alibabacloud-vpc20160428 6.10.1__py3-none-any.whl → 6.10.3__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. alibabacloud_vpc20160428/__init__.py +1 -1
  2. alibabacloud_vpc20160428/client.py +7908 -3216
  3. alibabacloud_vpc20160428/models.py +667 -233
  4. {alibabacloud_vpc20160428-6.10.1.dist-info → alibabacloud_vpc20160428-6.10.3.dist-info}/METADATA +1 -1
  5. alibabacloud_vpc20160428-6.10.3.dist-info/RECORD +8 -0
  6. alibabacloud_vpc20160428-6.10.1.dist-info/RECORD +0 -8
  7. {alibabacloud_vpc20160428-6.10.1.dist-info → alibabacloud_vpc20160428-6.10.3.dist-info}/LICENSE +0 -0
  8. {alibabacloud_vpc20160428-6.10.1.dist-info → alibabacloud_vpc20160428-6.10.3.dist-info}/WHEEL +0 -0
  9. {alibabacloud_vpc20160428-6.10.1.dist-info → alibabacloud_vpc20160428-6.10.3.dist-info}/top_level.txt +0 -0
alibabacloud_vpc20160428/models.py CHANGED
@@ -2596,7 +2596,10 @@ class AllocateIpv6InternetBandwidthRequest(TeaModel):
2596
2596
  resource_owner_account: str = None,
2597
2597
  resource_owner_id: int = None,
2598
2598
  ):
2599
- # The Internet bandwidth of the IPv6 gateway. Unit: Mbit/s. Valid values: **1 to 5000**.
2599
+ # The Internet bandwidth of the IPv6 address. Unit: Mbit/s.
2600
+ #
2601
+ # * If you set **InternetChargeType** to **PayByTraffic**, valid values are **1** to **1000**.
2602
+ # * If you set **InternetChargeType** to **PayByBandwidth**, valid values are **1** to **2000**.
2600
2603
  #
2601
2604
  # This parameter is required.
2602
2605
  self.bandwidth = bandwidth
@@ -4757,6 +4760,10 @@ class AssociateVpcCidrBlockRequest(TeaModel):
4757
4760
  #
4758
4761
  # > You must and can specify only one of **SecondaryCidrBlock** and **Ipv6CidrBlock**.
4759
4762
  self.secondary_cidr_block = secondary_cidr_block
4763
+ # Add secondary CIDR blocks to the VPC from the IPAM pool by entering a mask.
4764
+ #
4765
+ # >
4766
+ # > To add a secondary CIDR block to the VPC using the specified IPAM pool, you must specify at least one of the parameters, SecondaryCidrBlock or SecondaryCidrMask.
4760
4767
  self.secondary_cidr_mask = secondary_cidr_mask
4761
4768
  # The ID of the VPC to which you want to add a secondary CIDR block.
4762
4769
  #
@@ -4830,8 +4837,12 @@ class AssociateVpcCidrBlockRequest(TeaModel):
4830
4837
  class AssociateVpcCidrBlockResponseBody(TeaModel):
4831
4838
  def __init__(
4832
4839
  self,
4840
+ cidr_block: str = None,
4841
+ ip_version: str = None,
4833
4842
  request_id: str = None,
4834
4843
  ):
