vpc-20160428/core/Models/CreateVpnConnectionRequest.cs

// This file is auto-generated, don't edit it. Thanks. using System; using System.Collections.Generic; using System.IO; using Tea; namespace AlibabaCloud.SDK.Vpc20160428.Models { public class CreateVpnConnectionRequest : TeaModel { /// <summary> /// <para>Specifies whether to automatically configure routes. Valid values:</para> /// <list type="bullet"> /// <item><description>true (default)</description></item> /// <item><description>false</description></item> /// </list> /// /// Example: /// <para>true</para> /// </summary> [NameInMap("AutoConfigRoute")] [Validation(Required=false)] public bool? AutoConfigRoute { get; set; } /// <summary> /// <para>This parameter is supported if you create an IPsec-VPN connection in single-tunnel mode.</para> /// <para>BGP configuration:</para> /// <list type="bullet"> /// <item><description><para>BgpConfig.EnableBgp: specifies whether to enable BGP. Valid values: true and false (default).</para> /// </description></item> /// <item><description><para>BgpConfig.LocalAsn: the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104.</para> /// <para>You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format.</para> /// <para>For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.</para> /// </description></item> /// <item><description><para>BgpConfig.TunnelCidr: The CIDR block of the IPsec tunnel. The CIDR block must fall within 169.254.0.0/16 and the mask of the CIDR block must be 30 bits in length. The CIDR block cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, or 169.254.169.252/30.</para> /// <remarks> /// <para>The CIDR block of the IPsec tunnel for each IPsec-VPN connection on a VPN gateway must be unique.</para> /// </remarks> /// </description></item> /// <item><description><para>LocalBgpIp: the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.</para> /// </description></item> /// </list> /// <remarks> /// <list type="bullet"> /// <item><description>Before you add BGP configurations, we recommend that you learn about how BGP works and the limits. For more information, see <a href="https://help.aliyun.com/document_detail/2638220.html">Configure BGP dynamic routing</a>.</description></item> /// <item><description>We recommend that you use a private ASN to establish BGP connections to Alibaba Cloud. Refer to the relevant documentation for the private ASN range.</description></item> /// </list> /// </remarks> /// /// Example: /// <para>{"EnableBgp":"true","LocalAsn":"45104","TunnelCidr":"169.254.11.0/30","LocalBgpIp":"169.254.11.1"}</para> /// </summary> [NameInMap("BgpConfig")] [Validation(Required=false)] public string BgpConfig { get; set; } /// <summary> /// <para>The client token that is used to ensure the idempotence of the request.</para> /// <para>You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.</para> /// <remarks> /// <para>If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.</para> /// </remarks> /// /// Example: /// <para>02fb3da4-130e-11e9-8e44-001****</para> /// </summary> [NameInMap("ClientToken")] [Validation(Required=false)] public string ClientToken { get; set; } /// <summary> /// <para>When you create an IPsec-VPN connection in single-tunnel mode, this parameter is required.</para> /// <para>The ID of the customer gateway.</para> /// /// Example: /// <para>cgw-p0w2jemrcj5u61un8****</para> /// </summary> [NameInMap("CustomerGatewayId")] [Validation(Required=false)] public string CustomerGatewayId { get; set; } /// <summary> /// <para>Specifies whether to immediately start IPsec negotiations. Valid values:</para> /// <list type="bullet"> /// <item><description>true: immediately starts IPsec negotiations.</description></item> /// <item><description>false (default): starts IPsec negotiations when inbound traffic is detected.</description></item> /// </list> /// /// Example: /// <para>false</para> /// </summary> [NameInMap("EffectImmediately")] [Validation(Required=false)] public bool? EffectImmediately { get; set; } /// <summary> /// <para>This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.</para> /// <para>Specifies whether to enable the dead peer detection (DPD) feature. Valid values:</para> /// <list type="bullet"> /// <item><description>true (default) The initiator of the IPsec-VPN connection sends DPD packets to verify the existence and availability of the peer. If no feedback is received from the peer within a specified period of time, the connection fails. ISAKMP SAs and IPsec SAs are deleted. The IPsec tunnel is also deleted.</description></item> /// <item><description>false</description></item> /// </list> /// /// Example: /// <para>true</para> /// </summary> [NameInMap("EnableDpd")] [Validation(Required=false)] public bool? EnableDpd { get; set; } /// <summary> /// <para>This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.