动态与公告

产品动态

产品公告

腾讯云网络总览

产品简介

产品概述

产品优势

应用场景

基本概念

配额限制

购买指南

计费概述

欠费说明

快速入门

网络规划

VPC 连接

快速搭建 IPv4 私有网络

操作指南

网络拓扑

网络性能大盘

私有网络

子网

路由表

弹性公网 IP

高可用虚拟 IP

弹性网卡

共享带宽包

网络连接

安全管理

诊断工具

告警与监控

实践教程

查看单地域按流量计费的总带宽

基础网络迁移至私有网络

安全组变更最佳实践

配置云服务器为公网网关

用 HAVIP+Keepalived 搭建高可用主备集群

通过专线接入和 VPN 连接实现混合云主备冗余通信

通过云联网和 VPN 连接实现混合云主备冗余通信

通过 EIP 实现云服务器访问 Internet

故障处理

无法删除 VPC 或子网

使用云联网打通两个 VPC 后网络不通

同 VPC 下两台云服务器无法 ping 通

API 文档

History

Introduction

API Category

Making API Requests

VPC APIs

Route Table APIs

Elastic Public IP APIs

Elastic IPv6 APIs

Highly Available Virtual IP APIs

ENI APIs

Bandwidth Package APIs

NAT Gateway APIs

Direct Connect Gateway APIs

Cloud Connect Network APIs

Network ACL APIs

Network Parameter Template APIs

Network Detection-Related APIs

Flow Log APIs

Gateway Traffic Monitor APIs

Private Link APIs

Traffic Mirroring APIs

Other APIs

Subnet APIs

VPN Gateway APIs

Security Group APIs

Snapshot Policy APIs

Error Codes

Data Types

常见问题

通用类

连接类

安全类

联系我们

词汇表

CreateVpnConnection

PDF

聚焦模式

字号

最后更新时间： 2025-11-13 20:42:05

1. API Description

Domain name for API request: vpc.intl.tencentcloudapi.com.

This API is used to create a VPN tunnel.

Note：
This API is async. You can call the DescribeVpcTaskResult API to query the task result. When the task is completed, you can continue other tasks.

A maximum of 100 requests can be initiated per second for this API.

We recommend you to use API Explorer

Try it

API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name	Required	Type	Description
Action	Yes	String	Common Params. The value used for this API: CreateVpnConnection.
Version	Yes	String	Common Params. The value used for this API: 2017-03-12.
Region	Yes	String	Common Params. For more information, please see the list of regions supported by the product.
VpnGatewayId	Yes	String	The ID of the VPN gateway instance.
CustomerGatewayId	Yes	String	The ID of the customer gateway, such as `cgw-2wqq41m9`. You can query the customer gateway by using the DescribeCustomerGateways API.
VpnConnectionName	Yes	String	Gateway can be named freely, but the maximum length is 60 characters.
PreShareKey	Yes	String	The pre-shared key.
VpcId	No	String	VPC instance ID, which can be obtained from the `VpcId` field in the response of the `DescribeVpcs` API. This parameter is optional for a CCN-based VPN tunnel.
SecurityPolicyDatabases.N	No	Array of SecurityPolicyDatabase	The SPD policy group, for example: {"10.0.0.5/24":["172.123.10.5/16"]}. 10.0.0.5/24 is the VPC internal IP range, and 172.123.10.5/16 is the IDC IP range. The user specifies the IP range in the VPC that can communicate with the IP range in the IDC.
IKEOptionsSpecification	No	IKEOptionsSpecification	Internet Key Exchange (IKE) configuration. IKE has a self-protection mechanism. The network security protocol is configured by the user.
IPSECOptionsSpecification	No	IPSECOptionsSpecification	IPSec configuration. The IPSec secure session configuration is provided by Tencent Cloud.
Tags.N	No	Array of Tag	Bound tags, such as [{"Key": "city", "Value": "shanghai"}].
EnableHealthCheck	No	Boolean	Whether the tunnel health check is supported. The default value is `False`.
HealthCheckLocalIp	No	String	Local IP of health check. It defaults to a random IP within 169.254.128.0/17.
HealthCheckRemoteIp	No	String	Peer IP of health check. It defaults to a random IP within 169.254.128.0/17.
RouteType	No	String	Tunnel type. Valid values: `STATIC`, `StaticRoute`, and `Policy`.
NegotiationType	No	String	Negotiation type. Valid values: `active` (default value), `passive` and `flowTrigger`.
DpdEnable	No	Integer	Specifies whether to enable DPD. Valid values: `0` (disable) and `1` (enable)
DpdTimeout	No	String	DPD timeout period. Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of `DpdEnable` is 1.
DpdAction	No	String	The action after DPD timeout. Valid values: `clear` (disconnect) and `restart` (try again). It’s valid when `DpdEnable` is `1`.

