Docs Home
Packages
Alibaba Cloud v3.62.1 published on Monday, Sep 16, 2024 by Pulumi
alicloud.vpn.IpsecServer
Explore with Pulumi AI
Provides a VPN Ipsec Server resource.
For information about VPN Ipsec Server and how to use it, see What is Ipsec Server.
NOTE: Available since v1.161.0+.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "terraform-example";
const default = alicloud.getZones({
availableResourceCreation: "VSwitch",
});
const defaultGetNetworks = alicloud.vpc.getNetworks({
nameRegex: "^default-NODELETING$",
cidrBlock: "172.16.0.0/16",
});
const default0 = Promise.all([defaultGetNetworks, _default]).then(([defaultGetNetworks, _default]) => alicloud.vpc.getSwitches({
vpcId: defaultGetNetworks.ids?.[0],
zoneId: _default.ids?.[0],
}));
const default1 = Promise.all([defaultGetNetworks, _default]).then(([defaultGetNetworks, _default]) => alicloud.vpc.getSwitches({
vpcId: defaultGetNetworks.ids?.[0],
zoneId: _default.ids?.[1],
}));
const defaultGateway = new alicloud.vpn.Gateway("default", {
vpnGatewayName: name,
vpcId: defaultGetNetworks.then(defaultGetNetworks => defaultGetNetworks.ids?.[0]),
bandwidth: 10,
enableSsl: true,
description: name,
paymentType: "Subscription",
vswitchId: default0.then(default0 => default0.ids?.[0]),
disasterRecoveryVswitchId: default1.then(default1 => default1.ids?.[0]),
});
const foo = new alicloud.vpn.IpsecServer("foo", {
clientIpPool: "10.0.0.0/24",
ipsecServerName: name,
localSubnet: "192.168.0.0/24",
vpnGatewayId: defaultGateway.id,
pskEnabled: true,
});
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "terraform-example"
default = alicloud.get_zones(available_resource_creation="VSwitch")
default_get_networks = alicloud.vpc.get_networks(name_regex="^default-NODELETING$",
cidr_block="172.16.0.0/16")
default0 = alicloud.vpc.get_switches(vpc_id=default_get_networks.ids[0],
zone_id=default.ids[0])
default1 = alicloud.vpc.get_switches(vpc_id=default_get_networks.ids[0],
zone_id=default.ids[1])
default_gateway = alicloud.vpn.Gateway("default",
vpn_gateway_name=name,
vpc_id=default_get_networks.ids[0],
bandwidth=10,
enable_ssl=True,
description=name,
payment_type="Subscription",
vswitch_id=default0.ids[0],
disaster_recovery_vswitch_id=default1.ids[0])
foo = alicloud.vpn.IpsecServer("foo",
client_ip_pool="10.0.0.0/24",
ipsec_server_name=name,
local_subnet="192.168.0.0/24",
vpn_gateway_id=default_gateway.id,
psk_enabled=True)
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpc"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "terraform-example"
if param := cfg.Get("name"); param != "" {
name = param
}
_default, err := alicloud.GetZones(ctx, &alicloud.GetZonesArgs{
AvailableResourceCreation: pulumi.StringRef("VSwitch"),
}, nil)
if err != nil {
return err
}
defaultGetNetworks, err := vpc.GetNetworks(ctx, &vpc.GetNetworksArgs{
NameRegex: pulumi.StringRef("^default-NODELETING$"),
CidrBlock: pulumi.StringRef("172.16.0.0/16"),
}, nil)
if err != nil {
return err
}
default0, err := vpc.GetSwitches(ctx, &vpc.GetSwitchesArgs{
VpcId: pulumi.StringRef(defaultGetNetworks.Ids[0]),
ZoneId: pulumi.StringRef(_default.Ids[0]),
}, nil)
if err != nil {
return err
}
default1, err := vpc.GetSwitches(ctx, &vpc.GetSwitchesArgs{
VpcId: pulumi.StringRef(defaultGetNetworks.Ids[0]),
ZoneId: pulumi.StringRef(_default.Ids[1]),
}, nil)
if err != nil {
return err
}
defaultGateway, err := vpn.NewGateway(ctx, "default", &vpn.GatewayArgs{
VpnGatewayName: pulumi.String(name),
VpcId: pulumi.String(defaultGetNetworks.Ids[0]),
