public static final class CreateVpnConnectionRequest.Builder extends Object
| 限定符和类型 | 方法和说明 |
|---|---|
CreateVpnConnectionRequest.Builder |
autoConfigRoute(Boolean autoConfigRoute)
Specifies whether to automatically configure routes.
|
CreateVpnConnectionRequest.Builder |
bgpConfig(String bgpConfig)
This parameter is supported when you create an IPsec-VPN connection in single-tunnel mode.
|
CreateVpnConnectionRequest |
build() |
CreateVpnConnectionRequest.Builder |
clientToken(String clientToken)
The client token that is used to ensure the idempotence of the request.
|
CreateVpnConnectionRequest.Builder |
customerGatewayId(String customerGatewayId)
When you create an IPsec-VPN connection in single-tunnel mode, this parameter is required.
|
CreateVpnConnectionRequest.Builder |
effectImmediately(Boolean effectImmediately)
Specifies whether to immediately start IPsec negotiations.
|
CreateVpnConnectionRequest.Builder |
enableDpd(Boolean enableDpd)
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
CreateVpnConnectionRequest.Builder |
enableNatTraversal(Boolean enableNatTraversal)
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
CreateVpnConnectionRequest.Builder |
enableTunnelsBgp(Boolean enableTunnelsBgp)
This parameter is available if you create an IPsec-VPN connection in dual-tunnel mode.
|
CreateVpnConnectionRequest.Builder |
healthCheckConfig(String healthCheckConfig)
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
CreateVpnConnectionRequest.Builder |
ikeConfig(String ikeConfig)
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
CreateVpnConnectionRequest.Builder |
ipsecConfig(String ipsecConfig)
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
CreateVpnConnectionRequest.Builder |
localSubnet(String localSubnet)
The CIDR block of the virtual private cloud (VPC) that needs to communicate with the on-premises database.
|
CreateVpnConnectionRequest.Builder |
name(String name)
The name of the IPsec-VPN connection.
|
CreateVpnConnectionRequest.Builder |
ownerAccount(String ownerAccount)
OwnerAccount.
|
CreateVpnConnectionRequest.Builder |
ownerId(Long ownerId)
OwnerId.
|
CreateVpnConnectionRequest.Builder |
regionId(String regionId)
The ID of the region where the IPsec-VPN connection is created.
|
CreateVpnConnectionRequest.Builder |
remoteCaCertificate(String remoteCaCertificate)
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
CreateVpnConnectionRequest.Builder |
remoteSubnet(String remoteSubnet)
The CIDR block of the on-premises database that needs to communicate with the VPC.
|
CreateVpnConnectionRequest.Builder |
resourceOwnerAccount(String resourceOwnerAccount)
ResourceOwnerAccount.
|
CreateVpnConnectionRequest.Builder |
resourceOwnerId(Long resourceOwnerId)
ResourceOwnerId.
|
CreateVpnConnectionRequest.Builder |
tags(List<CreateVpnConnectionRequest.Tags> tags)
The tag value.
|
CreateVpnConnectionRequest.Builder |
tunnelOptionsSpecification(List<CreateVpnConnectionRequest.TunnelOptionsSpecification> tunnelOptionsSpecification)
The tunnel configurations.
|
CreateVpnConnectionRequest.Builder |
vpnGatewayId(String vpnGatewayId)
The ID of the VPN gateway.
|
public CreateVpnConnectionRequest.Builder autoConfigRoute(Boolean autoConfigRoute)
* **true** (default) * **false**
public CreateVpnConnectionRequest.Builder bgpConfig(String bgpConfig)
BGP configuration: * **BgpConfig.EnableBgp**: specifies whether to enable BGP. Valid values: **true** and **false** (default). * **BgpConfig.LocalAsn:** the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: **1** to **4294967295**. Default value: **45104**. You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format. For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384. * **BgpConfig.TunnelCidr**: The CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16 and the subnet mask is 30 bits in length. >The CIDR block of the IPsec tunnel for each IPsec-VPN connection on a VPN gateway must be unique. * **LocalBgpIp**: the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel. > * Before you add BGP configurations, we recommend that you learn about how BGP works and the limits. For more information, see [VPN Gateway supports BGP dynamic routing](~~170235~~). > * We recommend that you use private ASN to establish BGP connections to Alibaba Cloud. Refer to the relevant documentation for the private ASN range.