3. Output Parameters

Parameter Name	Type	Description
VpnConnection	VpnConnection	Tunnel instance object.
RequestId	String	The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

4. Example

Example1 Creating a VPN tunnel

This example shows you how to create a VPN tunnel.

Input Example

POST / HTTP/1.1
Host: vpc.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: CreateVpnConnection
<Common request parameters>

{
    "VpnConnectionName": "TEST_CONN",
    "PreShareKey": "654321",
    "VpcId": "vpc-gapcv96p",
    "Tags": [
        {
            "Value": "shanghai",
            "Key": "city"
        }
    ],
    "IPSECOptionsSpecification": {
        "PfsDhGroup": "NULL",
        "EncryptAlgorithm": "3DES-CBC",
        "IntegrityAlgorith": "MD5"
    },
    "SecurityPolicyDatabases": [
        {
            "LocalCidrBlock": "10.8.4.0/24",
            "RemoteCidrBlock": [
                "58.211.1.0/24"
            ]
        }
    ],
    "VpnGatewayId": "vpngw-1w9tue3d",
    "CustomerGatewayId": "cgw-qa9sxpy7",
    "IKEOptionsSpecification": {
        "IKEVersion": "IKEV1",
        "RemoteIdentity": "ADDRESS",
        "PropoAuthenAlgorithm": "MD5",
        "RemoteAddress": "1.2.3.4",
        "LocalIdentity": "ADDRESS",
        "LocalAddress": "58.211.2.5",
        "ExchangeMode": "MAIN",
        "PropoEncryAlgorithm": "3DES-CBC",
        "DhGroupName": "GROUP1"
    }
}

Output Example

{
    "Response": {
        "VpnConnection": {
            "VpcId": "vpc-kozprpc9",
            "VpnConnectionId": "vpnx-p0j11j28",
            "VpnConnectionName": "test-con",
            "VpnGatewayId": "vpngw-ecvft20x",
            "CustomerGatewayId": "cgw-7lhl5331",
            "State": "PENDING",
            "PreShareKey": "123456",
            "NegotiationType": "",
            "DpdEnable": -1,
            "DpdTimeout": "",
            "DpdAction": "",
            "VpnProto": "IPSEC",
            "EncryptProto": "IKE",
            "RouteType": "STATIC",
            "CreatedTime": "0000-00-00 00:00:00",
            "NetStatus": "",
            "SecurityPolicyDatabaseSet": [],
            "IKEOptionsSpecification": {
                "PropoEncryAlgorithm": "AES-CBC-256",
                "PropoAuthenAlgorithm": "SHA",
                "ExchangeMode": "AGGRESSIVE",
                "LocalIdentity": "ADDRESS",
                "RemoteIdentity": "ADDRESS",
                "LocalAddress": "122.152.199.99",
                "RemoteAddress": "39.97.38.104",
                "LocalFqdnName": "",
                "RemoteFqdnName": "",
                "DhGroupName": "GROUP2",
                "IKESaLifetimeSeconds": 86400,
                "IKEVersion": "IKEV1"
            },
            "IPSECOptionsSpecification": {
                "EncryptAlgorithm": "AES-CBC-256",
                "IntegrityAlgorith": "SHA1",
                "IPSECSaLifetimeSeconds": 3600,
                "IPSECSaLifetimeTraffic": 1843200,
                "PfsDhGroup": "NULL"
            },
            "EnableHealthCheck": false,
            "HealthCheckLocalIp": "",
            "HealthCheckRemoteIp": "",
            "HealthCheckStatus": "",
            "TagSet": []
        },
        "RequestId": "4b71dd4d-a3ee-4ac1-b99a-99d65f6443fd"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