Bandwidth: pulumi.Int(10),
EnableSsl: pulumi.Bool(true),
Description: pulumi.String(name),
PaymentType: pulumi.String("Subscription"),
VswitchId: pulumi.String(default0.Ids[0]),
DisasterRecoveryVswitchId: pulumi.String(default1.Ids[0]),
})
if err != nil {
return err
}
_, err = vpn.NewIpsecServer(ctx, "foo", &vpn.IpsecServerArgs{
ClientIpPool: pulumi.String("10.0.0.0/24"),
IpsecServerName: pulumi.String(name),
LocalSubnet: pulumi.String("192.168.0.0/24"),
VpnGatewayId: defaultGateway.ID(),
PskEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "terraform-example";
var @default = AliCloud.GetZones.Invoke(new()
{
AvailableResourceCreation = "VSwitch",
});
var defaultGetNetworks = AliCloud.Vpc.GetNetworks.Invoke(new()
{
NameRegex = "^default-NODELETING$",
CidrBlock = "172.16.0.0/16",
});
var default0 = AliCloud.Vpc.GetSwitches.Invoke(new()
{
VpcId = defaultGetNetworks.Apply(getNetworksResult => getNetworksResult.Ids[0]),
ZoneId = @default.Apply(getZonesResult => getZonesResult.Ids[0]),
});
var default1 = AliCloud.Vpc.GetSwitches.Invoke(new()
{
VpcId = defaultGetNetworks.Apply(getNetworksResult => getNetworksResult.Ids[0]),
ZoneId = @default.Apply(getZonesResult => getZonesResult.Ids[1]),
});
var defaultGateway = new AliCloud.Vpn.Gateway("default", new()
{
VpnGatewayName = name,
VpcId = defaultGetNetworks.Apply(getNetworksResult => getNetworksResult.Ids[0]),
Bandwidth = 10,
EnableSsl = true,
Description = name,
PaymentType = "Subscription",
VswitchId = default0.Apply(getSwitchesResult => getSwitchesResult.Ids[0]),
DisasterRecoveryVswitchId = default1.Apply(getSwitchesResult => getSwitchesResult.Ids[0]),
});
var foo = new AliCloud.Vpn.IpsecServer("foo", new()
{
ClientIpPool = "10.0.0.0/24",
IpsecServerName = name,
LocalSubnet = "192.168.0.0/24",
VpnGatewayId = defaultGateway.Id,
PskEnabled = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.inputs.GetZonesArgs;
import com.pulumi.alicloud.vpc.VpcFunctions;
import com.pulumi.alicloud.vpc.inputs.GetNetworksArgs;
import com.pulumi.alicloud.vpc.inputs.GetSwitchesArgs;
import com.pulumi.alicloud.vpn.Gateway;
import com.pulumi.alicloud.vpn.GatewayArgs;
import com.pulumi.alicloud.vpn.IpsecServer;
import com.pulumi.alicloud.vpn.IpsecServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("terraform-example");
final var default = AlicloudFunctions.getZones(GetZonesArgs.builder()
.availableResourceCreation("VSwitch")
.build());
final var defaultGetNetworks = VpcFunctions.getNetworks(GetNetworksArgs.builder()
.nameRegex("^default-NODELETING$")
.cidrBlock("172.16.0.0/16")
.build());
final var default0 = VpcFunctions.getSwitches(GetSwitchesArgs.builder()
.vpcId(defaultGetNetworks.applyValue(getNetworksResult -> getNetworksResult.ids()[0]))
.zoneId(default_.ids()[0])
.build());
final var default1 = VpcFunctions.getSwitches(GetSwitchesArgs.builder()
.vpcId(defaultGetNetworks.applyValue(getNetworksResult -> getNetworksResult.ids()[0]))
.zoneId(default_.ids()[1])
.build());
var defaultGateway = new Gateway("defaultGateway", GatewayArgs.builder()
.vpnGatewayName(name)
.vpcId(defaultGetNetworks.applyValue(getNetworksResult -> getNetworksResult.ids()[0]))
.bandwidth("10")
.enableSsl(true)
.description(name)
.paymentType("Subscription")
.vswitchId(default0.applyValue(getSwitchesResult -> getSwitchesResult.ids()[0]))
.disasterRecoveryVswitchId(default1.applyValue(getSwitchesResult -> getSwitchesResult.ids()[0]))
.build());
var foo = new IpsecServer("foo", IpsecServerArgs.builder()
.clientIpPool("10.0.0.0/24")