public CreateVpnConnectionRequest.Builder clientToken(String clientToken)
You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters. > If you do not specify this parameter, the system automatically uses the **request ID** as the **client token**. The **request ID** may be different for each request.
public CreateVpnConnectionRequest.Builder customerGatewayId(String customerGatewayId)
The ID of the customer gateway.
public CreateVpnConnectionRequest.Builder effectImmediately(Boolean effectImmediately)
* **true**: immediately starts IPsec negotiations. * **false** (default): starts IPsec negotiations when inbound traffic is detected.
public CreateVpnConnectionRequest.Builder enableDpd(Boolean enableDpd)
Specifies whether to enable the dead peer detection (DPD) feature. Valid values: * **true** (default) The initiator of the IPsec-VPN connection sends DPD packets to verify the existence and availability of the peer. If no feedback is received from the peer within a specified period of time, the connection fails. ISAKMP SAs and IPsec SAs are deleted. The IPsec tunnel is also deleted. * **false**
public CreateVpnConnectionRequest.Builder enableNatTraversal(Boolean enableNatTraversal)
Specifies whether to enable NAT traversal. Valid values: * **true** (default) After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the VPN tunnel. * **false**
public CreateVpnConnectionRequest.Builder enableTunnelsBgp(Boolean enableTunnelsBgp)
Specifies whether to enable the BGP feature for the tunnel. Valid values: **true** and **false**. Default value: false.
public CreateVpnConnectionRequest.Builder healthCheckConfig(String healthCheckConfig)
The health check configuration: * **HealthCheckConfig.enable**: specifies whether to enable health checks. Valid values: **true** and **false**. Default value: false. * **HealthCheckConfig.dip**: the destination IP address configured for health checks. * **HealthCheckConfig.sip:** the source IP address that is used for health checks. * **HealthCheckConfig.interval**: the time interval of health check retries. Unit: seconds. Default value: **3**. * **HealthCheckConfig.retry**: the maximum number of health check retries. Default value: **3**.
public CreateVpnConnectionRequest.Builder ikeConfig(String ikeConfig)
The configurations of Phase 1 negotiations: * **IkeConfig.Psk**: The pre-shared key that is used for authentication between the VPN gateway and the on-premises database. * The key must be 1 to 100 characters in length and can contain digits, letters, and the following characters: ``~!\`@#$%^&*()_-+={}[]|;:\",.<>/?`` * If you do not specify a pre-shared key, the system generates a random 16-character string as the pre-shared key. You can call the [DescribeVpnConnection](~~2526951~~) operation to query the pre-shared key that is generated by the system. >The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises database. Otherwise, the on-premises database and the VPN gateway cannot establish a connection. * **IkeConfig.IkeVersion**: the version of the Internet Key Exchange (IKE) protocol. Valid values: **ikev1** and **ikev2**. Default value: **ikev1**. Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and is more suitable for scenarios in which multiple CIDR blocks are used. * **IkeConfig.IkeMode**: the negotiation mode of IKE. Valid values: **main** and **aggressive**. Default value: **main**. * **main:** This mode offers higher security during negotiations. * **aggressive:** This mode is faster and has a higher success rate. * **IkeConfig.IkeEncAlg**: the encryption algorithm that is used in Phase 1 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**. Default value: **aes**. * **IkeConfig.IkeAuthAlg**: the authentication algorithm that is used in Phase 1 negotiations. Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**. Default value: **md5**. * **IkeConfig.IkePfs**: the Diffie-Hellman (DH) key exchange algorithm that is used in Phase 1 negotiations. Valid values: **group1**, **group2**, **group5**, and **group14**. Default value: **group2**. * **IkeConfig.IkeLifetime**: the SA lifetime determined by Phase 1 negotiations. Unit: seconds. Valid values: **0** to **86400**. Default value: **86400**. * **IkeConfig.LocalId**: the identifier of the VPN gateway. The value can be up to 100 characters in length. The default value is the IP address of the VPN gateway. * **IkeConfig.RemoteId**: the identifier of the customer gateway. The value can be up to 100 characters in length. The default value is the IP address of the customer gateway.