4844
+ self.cidr_block = cidr_block
4845
+ self.ip_version = ip_version
4835
4846
  # The request ID.
4836
4847
  self.request_id = request_id
4837
4848
 
@@ -4844,12 +4855,20 @@ class AssociateVpcCidrBlockResponseBody(TeaModel):
4844
4855
  return _map
4845
4856
 
4846
4857
  result = dict()
4858
+ if self.cidr_block is not None:
4859
+ result['CidrBlock'] = self.cidr_block
4860
+ if self.ip_version is not None:
4861
+ result['IpVersion'] = self.ip_version
4847
4862
  if self.request_id is not None:
4848
4863
  result['RequestId'] = self.request_id
4849
4864
  return result
4850
4865
 
4851
4866
  def from_map(self, m: dict = None):
4852
4867
  m = m or dict()
4868
+ if m.get('CidrBlock') is not None:
4869
+ self.cidr_block = m.get('CidrBlock')
4870
+ if m.get('IpVersion') is not None:
4871
+ self.ip_version = m.get('IpVersion')
4853
4872
  if m.get('RequestId') is not None:
4854
4873
  self.request_id = m.get('RequestId')
4855
4874
  return self
@@ -5952,7 +5971,7 @@ class CheckVpnBgpEnabledRequest(TeaModel):
5952
5971
  #
5953
5972
  # You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.
5954
5973
  #
5955
- # > If you do not specify this parameter, the system automatically uses the **request ID** as the **client token**. The **request ID** may be different for each request.
5974
+ # > If you do not specify this parameter, the system automatically uses the **request ID** as the **client token**. The **request ID** may be different for each request.
5956
5975
  self.client_token = client_token
5957
5976
  self.owner_account = owner_account
5958
5977
  # The region ID of the IPsec-VPN connection.
@@ -7556,11 +7575,14 @@ class CreateCustomerGatewayRequest(TeaModel):
7556
7575
  resource_owner_id: int = None,
7557
7576
  tags: List[CreateCustomerGatewayRequestTags] = None,
7558
7577
  ):
7559
- # The autonomous system number (ASN) of the gateway device in the data center.
7578
+ # The autonomous system number (ASN) of the gateway device in your data center. This parameter is required If you want to use Border Gateway Protocol (BGP) for the IPsec-VPN connection. Valid values: 1 to 4294967295. 45104 is not supported.
7560
7579
  #
7561
- # **Asn** is a 4-byte number. You can enter the number in two segments and separate the first 16 bits from the following 16 bits with a period (.). Enter the number in each segment in the decimal format.
7580
+ # **Asn** is a 4-byte number. You can enter it in two segments and separate the first 16 bits from the following 16 bits with a period (.). Enter the number in each segment in decimal format.
7562
7581
  #
7563
- # For example, if you enter 123.456, the ASN is: 123 × 65536 + 456 = 8061384.
7582
+ # For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
7583
+ #
7584
+ # > - We recommend that you use a private ASN to establish BGP connections to Alibaba Cloud. For information about the range of private ASNs, see the relevant documentation.
7585
+ # > - 45104 is a unique identifier assigned by IANA to Alibaba Cloud. It is used to identify Alibaba Cloud during route selection and data transmission over the Internet.
7564
7586
  self.asn = asn
7565
7587
  # The authentication key of the BGP routing protocol for the gateway device in the data center.
7566
7588
  #
@@ -7576,7 +7598,18 @@ class CreateCustomerGatewayRequest(TeaModel):
7576
7598
  #
7577
7599
  # The description must be 1 to 100 characters in length, and cannot start with `http://` or `https://`.
7578
7600
  self.description = description
7579
- # The public IP address of the gateway device in the data center.
7601
+ # The static IP address of the gateway device in the data center.
7602
+ #
7603
+ # * If you want to create a public IPsec-VPN connection, enter a public IP address.
7604
+ # * If you want to create a private IPsec-VPN connection, enter a private IP address.
7605
+ #
7606
+ # You cannot use the following IP addresses. Otherwise, a IPsec-VPN connection cannot be established:
7607
+ #
7608
+ # * 100.64.0.0~100.127.255.255
7609
+ # * 127.0.0.0~127.255.255.255
7610
+ # * 169.254.0.0~169.254.255.255
7611
+ # * 224.0.0.0~239.255.255.255
7612
+ # * 255.0.0.0~255.255.255.255
7580
7613
  #
7581
7614
  # This parameter is required.
7582
7615
  self.ip_address = ip_address
@@ -7701,7 +7734,7 @@ class CreateCustomerGatewayResponseBody(TeaModel):
7701
7734
  self.customer_gateway_id = customer_gateway_id
7702
7735
  # The description of the customer gateway.
7703
7736
  self.description = description
7704
- # The public IP address of the gateway device in the data center.