.ipsecServerName(name)
.localSubnet("192.168.0.0/24")
.vpnGatewayId(defaultGateway.id())
.pskEnabled(true)
.build());
}
}
configuration:
name:
type: string
default: terraform-example
resources:
defaultGateway:
type: alicloud:vpn:Gateway
name: default
properties:
vpnGatewayName: ${name}
vpcId: ${defaultGetNetworks.ids[0]}
bandwidth: '10'
enableSsl: true
description: ${name}
paymentType: Subscription
vswitchId: ${default0.ids[0]}
disasterRecoveryVswitchId: ${default1.ids[0]}
foo:
type: alicloud:vpn:IpsecServer
properties:
clientIpPool: 10.0.0.0/24
ipsecServerName: ${name}
localSubnet: 192.168.0.0/24
vpnGatewayId: ${defaultGateway.id}
pskEnabled: true
variables:
default:
fn::invoke:
Function: alicloud:getZones
Arguments:
availableResourceCreation: VSwitch
defaultGetNetworks:
fn::invoke:
Function: alicloud:vpc:getNetworks
Arguments:
nameRegex: ^default-NODELETING$
cidrBlock: 172.16.0.0/16
default0:
fn::invoke:
Function: alicloud:vpc:getSwitches
Arguments:
vpcId: ${defaultGetNetworks.ids[0]}
zoneId: ${default.ids[0]}
default1:
fn::invoke:
Function: alicloud:vpc:getSwitches
Arguments:
vpcId: ${defaultGetNetworks.ids[0]}
zoneId: ${default.ids[1]}
Create IpsecServer Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IpsecServer(name: string, args: IpsecServerArgs, opts?: CustomResourceOptions);@overload
def IpsecServer(resource_name: str,
args: IpsecServerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IpsecServer(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_ip_pool: Optional[str] = None,
local_subnet: Optional[str] = None,
vpn_gateway_id: Optional[str] = None,
dry_run: Optional[bool] = None,
effect_immediately: Optional[bool] = None,
ike_configs: Optional[Sequence[IpsecServerIkeConfigArgs]] = None,
ipsec_configs: Optional[Sequence[IpsecServerIpsecConfigArgs]] = None,
ipsec_server_name: Optional[str] = None,
psk: Optional[str] = None,
psk_enabled: Optional[bool] = None)func NewIpsecServer(ctx *Context, name string, args IpsecServerArgs, opts ...ResourceOption) (*IpsecServer, error)public IpsecServer(string name, IpsecServerArgs args, CustomResourceOptions? opts = null)
public IpsecServer(String name, IpsecServerArgs args)
public IpsecServer(String name, IpsecServerArgs args, CustomResourceOptions options)
type: alicloud:vpn:IpsecServer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IpsecServerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IpsecServerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IpsecServerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IpsecServerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IpsecServerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ipsecServerResource = new AliCloud.Vpn.IpsecServer("ipsecServerResource", new()
{
ClientIpPool = "string",
LocalSubnet = "string",
VpnGatewayId = "string",
DryRun = false,
EffectImmediately = false,
IkeConfigs = new[]
{
new AliCloud.Vpn.Inputs.IpsecServerIkeConfigArgs
{
IkeAuthAlg = "string",
IkeEncAlg = "string",
IkeLifetime = 0,
IkeMode = "string",
IkePfs = "string",
IkeVersion = "string",
LocalId = "string",
RemoteId = "string",
},
},
IpsecConfigs = new[]
{
new AliCloud.Vpn.Inputs.IpsecServerIpsecConfigArgs
{
IpsecAuthAlg = "string",
IpsecEncAlg = "string",
IpsecLifetime = 0,
IpsecPfs = "string",
},
},
IpsecServerName = "string",
Psk = "string",
PskEnabled = false,
});
example, err := vpn.NewIpsecServer(ctx, "ipsecServerResource", &vpn.IpsecServerArgs{
ClientIpPool: pulumi.String("string"),
LocalSubnet: pulumi.String("string"),