Tencent Cloud CLI 3.0

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code	Description
InvalidParameter.Coexist	The parameters cannot be specified at the same time.
InvalidParameterValue.Duplicate	The input parameter already exists.
InvalidParameterValue.Empty	Missing parameters.
InvalidParameterValue.Malformed	Invalid input parameter format.
InvalidParameterValue.TagDuplicateKey	Duplicate tag keys.
InvalidParameterValue.TagDuplicateResourceType	Duplicate tag resource type.
InvalidParameterValue.TagInvalidKey	Invalid tag key.
InvalidParameterValue.TagInvalidKeyLen	Invalid tag key length.
InvalidParameterValue.TagInvalidVal	Invalid tag key.
InvalidParameterValue.TagKeyNotExists	The tag key does not exist.
InvalidParameterValue.TagNotAllocatedQuota	Tags are not assigned quotas.
InvalidParameterValue.TagNotExisted	The Tag does not exist.
InvalidParameterValue.TagNotSupportTag	Unsupported tag.
InvalidParameterValue.TagResourceFormatError	Tag resource format error.
InvalidParameterValue.TagTimestampExceeded	Exceeded the quota of tag timestamp.
InvalidParameterValue.TagValNotExists	The tag value does not exist.
InvalidParameterValue.TooLong	Invalid parameter value. The parameter value is too long.
InvalidParameterValue.VpcCidrConflict	Destination IP address range conflicts with CIDR of the current VPC.
InvalidParameterValue.VpnConnBgpTunnelCidrConflict	The current BGP tunnel subnet: `%(key)s` overlaps with the existing BGP tunnel subnet: `%(value)s`.
InvalidParameterValue.VpnConnBgpTunnelCidrMask	The BGP tunnel subnet must be a /30 subnet.
InvalidParameterValue.VpnConnBgpTunnelCidrNotSupported	The cloud-side or user-side BGP address: `%(value)s` must be within the BGP tunnel subnet `%(key)s`.
InvalidParameterValue.VpnConnCidrConflict	Destination IP address range conflicts with CIDR block of the current VPC tunnel.
InvalidParameterValue.VpnConnHealthCheckIpConflict	The destination IP of the probe cannot be within the IP range of the VPC.
LimitExceeded	Quota limit is reached.
LimitExceeded.TagKeyExceeded	Reached the upper limit of tag keys.
LimitExceeded.TagKeyPerResourceExceeded	Reached the upper limit of tags keys per resource.
LimitExceeded.TagNotEnoughQuota	Insufficient tag quota.
LimitExceeded.TagQuota	Exceeded the tag quota. Unable to create resources.
LimitExceeded.TagQuotaExceeded	Reached the upper limit of tag quota.
LimitExceeded.TagTagsExceeded	Reached the number limit of tag keys.
ResourceInUse	The resource is occupied.
ResourceNotFound	The resource does not exist.
UnsupportedOperation	Unsupported operation.
UnsupportedOperation.InvalidState	Invalid resource status.
UnsupportedOperation.TagAllocate	Tags are being assigned.
UnsupportedOperation.TagFree	Tags are being released.
UnsupportedOperation.TagNotPermit	Unauthorized for this tag.
UnsupportedOperation.TagSystemReservedTagKey	The specified tag key is reserved for system usage.
UnsupportedOperation.VpnUnsupportedBgp	VPN does not support BGP.
UnsupportedOperation.VpnUnsupportedBgpAsnEqual	The BGP ASN of the peer gateway is the same as that of an existing tunnel peer or cloud-based VPN.
UnsupportedOperation.VpnUnsupportedNotExistBgpAsn	VPN is not configured with BGP ASN.

帮助和支持

本页内容是否解决了您的问题？

您也可以联系销售或提交工单以寻求帮助。

填写满意度调查问卷，共创更好文档体验。

文档反馈

tencent cloud