7737
+ # The static IP address of the gateway device in the on-premises data center.
7705
7738
  self.ip_address = ip_address
7706
7739
  # The name of the customer gateway.
7707
7740
  self.name = name
@@ -10604,7 +10637,7 @@ class CreateHaVipRequest(TeaModel):
10604
10637
  self.client_token = client_token
10605
10638
  # The description of the HAVIP.
10606
10639
  #
10607
- # The description must be 1 to 256 characters in length and cannot start with `http://` or `https://`.
10640
+ # The description must be 1 to 255 characters in length and cannot start with `http://` or `https://`.
10608
10641
  self.description = description
10609
10642
  # The IP address of the HAVIP.
10610
10643
  #
@@ -12006,11 +12039,11 @@ class CreateIpsecServerRequest(TeaModel):
12006
12039
  self.local_subnet = local_subnet
12007
12040
  # The pre-shared key.
12008
12041
  #
12009
- # The pre-shared key is used for identity authentication between the IPsec server and the client. The key must be 1 to 100 characters in length.
12042
+ # The pre-shared key that is used for authentication between the IPsec-VPN server and the client. It must be 1 to 100 characters in length.
12010
12043
  #
12011
- # If you do not specify a pre-shared key, the system randomly generates a 16-character string as the pre-shared key. You can call the [ListIpsecServers](https://help.aliyun.com/document_detail/2794120.html) operation to query the pre-shared keys that are generated by the system.
12044
+ # If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call [ListIpsecServers](https://help.aliyun.com/document_detail/2794120.html) to query keys generated by the system.
12012
12045
  #
12013
- # > The pre-shared key of the IPsec server must be the same as the client key. Otherwise, the IPsec server cannot be connected to the client.
12046
+ # > The pre-shared key of the IPsec server key must be the same as that of the client. Otherwise, the connection between the IPsec server and the client cannot be established.
12014
12047
  self.psk = psk
12015
12048
  # Indicates whether pre-shared key authentication is enabled. If you set the value to **true**, pre-shared key authentication is enabled.
12016
12049
  #
@@ -12468,7 +12501,7 @@ class CreateIpv6EgressOnlyRuleRequest(TeaModel):
12468
12501
  self.client_token = client_token
12469
12502
  # The description of the egress-only rule.
12470
12503
  #
12471
- # The description must be 2 to 256 characters in length and cannot start with `http://` or `https://`.
12504
+ # The description must be 0 to 256 characters in length and cannot start with `http://` or `https://`.
12472
12505
  self.description = description
12473
12506
  # The ID of the IPv6 address for which you want to create an egress-only rule.
12474
12507
  #
@@ -12484,7 +12517,7 @@ class CreateIpv6EgressOnlyRuleRequest(TeaModel):
12484
12517
  self.ipv_6gateway_id = ipv_6gateway_id
12485
12518
  # The name of the egress-only rule.
12486
12519
  #
12487
- # The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter but cannot start with `http://` or `https://`.
12520
+ # The name must be 0 to 128 characters in length and cannot start with `http://` or `https://`.
12488
12521
  self.name = name
12489
12522
  self.owner_account = owner_account
12490
12523
  self.owner_id = owner_id
@@ -12695,11 +12728,11 @@ class CreateIpv6GatewayRequest(TeaModel):
12695
12728
  self.client_token = client_token
12696
12729
  # The description of the IPv6 gateway.
12697
12730
  #
12698
- # The description must be 2 to 256 characters in length and cannot start with `http://` or `https://`.
12731
+ # The description must be 0 to 256 characters in length and cannot start with `http://` or `https://`.
12699
12732
  self.description = description
12700
12733
  # The name of the IPv6 gateway.
12701
12734
  #
12702
- # The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter but cannot start with `http://` or `https://`.