VpnGatewayId: pulumi.String("string"),
DryRun: pulumi.Bool(false),
EffectImmediately: pulumi.Bool(false),
IkeConfigs: vpn.IpsecServerIkeConfigArray{
&vpn.IpsecServerIkeConfigArgs{
IkeAuthAlg: pulumi.String("string"),
IkeEncAlg: pulumi.String("string"),
IkeLifetime: pulumi.Int(0),
IkeMode: pulumi.String("string"),
IkePfs: pulumi.String("string"),
IkeVersion: pulumi.String("string"),
LocalId: pulumi.String("string"),
RemoteId: pulumi.String("string"),
},
},
IpsecConfigs: vpn.IpsecServerIpsecConfigArray{
&vpn.IpsecServerIpsecConfigArgs{
IpsecAuthAlg: pulumi.String("string"),
IpsecEncAlg: pulumi.String("string"),
IpsecLifetime: pulumi.Int(0),
IpsecPfs: pulumi.String("string"),
},
},
IpsecServerName: pulumi.String("string"),
Psk: pulumi.String("string"),
PskEnabled: pulumi.Bool(false),
})
var ipsecServerResource = new IpsecServer("ipsecServerResource", IpsecServerArgs.builder()
.clientIpPool("string")
.localSubnet("string")
.vpnGatewayId("string")
.dryRun(false)
.effectImmediately(false)
.ikeConfigs(IpsecServerIkeConfigArgs.builder()
.ikeAuthAlg("string")
.ikeEncAlg("string")
.ikeLifetime(0)
.ikeMode("string")
.ikePfs("string")
.ikeVersion("string")
.localId("string")
.remoteId("string")
.build())
.ipsecConfigs(IpsecServerIpsecConfigArgs.builder()
.ipsecAuthAlg("string")
.ipsecEncAlg("string")
.ipsecLifetime(0)
.ipsecPfs("string")
.build())
.ipsecServerName("string")
.psk("string")
.pskEnabled(false)
.build());
ipsec_server_resource = alicloud.vpn.IpsecServer("ipsecServerResource",
client_ip_pool="string",
local_subnet="string",
vpn_gateway_id="string",
dry_run=False,
effect_immediately=False,
ike_configs=[alicloud.vpn.IpsecServerIkeConfigArgs(
ike_auth_alg="string",
ike_enc_alg="string",
ike_lifetime=0,
ike_mode="string",
ike_pfs="string",
ike_version="string",
local_id="string",
remote_id="string",
)],
ipsec_configs=[alicloud.vpn.IpsecServerIpsecConfigArgs(
ipsec_auth_alg="string",
ipsec_enc_alg="string",
ipsec_lifetime=0,
ipsec_pfs="string",
)],
ipsec_server_name="string",
psk="string",
psk_enabled=False)
const ipsecServerResource = new alicloud.vpn.IpsecServer("ipsecServerResource", {
clientIpPool: "string",
localSubnet: "string",
vpnGatewayId: "string",
dryRun: false,
effectImmediately: false,
ikeConfigs: [{
ikeAuthAlg: "string",
ikeEncAlg: "string",
ikeLifetime: 0,
ikeMode: "string",
ikePfs: "string",
ikeVersion: "string",
localId: "string",
remoteId: "string",
}],
ipsecConfigs: [{
ipsecAuthAlg: "string",
ipsecEncAlg: "string",
ipsecLifetime: 0,
ipsecPfs: "string",
}],
ipsecServerName: "string",
psk: "string",
pskEnabled: false,
});
type: alicloud:vpn:IpsecServer
properties:
clientIpPool: string
dryRun: false
effectImmediately: false
ikeConfigs:
- ikeAuthAlg: string
ikeEncAlg: string
ikeLifetime: 0
ikeMode: string
ikePfs: string
ikeVersion: string
localId: string
remoteId: string
ipsecConfigs:
- ipsecAuthAlg: string
ipsecEncAlg: string
ipsecLifetime: 0
ipsecPfs: string
ipsecServerName: string
localSubnet: string
psk: string
pskEnabled: false
vpnGatewayId: string
IpsecServer Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The IpsecServer resource accepts the following input properties:
- Client
Ip stringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- Local
Subnet string - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - Vpn
Gateway stringId - The ID of the VPN gateway.
- Dry
Run bool - The dry run.
- Effect
Immediately bool - Specifies whether you want the configuration to immediately take effect.
- Ike