</para> /// <para>Specifies whether to enable NAT traversal. Valid values:</para> /// <list type="bullet"> /// <item><description>true (default) After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the VPN tunnel.</description></item> /// <item><description>false</description></item> /// </list> /// /// Example: /// <para>true</para> /// </summary> [NameInMap("EnableNatTraversal")] [Validation(Required=false)] public bool? EnableNatTraversal { get; set; } /// <summary> /// <para>This parameter is available if you create an IPsec-VPN connection in dual-tunnel mode.</para> /// <para>Specifies whether to enable the BGP feature for the tunnel. Valid values: true and false. Default value: false.</para> /// /// Example: /// <para>true</para> /// </summary> [NameInMap("EnableTunnelsBgp")] [Validation(Required=false)] public bool? EnableTunnelsBgp { get; set; } /// <summary> /// <para>This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.</para> /// <para>The health check configuration:</para> /// <list type="bullet"> /// <item><description>HealthCheckConfig.enable: specifies whether to enable health checks. Valid values: true and false. Default value: false.</description></item> /// <item><description>HealthCheckConfig.dip: the destination IP address configured for health checks.</description></item> /// <item><description>HealthCheckConfig.sip: the source IP address that is used for health checks.</description></item> /// <item><description>HealthCheckConfig.interval: the time interval of health check retries. Unit: seconds. Default value: 3.</description></item> /// <item><description>HealthCheckConfig.retry: the maximum number of health check retries. Default value: 3.</description></item> /// </list> /// /// Example: /// <para>{"enable":"true","dip":"192.168.10.1","sip":"10.10.1.1","interval":"3","retry":"3"}</para> /// </summary> [NameInMap("HealthCheckConfig")] [Validation(Required=false)] public string HealthCheckConfig { get; set; } /// <summary> /// <para>This parameter is supported if you create an IPsec-VPN connection in single-tunnel mode.</para> /// <para>The configurations of Phase 1 negotiations:</para> /// <list type="bullet"> /// <item><description><para>IkeConfig.Psk: the pre-shared key that is used for identity authentication between the VPN gateway and the on-premises data center.</para> /// <list type="bullet"> /// <item><description><para>The key cannot contain spaces. The key must be 1 to 100 characters in length, and can contain digits, letters, and the following special characters: <c>~!\\`@#$%^&*()_-+={}[]|;:\\",.<>/?</c></para> /// </description></item> /// <item><description><para>If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the <a href="https://help.aliyun.com/document_detail/2526951.html">DescribeVpnConnection</a> operation to query the pre-shared key that is automatically generated by the system.</para> /// <remarks> /// <para>The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.</para> /// </remarks> /// </description></item> /// </list> /// </description></item> /// <item><description><para>IkeConfig.IkeVersion: the version of the Internet Key Exchange (IKE) protocol. Valid values: ikev1 and ikev2. Default value: ikev1.</para> /// <para>Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and provides better support for scenarios with multiple CIDR blocks.</para> /// </description></item> /// <item><description><para>IkeConfig.IkeMode: the negotiation mode of IKE. Valid values: main and aggressive. Default value: main.</para> /// <list type="bullet"> /// <item><description>main: This mode offers higher security during negotiations.</description></item> /// <item><description>aggressive: This mode is faster and has a higher success rate.</description></item> /// </list> /// </description></item> /// <item><description><para>IkeConfig.IkeEncAlg: the encryption algorithm that is used in Phase 1 negotiations.</para> /// <para>Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.</para> /// </description></item> /// <item><description><para>IkeConfig.IkeAuthAlg: the authentication algorithm that is used in Phase 1 negotiations.</para> /// <para>Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.</para> /// </description></item> /// <item><description><para>IkeConfig.IkePfs: the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14. Default value: group2.</para> /// </description></item> /// <item><description><para>IkeConfig.IkeLifetime: the SA lifetime as a result of Phase 1 negotiations. Unit: seconds Valid values: 0 to 86400. Default value: 86400.</para> /// </description></item> /// <item><description><para>IkeConfig.LocalId: the identifier of the VPN gateway. It can be up to 100 characters in length and cannot contain space characters. The default value is the IP address of the VPN gateway.