12735
+ # The name must be 0 to 128 characters in length and cannot start with `http://` or `https://`.
12703
12736
  self.name = name
12704
12737
  self.owner_account = owner_account
12705
12738
  self.owner_id = owner_id
@@ -17462,16 +17495,16 @@ class CreateSslVpnServerRequest(TeaModel):
17462
17495
  self.cipher = cipher
17463
17496
  # The client CIDR block.
17464
17497
  #
17465
- # It is the CIDR block from which an IP address is allocated to the virtual network interface controller (NIC) of the client. It is not the private CIDR block of the client.
17498
+ # The CIDR block from which an IP address is allocated to the virtual network interface controller (NIC) of the client, rather than the private CIDR block.
17466
17499
  #
17467
- # If the client accesses the SSL server over an SSL-VPN connection, the VPN gateway assigns an IP address from the specified client CIDR block to the client. The client uses the assigned IP address to access cloud resources.
17500
+ # If the client accesses the SSL server over an SSL-VPN connection, the VPN gateway assigns an IP address from the specified client CIDR block for the client to access cloud resources.
17468
17501
  #
17469
17502
  # Make sure that the number of IP addresses in the client CIDR block is at least four times the maximum number of SSL-VPN connections supported by the VPN gateway.
17470
17503
  #
17471
17504
  # <details>
17472
17505
  # <summary>Click to view the reason.</summary>
17473
17506
  #
17474
- # For example, if you specify 192.168.0.0/24 as the client CIDR block, the system first divides a subnet CIDR block with a subnet mask of 30 from 192.168.0.0/24, such as 192.168.0.4/30. This subnet provides up to four IP addresses. Then, the system allocates an IP address from 192.168.0.4/30 to the client and uses the other three IP addresses to ensure network communication. In this case, one client consumes four IP addresses. Therefore, to ensure that an IP address is assigned to your client, you must make sure that the number of IP addresses in the client CIDR block is at least four times the maximum number of SSL-VPN connections supported by the VPN gateway with which the SSL server is associated.
17507
+ # For example, if you specify 192.168.0.0/24 as the client CIDR block, the system first divides a subnet CIDR block with a subnet mask of 30 from 192.168.0.0/24, such as 192.168.0.4/30. This subnet provides up to four IP addresses. Then, the system allocates an IP address from 192.168.0.4/30 to the client and uses the other three IP addresses to ensure network communication. In this case, one client consumes four IP addresses. Therefore, to ensure that an IP address is assigned to your client, the number of IP addresses in the client CIDR block must be at least four times the maximum number of SSL-VPN connections supported by the VPN gateway with which the SSL server is associated.
17475
17508
  # </details>
17476
17509
  #
17477
17510
  # <details>
@@ -17483,10 +17516,10 @@ class CreateSslVpnServerRequest(TeaModel):
17483
17516
  # * 224.0.0.0~239.255.255.255
17484
17517
  # * 255.0.0.0~255.255.255.255
17485
17518
  # </details>
17486
- #
17487
17519
  # <details>
17488
17520
  # <summary>Click to view the recommended client CIDR blocks for different numbers of SSL-VPN connections.</summary>
17489
17521
  #
17522
+ #
17490
17523
  # * If the number of SSL-VPN connections is 5, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 27 bits in length. Examples: 10.0.0.0/27 and 10.0.0.0/26.
17491
17524
  # * If the number of SSL-VPN connections is 10, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 26 bits in length. Examples: 10.0.0.0/26 and 10.0.0.0/25.
17492
17525
  # * If the number of SSL-VPN connections is 20, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 25 bits in length. Examples: 10.0.0.0/25 and 10.0.0.0/24.
@@ -17497,10 +17530,10 @@ class CreateSslVpnServerRequest(TeaModel):
17497
17530
  # * If the number of SSL-VPN connections is 1,000, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 20 bits in length. Examples: 10.0.0.0/20 and 10.0.0.0/19.