Configs List<Pulumi.Ali Cloud. Vpn. Inputs. Ipsec Server Ike Config> - The configuration of Phase 1 negotiations. See
ike_configbelow. - Ipsec
Configs List<Pulumi.Ali Cloud. Vpn. Inputs. Ipsec Server Ipsec Config> - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - Ipsec
Server stringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - Psk string
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- Psk
Enabled bool - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled.
- Client
Ip stringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- Local
Subnet string - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - Vpn
Gateway stringId - The ID of the VPN gateway.
- Dry
Run bool - The dry run.
- Effect
Immediately bool - Specifies whether you want the configuration to immediately take effect.
- Ike
Configs []IpsecServer Ike Config Args - The configuration of Phase 1 negotiations. See
ike_configbelow. - Ipsec
Configs []IpsecServer Ipsec Config Args - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - Ipsec
Server stringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - Psk string
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- Psk
Enabled bool - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled.
- client
Ip StringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- local
Subnet String - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - vpn
Gateway StringId - The ID of the VPN gateway.
- dry
Run Boolean - The dry run.
- effect
Immediately Boolean - Specifies whether you want the configuration to immediately take effect.
- ike
Configs List<IpsecServer Ike Config> - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Configs List<IpsecServer Ipsec Config> - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - ipsec
Server StringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - psk String
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- psk
Enabled Boolean - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled.
- client
Ip stringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- local
Subnet string - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - vpn
Gateway stringId - The ID of the VPN gateway.
- dry
Run boolean - The dry run.
- effect
Immediately boolean - Specifies whether you want the configuration to immediately take effect.
- ike
Configs IpsecServer Ike Config[] - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Configs IpsecServer Ipsec Config[] - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - ipsec
Server stringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - psk string
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- psk
Enabled boolean - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled.
- client_
ip_ strpool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- local_
subnet str - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - vpn_
gateway_ strid - The ID of the VPN gateway.
- dry_
run bool - The dry run.
- effect_
immediately bool - Specifies whether you want the configuration to immediately take effect.
- ike_
configs Sequence[IpsecServer Ike Config Args] - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec_
configs Sequence[IpsecServer Ipsec Config Args] - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - ipsec_
server_ strname - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - psk str
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- psk_
enabled bool - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled.