</para> /// </description></item> /// <item><description><para>IkeConfig.RemoteId: the identifier of the customer gateway. It can be up to 100 characters in length and cannot contain space characters. The default value is the IP address of the customer gateway.</para> /// </description></item> /// </list> /// /// Example: /// <para>{"Psk":"1234****","IkeVersion":"ikev1","IkeMode":"main","IkeEncAlg":"aes","IkeAuthAlg":"sha1","IkePfs":"group2","IkeLifetime":86400,"LocalId":"47.XX.XX.1","RemoteId":"47.XX.XX.2"}</para> /// </summary> [NameInMap("IkeConfig")] [Validation(Required=false)] public string IkeConfig { get; set; } /// <summary> /// <para>This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.</para> /// <para>The configurations of Phase 2 negotiations:</para> /// <list type="bullet"> /// <item><description><para>IpsecConfig.IpsecEncAlg: the encryption algorithm that is used in Phase 2 negotiations.</para> /// <para>Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.</para> /// </description></item> /// <item><description><para>IpsecConfig. IpsecAuthAlg: the authentication algorithm that is used in Phase 2 negotiations.</para> /// <para>Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.</para> /// </description></item> /// <item><description><para>IpsecConfig. IpsecPfs: the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: disabled, group1, group2, group5, and group14. Default value: group2.</para> /// </description></item> /// <item><description><para>IpsecConfig. IpsecLifetime: the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.</para> /// </description></item> /// </list> /// /// Example: /// <para>{"IpsecEncAlg":"aes","IpsecAuthAlg":"sha1","IpsecPfs":"group2","IpsecLifetime":86400}</para> /// </summary> [NameInMap("IpsecConfig")] [Validation(Required=false)] public string IpsecConfig { get; set; } /// <summary> /// <para>The CIDR block of the virtual private cloud (VPC) that needs to communicate with the on-premises database. The CIDR block is used in Phase 2 negotiations.</para> /// <para>Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.</para> /// <para>The following routing modes are supported:</para> /// <list type="bullet"> /// <item><description>If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.</description></item> /// <item><description>If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.</description></item> /// </list> /// <para>This parameter is required.</para> /// /// Example: /// <para>10.10.1.0/24,10.10.2.0/24</para> /// </summary> [NameInMap("LocalSubnet")] [Validation(Required=false)] public string LocalSubnet { get; set; } /// <summary> /// <para>The name of the IPsec-VPN connection.</para> /// <para>The name must be 1 to 100 characters in length and cannot start with <c>http://</c> or <c>https://</c>.</para> /// /// Example: /// <para>IPsec</para> /// </summary> [NameInMap("Name")] [Validation(Required=false)] public string Name { get; set; } [NameInMap("OwnerAccount")] [Validation(Required=false)] public string OwnerAccount { get; set; } [NameInMap("OwnerId")] [Validation(Required=false)] public long? OwnerId { get; set; } /// <summary> /// <para>The ID of the region where the IPsec-VPN connection is created. You can call the <a href="https://help.aliyun.com/document_detail/36063.html">DescribeRegions</a> operation to query the most recent region list.</para> /// <para>This parameter is required.</para> /// /// Example: /// <para>cn-shanghai</para> /// </summary> [NameInMap("RegionId")] [Validation(Required=false)] public string RegionId { get; set; } /// <summary> /// <para>This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.</para> /// <para>The certificate authority (CA) certificate. If the VPN gateway is of the ShangMi (SM) type, you need to configure a CA certificate for the peer gateway device.</para> /// <list type="bullet"> /// <item><description>If an SM VPN gateway is used to create the IPsec-VPN connection, this parameter is required.</description></item> /// <item><description>If a standard VPN gateway is used to create the IPsec-VPN connection, leave this parameter empty.</description></item> /// </list> /// /// Example: /// <para>-----BEGIN CERTIFICATE----- MIIB7zCCAZW**** -----END CERTIFICATE-----</para> /// </summary> [NameInMap("RemoteCaCertificate")] [Validation(Required=false)] public string RemoteCaCertificate { get; set; } /// <summary> /// <para>The CIDR block of the on-premises database that needs to communicate with the VPC. The CIDR block is used in Phase 2 negotiations.</para> /// <para>Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.</para> /// <para>The following routing modes are supported:</para> /// <list type="bullet"> /// <item><description>If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.</description></item> /// <item><description>If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.