17498
17531
  # </details>
17499
17532
  #
17500
- # > - The subnet mask of the client CIDR block must be 16 to 29 bits in length.
17501
- # > - Make sure that the local CIDR block and the client CIDR block do not overlap with each other.
17502
- # > - We recommend that you use 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or one of their subnets as the client CIDR block. If you want to specify a public CIDR block as the client CIDR block, you must specify the public CIDR block as the user CIDR block of the virtual private cloud (VPC). This way, the VPC can access the public CIDR block. For more information, see [VPC FAQ](https://help.aliyun.com/document_detail/185311.html).
17503
- # > - After you create an SSL server, the system automatically adds routes that point to the client CIDR block to the VPC route table, which is not displayed in the console by default. Do not add routes that point to the client CIDR block to the VPC route table again. Otherwise, SSL-VPN connections cannot work as expected.
17533
+ # > - The subnet mask of the client CIDR block must be 16 to 29 bits in length.
17534
+ # > - Make sure that the client CIDR block does not overlap with the local CIDR block, the VPC CIDR block, or route CIDR blocks associated with the client.
17535
+ # > - We recommend that you use 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or one of their subnets as the client CIDR block. If you want to specify a public CIDR block as the client CIDR block, you must specify the public CIDR block as the user CIDR block of the virtual private cloud (VPC). This way, the VPC can access the public CIDR block. For more information, see [VPC FAQs](https://help.aliyun.com/document_detail/185311.html).
17536
+ # > - After you create an SSL server, the system automatically adds routes that point to the client CIDR block to the VPC route table. Do not manually add routes that point to the client CIDR block. Otherwise, SSL-VPN connections cannot work as expected.
17504
17537
  #
17505
17538
  # This parameter is required.
17506
17539
  self.client_ip_pool = client_ip_pool
@@ -17517,14 +17550,12 @@ class CreateSslVpnServerRequest(TeaModel):
17517
17550
  self.compress = compress
17518
17551
  # Specifies whether to enable two-factor authentication. To enable two-factor authentication, you need to specify `IDaaSInstanceId`, `IDaaSRegionId`, and `IDaaSApplicationId`. Valid values:
17519
17552
  #
17520
- # * **true**\
17521
- # * **false** (default)
17522
- #
17523
- # >
17524
- #
17525
- # * If you use two-factor authentication for the first time, you need to complete [authorization](https://ram.console.aliyun.com/role/authorization?request=%7B%22Services%22%3A%5B%7B%22Service%22%3A%22VPN%22%2C%22Roles%22%3A%5B%7B%22RoleName%22%3A%22AliyunVpnAccessingIdaasRole%22%2C%22TemplateId%22%3A%22IdaasRole%22%7D%5D%7D%5D%2C%22ReturnUrl%22%3A%22https%3A%2F%2Fvpc.console.aliyun.com%2Fsslvpn%2Fcn-shanghai%2Fvpn-servers%22%7D) before you create an SSL server.
17553
+ # * **true**: enables this feature.
17554
+ # * **false** (default): disables this feature.
17526
17555
  #
17527
- # * IDaaS EIAM 1.0 instances are no longer available for purchase. If your Alibaba Cloud account has IDaaS EIAM 1.0 instances, IDaaS EIAM 1.0 instances can be associated after two-factor authentication is enabled. If your Alibaba Cloud account does not have IDaaS EIAM 1.0 instances, only IDaaS EIAM 2.0 instances can be associated after two-factor authentication is enabled.
17556
+ # > - If you use two-factor authentication for the first time, you must first complete [authorization](https://ram.console.aliyun.com/role/authorization?request=%7B%22Services%22%3A%5B%7B%22Service%22%3A%22VPN%22%2C%22Roles%22%3A%5B%7B%22RoleName%22%3A%22AliyunVpnAccessingIdaasRole%22%2C%22TemplateId%22%3A%22IdaasRole%22%7D%5D%7D%5D%2C%22ReturnUrl%22%3A%22https%3A%2F%2Fvpc.console.aliyun.com%2Fsslvpn%2Fcn-shanghai%2Fvpn-servers%22%7D).