- client
Ip StringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- local
Subnet String - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - vpn
Gateway StringId - The ID of the VPN gateway.
- dry
Run Boolean - The dry run.
- effect
Immediately Boolean - Specifies whether you want the configuration to immediately take effect.
- ike
Configs List<Property Map> - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Configs List<Property Map> - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - ipsec
Server StringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - psk String
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- psk
Enabled Boolean - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled.
Outputs
All input properties are implicitly available as output properties. Additionally, the IpsecServer resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing IpsecServer Resource
Get an existing IpsecServer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IpsecServerState, opts?: CustomResourceOptions): IpsecServer@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
client_ip_pool: Optional[str] = None,
dry_run: Optional[bool] = None,
effect_immediately: Optional[bool] = None,
ike_configs: Optional[Sequence[IpsecServerIkeConfigArgs]] = None,
ipsec_configs: Optional[Sequence[IpsecServerIpsecConfigArgs]] = None,
ipsec_server_name: Optional[str] = None,
local_subnet: Optional[str] = None,
psk: Optional[str] = None,
psk_enabled: Optional[bool] = None,
vpn_gateway_id: Optional[str] = None) -> IpsecServerfunc GetIpsecServer(ctx *Context, name string, id IDInput, state *IpsecServerState, opts ...ResourceOption) (*IpsecServer, error)public static IpsecServer Get(string name, Input<string> id, IpsecServerState? state, CustomResourceOptions? opts = null)public static IpsecServer get(String name, Output<String> id, IpsecServerState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Client
Ip stringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- Dry
Run bool - The dry run.
- Effect
Immediately bool - Specifies whether you want the configuration to immediately take effect.
- Ike
Configs List<Pulumi.Ali Cloud. Vpn. Inputs. Ipsec Server Ike Config> - The configuration of Phase 1 negotiations. See
ike_configbelow. - Ipsec
Configs List<Pulumi.Ali Cloud. Vpn. Inputs. Ipsec Server Ipsec Config> - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - Ipsec
Server stringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - Local
Subnet string - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - Psk string
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- Psk
Enabled bool - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled. - Vpn
Gateway stringId - The ID of the VPN gateway.
- Client
Ip stringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- Dry
Run bool - The dry run.
- Effect
Immediately bool - Specifies whether you want the configuration to immediately take effect.
- Ike
Configs []IpsecServer Ike Config Args - The configuration of Phase 1 negotiations. See
ike_configbelow. - Ipsec
Configs []IpsecServer Ipsec Config Args - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - Ipsec
Server stringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - Local
Subnet string - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - Psk string
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- Psk
Enabled bool - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled. - Vpn
Gateway stringId - The ID of the VPN gateway.
- client
Ip StringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- dry
Run Boolean - The dry run.
- effect
Immediately Boolean - Specifies whether you want the configuration to immediately take effect.
- ike
Configs List<IpsecServer Ike Config> - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Configs List<IpsecServer Ipsec Config> - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - ipsec
Server StringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - local
Subnet String - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - psk String
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- psk
Enabled Boolean - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled. - vpn
Gateway StringId - The ID of the VPN gateway.
- client
Ip stringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- dry
Run boolean - The dry run.
- effect
Immediately boolean - Specifies whether you want the configuration to immediately take effect.
- ike
Configs IpsecServer Ike Config[] - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Configs IpsecServer Ipsec Config[] - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - ipsec
Server stringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - local
Subnet string - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - psk string
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- psk
Enabled boolean - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled. - vpn
Gateway stringId - The ID of the VPN gateway.
- client_
ip_ strpool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- dry_
run bool - The dry run.
- effect_
immediately bool - Specifies whether you want the configuration to immediately take effect.
- ike_
configs Sequence[IpsecServer Ike Config Args] - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec_
configs Sequence[IpsecServer Ipsec Config Args] - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - ipsec_
server_ strname - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - local_
subnet str - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - psk str
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- psk_
enabled bool - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled. - vpn_
gateway_ strid - The ID of the VPN gateway.