</description></item> /// </list> /// <para>This parameter is required.</para> /// /// Example: /// <para>10.10.3.0/24,10.10.4.0/24</para> /// </summary> [NameInMap("RemoteSubnet")] [Validation(Required=false)] public string RemoteSubnet { get; set; } [NameInMap("ResourceOwnerAccount")] [Validation(Required=false)] public string ResourceOwnerAccount { get; set; } [NameInMap("ResourceOwnerId")] [Validation(Required=false)] public long? ResourceOwnerId { get; set; } /// <summary> /// <para>The tag value.</para> /// <para>The tag value can be an empty string and cannot exceed 128 characters in length. It cannot start with <c>aliyun</c> or <c>acs:</c>, and cannot contain <c>http://</c> or <c>https://</c>.</para> /// <para>Each tag key corresponds to one tag value. You can specify up to 20 tag values in each call.</para> /// </summary> [NameInMap("Tags")] [Validation(Required=false)] public List<CreateVpnConnectionRequestTags> Tags { get; set; } public class CreateVpnConnectionRequestTags : TeaModel { /// <summary> /// <para>The tag key. The tag key cannot be an empty string.</para> /// <para>It can be at most 64 characters in length, and cannot contain <c>http://</c> or <c>https://</c>. It cannot start with <c>aliyun</c> or <c>acs:</c>.</para> /// <para>You can specify at most 20 tag keys in each call.</para> /// /// Example: /// <para>TagKey</para> /// </summary> [NameInMap("Key")] [Validation(Required=false)] public string Key { get; set; } /// <summary> /// <para>The tag value.</para> /// <para>The tag value can be an empty string and cannot exceed 128 characters in length. It cannot start with <c>aliyun</c> or <c>acs:</c>, and cannot contain <c>http://</c> or <c>https://</c>.</para> /// <para>Each tag key corresponds to one tag value. You can specify at most 20 tag values in each call.</para> /// /// Example: /// <para>TagValue</para> /// </summary> [NameInMap("Value")] [Validation(Required=false)] public string Value { get; set; } } /// <summary> /// <para>The tunnel configurations.</para> /// <list type="bullet"> /// <item><description>You can specify parameters in the TunnelOptionsSpecification array when you create an IPsec-VPN connection in dual tunnel mode.</description></item> /// <item><description>When you create an IPsec-VPN connection in dual tunnel mode, you must add configurations of the active and standby tunnels for the IPsec-VPN connection. Each IPsec-VPN connection supports only one active tunnel and one standby tunnel.</description></item> /// </list> /// /// if can be null: /// <c>true</c> /// </summary> [NameInMap("TunnelOptionsSpecification")] [Validation(Required=false)] public List<CreateVpnConnectionRequestTunnelOptionsSpecification> TunnelOptionsSpecification { get; set; } public class CreateVpnConnectionRequestTunnelOptionsSpecification : TeaModel { /// <summary> /// <para>The ID of the customer gateway that is associated with the tunnel.</para> /// <remarks> /// <list type="bullet"> /// <item><description>This parameter is required when you create an IPsec-VPN connection in dual-tunnel mode.</description></item> /// <item><description>You can specify parameters in the TunnelOptionsSpecification array when you create an IPsec-VPN connection in dual tunnel mode.</description></item> /// <item><description>When you create an IPsec-VPN connection in dual tunnel mode, you must add configurations of the active and standby tunnels for the IPsec-VPN connection. Each IPsec-VPN connection supports only one active tunnel and one standby tunnel.</description></item> /// </list> /// </remarks> /// /// Example: /// <para>cgw-p0wy363lucf1uyae8****</para> /// </summary> [NameInMap("CustomerGatewayId")] [Validation(Required=false)] public string CustomerGatewayId { get; set; } /// <summary> /// <para>Specifies whether to enable the Dead Peer Detection (DPD) feature for the tunnel. Valid values:</para> /// <list type="bullet"> /// <item><description>true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted. The security tunnel is also deleted.</description></item> /// <item><description>false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.</description></item> /// </list> /// /// Example: /// <para>true</para> /// </summary> [NameInMap("EnableDpd")] [Validation(Required=false)] public bool? EnableDpd { get; set; } /// <summary> /// <para>Specifies whether to enable NAT traversal for the tunnel. Valid values:</para> /// <list type="bullet"> /// <item><description>true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the IPsec-VPN tunnel.</description></item> /// <item><description>false: disables NAT traversal.</description></item> /// </list> /// /// Example: /// <para>true</para> /// </summary> [NameInMap("EnableNatTraversal")] [Validation(Required=false)] public bool? EnableNatTraversal { get; set; } /// <summary> /// <para>If the VPN gateway uses an SM certificate, you need to configure the CA certificate used by the IPsec peer.