRecoveryVSwitchId. If you call this operation in a region that supports the single-tunnel mode and do not specify a vSwitch, the system automatically specifies a vSwitch.
VpnType	String	No	Normal	The type of the VPN gateway. Valid values: Normal (default)
ClientToken	String	No	02fb3da4****	The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
NetworkType	String	No	public	The network type of the VPN gateway. Valid values: public (default) private
DisasterRecoveryVSwitchId	String	No	vsw-p0wiz7obm0tbimu4r****	The second vSwitch with which you want to associate the VPN gateway. If you call this operation in a region that supports the dual-tunnel mode, this parameter is required. You need to specify two vSwitches in different zones from the VPC associated with the VPN gateway to implement disaster recovery across zones. For a region that supports only one zone, disaster recovery across zones is not supported. We recommend that you specify two vSwitches in the zone to implement high availability. You can specify the same vSwitch. For more information about the regions and zones that support the dual-tunnel mode, see Upgrade a VPN gateway to enable the dual-tunnel mode.

Response parameters

Parameter	Type	Example	Description
VpnGatewayId	String	vpn-uf68lxhgr7ftbqr3p****	The ID of the VPN gateway.
RequestId	String	EB2C156A-41F8-49CC-A756-D55AFC8BFD69	The request ID.
Name	String	MYVPN	The name of the VPN gateway.
OrderId	Long	208240895400460	The order ID. If automatic payment is disabled, you must manually complete the payment for the VPN gateway in the Alibaba Cloud Management console.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateVpnGateway
&RegionId=cn-hangzhou
&Name=MYVPN
&VpcId=vpc-bp1ub1yt9cvakoelj****
&InstanceChargeType=PREPAY
&Period=1
&AutoPay=false
&Bandwidth=5
&EnableIpsec=true
&EnableSsl=true
&SslConnections=5
&VSwitchId=vsw-bp1j5miw2bae9s2vt****
&VpnType=Normal
&ClientToken=02fb3da4****
&NetworkType=public
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateVpnGatewayResponse>
    <VpnGatewayId>vpn-uf68lxhgr7ftbqr3p****</VpnGatewayId>
    <RequestId>EB2C156A-41F8-49CC-A756-D55AFC8BFD69</RequestId>
    <Name>MYVPN</Name>
    <OrderId>208240895400460</OrderId>
</CreateVpnGatewayResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "VpnGatewayId" : "vpn-uf68lxhgr7ftbqr3p****",
  "RequestId" : "EB2C156A-41F8-49CC-A756-D55AFC8BFD69",
  "Name" : "MYVPN",
  "OrderId" : 208240895400460
}

Error codes

HttpCode	Error code	Error message	Description
400	Resource.QuotaFull	The quota of resource is full	The resource quota is exhausted.
400	OperationFailed.SslNotSupport	Enable ssl vpn with private networkType is unsupported.	You cannot enable the SSL feature for a private VPN gateway.
400	Forbidden.TagKey.Duplicated	The specified tag key already exists.	The tag resources are duplicate.
400	SizeLimitExceeded.TagNum	The maximum number of tags is exceeded.	The number of tags has reached the upper limit.
400	InvalidParameter.TagValue	The specified parameter TagValue is invalid.	The specified tag value is invalid.
400	InvalidParameter.TagKey	The specified parameter TagKey is invalid.	The specified tag key is invalid.
400	Duplicated.TagKey	The specified parameter TagKey is duplicated.	The specified tag key already exists.
400	InternalError	The request processing has failed due to some unknown error, exception or failure.	An internal error has occurred.
404	InvalidRegionId.NotFound	The specified region is not found during access authentication.	The specified area is not found during authentication.

For a list of error codes, see Service error codes.