17557
+ # > - When you create an SSL server in the UAE (Dubai) region, we recommend that you associate the SSL server with an IDaaS EIAM 2.0 instance in Singapore to reduce latency.
17558
+ # > - IDaaS EIAM 1.0 instances are no longer for purchase. If your Alibaba Cloud account has IDaaS EIAM 1.0 instances, the IDaaS EIAM 1.0 instances can be associated after two-factor authentication is enabled. If your Alibaba Cloud account does not have IDaaS EIAM 1.0 instances, only IDaaS EIAM 2.0 instances can be associated after two-factor authentication is enabled.
17528
17559
  self.enable_multi_factor_auth = enable_multi_factor_auth
17529
17560
  # The ID of the IDaaS application.
17530
17561
  #
@@ -17537,13 +17568,12 @@ class CreateSslVpnServerRequest(TeaModel):
17537
17568
  self.idaa_sregion_id = idaa_sregion_id
17538
17569
  # The local CIDR block.
17539
17570
  #
17540
- # It is the CIDR block that your client needs to access by using the SSL-VPN connection.
17571
+ # The CIDR block that your client needs to access by using the SSL-VPN connection.
17541
17572
  #
17542
17573
  # This value can be the CIDR block of a VPC, a vSwitch, a data center that is connected to a VPC by using an Express Connect circuit, or an Alibaba Cloud service such as Object Storage Service (OSS).
17543
17574
  #
17544
17575
  # The subnet mask of the specified local CIDR block must be 8 to 32 bits in length. You cannot specify the following CIDR blocks as the local CIDR blocks:
17545
17576
  #
17546
- # * 100.64.0.0~100.127.255.255
17547
17577
  # * 127.0.0.0~127.255.255.255
17548
17578
  # * 169.254.0.0~169.254.255.255
17549
17579
  # * 224.0.0.0~239.255.255.255
@@ -19693,7 +19723,7 @@ class CreateVcoRouteEntryRequest(TeaModel):
19693
19723
  # The tunneling protocol. Set the value to **Ipsec**, which specifies the IPsec tunneling protocol.
19694
19724
  self.overlay_mode = overlay_mode
19695
19725
  self.owner_account = owner_account
19696
- # The ID of the region where the IPsec-VPN connection is established.
19726
+ # The region ID of the IPsec-VPN connection.
19697
19727
  #
19698
19728
  # You can call the [DescribeRegions](https://help.aliyun.com/document_detail/36063.html) operation to query the most recent region list.
19699
19729
  #
@@ -21634,8 +21664,15 @@ class CreateVpnAttachmentRequestTunnelOptionsSpecificationTunnelBgpConfig(TeaMod
21634
21664
  local_bgp_ip: str = None,
21635
21665
  tunnel_cidr: str = None,
21636
21666
  ):
21667
+ # The ANS of the tunnel on the Alibaba Cloud side. Valid values: **1** to **4294967295**. Default value: **45104**.
21668
+ #
21669
+ # > We recommend that you use a private ASN to establish BGP connections to Alibaba Cloud. Refer to the relevant documentation for the private ASN range.
21637
21670
  self.local_asn = local_asn
21671
+ # The BGP IP address of the tunnel on the Alibaba Cloud side. The address is an IP address that falls within the BGP CIDR block.
21638
21672
  self.local_bgp_ip = local_bgp_ip
21673
+ # The BGP CIDR block of the tunnel. The CIDR block must fall into 169.254.0.0/16 and the mask of the CIDR block must be 30 bits in length. The CIDR block cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, or 169.254.169.252/30.
21674
+ #
21675
+ # > The two tunnels of an IPsec-VPN connection must use different CIDR blocks.