</para> /// <list type="bullet"> /// <item><description>If the VPN gateway uses an SM certificate, this parameter is required.</description></item> /// <item><description>If the VPN gateway does not use an SM certificate, leave this parameter empty.</description></item> /// </list> /// /// Example: /// <para>-----BEGIN CERTIFICATE----- MIIB7zCCAZW**** -----END CERTIFICATE-----</para> /// </summary> [NameInMap("RemoteCaCertificate")] [Validation(Required=false)] public string RemoteCaCertificate { get; set; } /// <summary> /// <para>The role of the tunnel. Valid values:</para> /// <list type="bullet"> /// <item><description>master: The tunnel is an active tunnel.</description></item> /// <item><description>slave: The tunnel is a standby tunnel.</description></item> /// </list> /// /// Example: /// <para>master</para> /// </summary> [NameInMap("Role")] [Validation(Required=false)] public string Role { get; set; } /// <summary> /// <para>The Border Gateway Protocol (BGP) configurations of the tunnel.</para> /// </summary> [NameInMap("TunnelBgpConfig")] [Validation(Required=false)] public CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelBgpConfig TunnelBgpConfig { get; set; } public class CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelBgpConfig : TeaModel { /// <summary> /// <para>The autonomous system number (ASN) of the tunnel on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104.</para> /// <remarks> /// <list type="bullet"> /// <item><description>If you set EnableTunnelsBgp to true, you must set this parameter.</description></item> /// <item><description>Before you add BGP configurations, we recommend that you learn about how BGP dynamic routing works and the limits. For more information, see <a href="https://help.aliyun.com/document_detail/2638220.html">Configure BGP dynamic routing</a>.</description></item> /// <item><description>We recommend that you use a private ASN to establish BGP connections to Alibaba Cloud. For information about the range of private ASNs, see the relevant documentation.</description></item> /// </list> /// </remarks> /// /// Example: /// <para>65530</para> /// </summary> [NameInMap("LocalAsn")] [Validation(Required=false)] public long? LocalAsn { get; set; } /// <summary> /// <para>The BGP IP address of the tunnel on the Alibaba Cloud side. The address is an IP address that falls within the BGP CIDR block.</para> /// /// Example: /// <para>169.254.10.1</para> /// </summary> [NameInMap("LocalBgpIp")] [Validation(Required=false)] public string LocalBgpIp { get; set; } /// <summary> /// <para>The BGP CIDR block of the tunnel. The CIDR block must fall within 169.254.0.0/16 and the mask of the CIDR block must be 30 bits in length. The CIDR block cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, or 169.254.169.252/30.</para> /// <remarks> /// <para> The BGP CIDR block of each tunnel must be unique on a VPN gateway.</para> /// </remarks> /// /// Example: /// <para>169.254.10.0/30</para> /// </summary> [NameInMap("TunnelCidr")] [Validation(Required=false)] public string TunnelCidr { get; set; } } /// <summary> /// <para>The configurations of Phase 1 negotiations.</para> /// </summary> [NameInMap("TunnelIkeConfig")] [Validation(Required=false)] public CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelIkeConfig TunnelIkeConfig { get; set; } public class CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelIkeConfig : TeaModel { /// <summary> /// <para>The authentication algorithm that is used in Phase 1 negotiations.</para> /// <para>Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.</para> /// /// Example: /// <para>md5</para> /// </summary> [NameInMap("IkeAuthAlg")] [Validation(Required=false)] public string IkeAuthAlg { get; set; } /// <summary> /// <para>The encryption algorithm that is used in Phase 1 negotiations.</para> /// <para>Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.</para> /// /// Example: /// <para>aes</para> /// </summary> [NameInMap("IkeEncAlg")] [Validation(Required=false)] public string IkeEncAlg { get; set; } /// <summary> /// <para>The SA lifetime as a result of Phase 1 negotiations. Unit: seconds</para> /// <para>Valid values: 0 to 86400. Default value: 86400.</para> /// /// Example: /// <para>86400</para> /// </summary> [NameInMap("IkeLifetime")] [Validation(Required=false)] public long? IkeLifetime { get; set; } /// <summary> /// <para>The negotiation mode of IKE. Valid values: main and aggressive. Default value: main.</para> /// <list type="bullet"> /// <item><description>main: This mode offers higher security during negotiations.</description></item> /// <item><description>aggressive: This mode is faster and has a higher success rate.