- client
Ip StringPool - The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.
- dry
Run Boolean - The dry run.
- effect
Immediately Boolean - Specifies whether you want the configuration to immediately take effect.
- ike
Configs List<Property Map> - The configuration of Phase 1 negotiations. See
ike_configbelow. - ipsec
Configs List<Property Map> - The configuration of Phase 2 negotiations. See
ipsec_configbelow. - ipsec
Server StringName - The name of the IPsec server. The name must be
2to128characters in length, and can contain digits, hyphens (-), and underscores (_). It must start with a letter. - local
Subnet String - The local CIDR block. It refers to the CIDR block of the virtual private cloud (VPC) that is used to connect with the client. Separate multiple CIDR blocks with commas (,). Example:
192.168.1.0/24,192.168.2.0/24. - psk String
- The pre-shared key. The pre-shared key is used to authenticate the VPN gateway and the client. By default, the system generates a random string that is 16 bits in length. You can also specify the pre-shared key. It can contain at most 100 characters.
- psk
Enabled Boolean - Whether to enable the pre-shared key authentication method. The value is only
true, which indicates that the pre-shared key authentication method is enabled. - vpn
Gateway StringId - The ID of the VPN gateway.
Supporting Types
IpsecServerIkeConfig, IpsecServerIkeConfigArgs
- Ike
Auth stringAlg - The authentication algorithm that is used in Phase 1 negotiations. Default value:
sha1. - Ike
Enc stringAlg - The encryption algorithm that is used in Phase 1 negotiations. Default value:
aes. - Ike
Lifetime int - IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - Ike
Mode string - The IKE negotiation mode. Default value:
main. - Ike
Pfs string - The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value:
group2. - Ike
Version string - The IKE version. Valid values:
ikev1andikev2. Default value:ikev2. - Local
Id string - The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
- Remote
Id string - The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
- Ike
Auth stringAlg - The authentication algorithm that is used in Phase 1 negotiations. Default value:
sha1. - Ike
Enc stringAlg - The encryption algorithm that is used in Phase 1 negotiations. Default value:
aes. - Ike
Lifetime int - IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - Ike
Mode string - The IKE negotiation mode. Default value:
main. - Ike
Pfs string - The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value:
group2. - Ike
Version string - The IKE version. Valid values:
ikev1andikev2. Default value:ikev2. - Local
Id string - The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
- Remote
Id string - The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
- ike
Auth StringAlg - The authentication algorithm that is used in Phase 1 negotiations. Default value:
sha1. - ike
Enc StringAlg - The encryption algorithm that is used in Phase 1 negotiations. Default value:
aes. - ike
Lifetime Integer - IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - ike
Mode String - The IKE negotiation mode. Default value:
main. - ike
Pfs String - The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value:
group2. - ike
Version String - The IKE version. Valid values:
ikev1andikev2. Default value:ikev2. - local
Id String - The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
- remote
Id String - The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
- ike
Auth stringAlg - The authentication algorithm that is used in Phase 1 negotiations. Default value:
sha1. - ike
Enc stringAlg - The encryption algorithm that is used in Phase 1 negotiations. Default value:
aes. - ike
Lifetime number - IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - ike
Mode string - The IKE negotiation mode. Default value:
main. - ike
Pfs string - The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value:
group2. - ike
Version string - The IKE version. Valid values:
ikev1andikev2. Default value:ikev2. - local
Id string - The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
- remote
Id string - The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
- ike_
auth_ stralg - The authentication algorithm that is used in Phase 1 negotiations. Default value:
sha1. - ike_
enc_ stralg - The encryption algorithm that is used in Phase 1 negotiations. Default value:
aes. - ike_
lifetime int - IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - ike_
mode str - The IKE negotiation mode. Default value:
main. - ike_
pfs str - The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value:
group2. - ike_
version str - The IKE version. Valid values:
ikev1andikev2. Default value:ikev2. - local_
id str - The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
- remote_
id str - The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
- ike
Auth StringAlg - The authentication algorithm that is used in Phase 1 negotiations. Default value:
sha1. - ike
Enc StringAlg - The encryption algorithm that is used in Phase 1 negotiations. Default value:
aes. - ike
Lifetime Number - IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - ike
Mode String - The IKE negotiation mode. Default value:
main. - ike
Pfs String - The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value:
group2. - ike
Version String - The IKE version. Valid values:
ikev1andikev2. Default value:ikev2. - local
Id String - The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
- remote
Id String - The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
IpsecServerIpsecConfig, IpsecServerIpsecConfigArgs
- Ipsec
Auth stringAlg - The authentication algorithm that is used in Phase 2 negotiations. Default value:
sha1. - Ipsec
Enc stringAlg - The encryption algorithm that is used in Phase 2 negotiations. Default value:
aes. - Ipsec
Lifetime int - The SA lifetime determined by Phase 2 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - Ipsec
Pfs string - Forwards packets of all protocols. The Diffie-Hellman key exchange algorithm used in Phase 2 negotiations. Default value:
group2.
- Ipsec
Auth stringAlg - The authentication algorithm that is used in Phase 2 negotiations. Default value:
sha1. - Ipsec
Enc stringAlg - The encryption algorithm that is used in Phase 2 negotiations. Default value:
aes. - Ipsec
Lifetime int - The SA lifetime determined by Phase 2 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - Ipsec
Pfs string - Forwards packets of all protocols. The Diffie-Hellman key exchange algorithm used in Phase 2 negotiations. Default value:
group2.
- ipsec
Auth StringAlg - The authentication algorithm that is used in Phase 2 negotiations. Default value:
sha1. - ipsec
Enc StringAlg - The encryption algorithm that is used in Phase 2 negotiations. Default value:
aes. - ipsec
Lifetime Integer - The SA lifetime determined by Phase 2 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - ipsec
Pfs String - Forwards packets of all protocols. The Diffie-Hellman key exchange algorithm used in Phase 2 negotiations. Default value:
group2.
- ipsec
Auth stringAlg - The authentication algorithm that is used in Phase 2 negotiations. Default value:
sha1. - ipsec
Enc stringAlg - The encryption algorithm that is used in Phase 2 negotiations. Default value:
aes. - ipsec
Lifetime number - The SA lifetime determined by Phase 2 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - ipsec
Pfs string - Forwards packets of all protocols. The Diffie-Hellman key exchange algorithm used in Phase 2 negotiations. Default value:
group2.
- ipsec_
auth_ stralg - The authentication algorithm that is used in Phase 2 negotiations. Default value:
sha1. - ipsec_
enc_ stralg - The encryption algorithm that is used in Phase 2 negotiations. Default value:
aes. - ipsec_
lifetime int - The SA lifetime determined by Phase 2 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - ipsec_
pfs str - Forwards packets of all protocols. The Diffie-Hellman key exchange algorithm used in Phase 2 negotiations. Default value:
group2.
- ipsec
Auth StringAlg - The authentication algorithm that is used in Phase 2 negotiations. Default value:
sha1. - ipsec
Enc StringAlg - The encryption algorithm that is used in Phase 2 negotiations. Default value:
aes. - ipsec
Lifetime Number - The SA lifetime determined by Phase 2 negotiations. Valid values:
0to86400. Default value:86400. Unit:seconds. - ipsec
Pfs String - Forwards packets of all protocols. The Diffie-Hellman key exchange algorithm used in Phase 2 negotiations. Default value:
group2.
Import
VPN Ipsec Server can be imported using the id, e.g.
$ pulumi import alicloud:vpn/ipsecServer:IpsecServer example <id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.