public CreateVpnConnectionRequest.Builder ipsecConfig(String ipsecConfig)
The configurations of Phase 2 negotiations: * **IpsecConfig.IpsecEncAlg**: the encryption algorithm that is used in Phase 2 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**. Default value: **aes**. * **IpsecConfig. IpsecAuthAlg**: the authentication algorithm that is used in Phase 2 negotiations. Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**. Default value: **md5**. * **IpsecConfig. IpsecPfs**: the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**. Default value: **group2**. * **IpsecConfig. IpsecLifetime**: the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: **0** to **86400**. Default value: **86400**.
public CreateVpnConnectionRequest.Builder localSubnet(String localSubnet)
Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24. The following routing modes are supported: * If you set **LocalSubnet** and **RemoteSubnet** to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode. * If you set **LocalSubnet** and **RemoteSubnet** to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
public CreateVpnConnectionRequest.Builder name(String name)
The name must be 1 to 100 characters in length and cannot start with `http://` or `https://`.
public CreateVpnConnectionRequest.Builder ownerAccount(String ownerAccount)
public CreateVpnConnectionRequest.Builder ownerId(Long ownerId)
public CreateVpnConnectionRequest.Builder regionId(String regionId)
public CreateVpnConnectionRequest.Builder remoteCaCertificate(String remoteCaCertificate)
The certificate authority (CA) certificate. If the VPN gateway is of the ShangMi (SM) type, you need to configure a CA certificate for the peer gateway device. * If an SM VPN gateway is used to create the IPsec-VPN connection, this parameter is required. * If a standard VPN gateway is used to create the IPsec-VPN connection, leave this parameter empty.
public CreateVpnConnectionRequest.Builder remoteSubnet(String remoteSubnet)
Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24. The following routing modes are supported: * If you set **LocalSubnet** and **RemoteSubnet** to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode. * If you set **LocalSubnet** and **RemoteSubnet** to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
public CreateVpnConnectionRequest.Builder resourceOwnerAccount(String resourceOwnerAccount)
public CreateVpnConnectionRequest.Builder resourceOwnerId(Long resourceOwnerId)
public CreateVpnConnectionRequest.Builder tags(List<CreateVpnConnectionRequest.Tags> tags)
The tag value can be an empty string and cannot exceed 128 characters in length. It cannot start with `aliyun` or `acs:`, and cannot contain `http://` or `https://`. Each tag key corresponds to one tag value. You can specify up to 20 tag values in each call.
public CreateVpnConnectionRequest.Builder tunnelOptionsSpecification(List<CreateVpnConnectionRequest.TunnelOptionsSpecification> tunnelOptionsSpecification)
* You can specify the parameters in the **TunnelOptionsSpecification** array if you create an IPsec-VPN connection in dual-tunnel mode. * If you create an IPsec-VPN connection in dual-tunnel mode, you need to configure an active tunnel and a standby tunnel. Each IPsec-VPN connection supports only one active tunnel and one standby tunnel.
public CreateVpnConnectionRequest.Builder vpnGatewayId(String vpnGatewayId)
public CreateVpnConnectionRequest build()
Copyright © 2024. All rights reserved.