</description></item> /// </list> /// /// Example: /// <para>main</para> /// </summary> [NameInMap("IkeMode")] [Validation(Required=false)] public string IkeMode { get; set; } /// <summary> /// <para>The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value: group2.\ /// Valid values: group1, group2, group5, and group14.</para> /// /// Example: /// <para>group2</para> /// </summary> [NameInMap("IkePfs")] [Validation(Required=false)] public string IkePfs { get; set; } /// <summary> /// <para>The version of the IKE protocol. Valid values: ikev1 and ikev2. Default value: ikev1.</para> /// <para>Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for scenarios with multiple CIDR blocks.</para> /// /// Example: /// <para>ikev1</para> /// </summary> [NameInMap("IkeVersion")] [Validation(Required=false)] public string IkeVersion { get; set; } /// <summary> /// <para>The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. The identifier cannot exceed 100 characters in length and cannot contain space characters. The default value is the IP address of the tunnel.</para> /// <para>LocalId supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to aggressive.</para> /// /// Example: /// <para>47.21.XX.XX</para> /// </summary> [NameInMap("LocalId")] [Validation(Required=false)] public string LocalId { get; set; } /// <summary> /// <para>The pre-shared key that is used for identity authentication between the tunnel and the tunnel peer.</para> /// <list type="bullet"> /// <item><description>The key cannot contain spaces. The key must be 1 to 100 characters in length, and can contain digits, letters, and the following special characters: <c>~!\\`@#$%^&*()_-+={}[]|;:\\",.<>/?</c></description></item> /// <item><description>If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the <a href="https://help.aliyun.com/document_detail/2526951.html">DescribeVpnConnection</a> operation to query the pre-shared key that is automatically generated by the system.</description></item> /// </list> /// <remarks> /// <para> The tunnel and the tunnel peer must use the same pre-shared key. Otherwise, the tunnel cannot be established.</para> /// </remarks> /// /// Example: /// <para>123456****</para> /// </summary> [NameInMap("Psk")] [Validation(Required=false)] public string Psk { get; set; } /// <summary> /// <para>The identifier of the tunnel peer, which is used in Phase 1 negotiations. The identifier cannot exceed 100 characters in length and cannot contain space characters. The default value is the IP address of the customer gateway that is associated with the tunnel.</para> /// <para>RemoteId supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to aggressive.</para> /// /// Example: /// <para>47.42.XX.XX</para> /// </summary> [NameInMap("RemoteId")] [Validation(Required=false)] public string RemoteId { get; set; } } /// <summary> /// <para>The configurations of Phase 2 negotiations.</para> /// </summary> [NameInMap("TunnelIpsecConfig")] [Validation(Required=false)] public CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelIpsecConfig TunnelIpsecConfig { get; set; } public class CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelIpsecConfig : TeaModel { /// <summary> /// <para>The authentication algorithm that is used in Phase 2 negotiations.</para> /// <para>Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.</para> /// /// Example: /// <para>md5</para> /// </summary> [NameInMap("IpsecAuthAlg")] [Validation(Required=false)] public string IpsecAuthAlg { get; set; } /// <summary> /// <para>The encryption algorithm that is used in Phase 2 negotiations.</para> /// <para>Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.</para> /// /// Example: /// <para>aes</para> /// </summary> [NameInMap("IpsecEncAlg")] [Validation(Required=false)] public string IpsecEncAlg { get; set; } /// <summary> /// <para>The SA lifetime as a result of Phase 2 negotiations. Unit: seconds</para> /// <para>Valid values: 0 to 86400. Default value: 86400.</para> /// /// Example: /// <para>86400</para> /// </summary> [NameInMap("IpsecLifetime")] [Validation(Required=false)] public long? IpsecLifetime { get; set; } /// <summary> /// <para>The Diffie-Hellman key exchange algorithm that is used in Phase 2 negotiations. Default value: group2.</para> /// <para>Valid values: disabled, group1, group2, group5, and group14.</para> /// /// Example: /// <para>group2</para> /// </summary> [NameInMap("IpsecPfs")] [Validation(Required=false)] public string IpsecPfs { get; set; } } } /// <summary> /// <para>The ID of the VPN gateway.</para> /// <para>This parameter is required.</para> /// /// Example: /// <para>vpn-bp1q8bgx4xnkm****</para> /// </summary> [NameInMap("VpnGatewayId")] [Validation(Required=false)] public string VpnGatewayId { get; set; } } }

vpc-20160428/core/Models/CreateVpnConnectionRequest.cs (166 lines of code) (raw):