21639
21676
  self.tunnel_cidr = tunnel_cidr
21640
21677
 
21641
21678
  def validate(self):
@@ -21679,14 +21716,40 @@ class CreateVpnAttachmentRequestTunnelOptionsSpecificationTunnelIkeConfig(TeaMod
21679
21716
  psk: str = None,
21680
21717
  remote_id: str = None,
21681
21718
  ):
21719
+ # The authentication algorithm that is used in Phase 1 negotiations. Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**. Default value: **sha1**.
21682
21720
  self.ike_auth_alg = ike_auth_alg
21721
+ # The encryption algorithm that is used in Phase 1 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**. Default value: **aes**.
21683
21722
  self.ike_enc_alg = ike_enc_alg
21723
+ # The SA lifetime as a result of Phase 1 negotiations. Unit: seconds.
21724
+ #
21725
+ # Valid values: **0** to **86400**. Default value: **86400**.
21684
21726
  self.ike_lifetime = ike_lifetime
21727
+ # The negotiation mode of IKE. Valid values: **main** and **aggressive**. Default value: **main**.
21728
+ #
21729
+ # * **main:** This mode offers higher security during negotiations.
21730
+ # * **aggressive**: This mode is faster with a higher success rate.
21685
21731
  self.ike_mode = ike_mode
21732
+ # The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value: **group2**.\\
21733
+ # Valid values: **group1**, **group2**, **group5**, and **group14**.
21686
21734
  self.ike_pfs = ike_pfs
21735
+ # The version of the IKE protocol. Valid values: **ikev1** and **ikev2**. Default value: **ikev2**.
21736
+ #
21737
+ # Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for scenarios with multiple CIDR blocks.
21687
21738
  self.ike_version = ike_version
21739
+ # The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. The identifier cannot exceed 100 characters in length and cannot contain spaces. The default value is the IP address of the tunnel.
21740
+ #
21741
+ # **LocalId** supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to **aggressive**.
21688
21742
  self.local_id = local_id
21743
+ # The pre-shared key that is used for identity authentication between the tunnel and the tunnel peer.
21744
+ #
21745
+ # * The key cannot contain spaces. The key must be 1 to 100 characters in length, and can contain digits, letters, and the following special characters: ``~!\\`@#$%^&*()_-+={}[]|;:\\",.<>/?``
21746
+ # * If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the [DescribeVpnAttachments](https://help.aliyun.com/document_detail/2526939.html) operation to query the pre-shared key that is automatically generated by the system.
21747
+ #
21748
+ # > The tunnel and the tunnel peer must use the same pre-shared key. Otherwise, the tunnel cannot be established.
21689
21749
  self.psk = psk
21750
+ # The identifier of the tunnel peer, which is used in Phase 1 negotiations. The identifier cannot exceed 100 characters in length and cannot contain spaces. The default value is the IP address of the customer gateway that is associated with the tunnel.
21751
+ #
21752
+ # **RemoteId** supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to **aggressive**.
21690
21753
  self.remote_id = remote_id
21691
21754
 
21692
21755
  def validate(self):
@@ -21749,9 +21812,19 @@ class CreateVpnAttachmentRequestTunnelOptionsSpecificationTunnelIpsecConfig(TeaM
21749
21812
  ipsec_lifetime: int = None,
21750
21813
  ipsec_pfs: str = None,
21751
21814
  ):
21815
+ # The authentication algorithm that is used in Phase 2 negotiations.
21816
+ #
21817
+ # Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**. Default value: **sha1**.
21752
21818
  self.ipsec_auth_alg = ipsec_auth_alg
21819
+ # The encryption algorithm that is used in Phase 2 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**. Default value: **aes**.
21753
21820
  self.ipsec_enc_alg = ipsec_enc_alg
21821
+ # The SA lifetime as a result of Phase 2 negotiations. Unit: seconds.
21822
+ #
21823
+ # Valid values: **0** to **86400**. Default value: **86400**.
21754
21824
  self.ipsec_lifetime = ipsec_lifetime
21825
+ # The Diffie-Hellman key exchange algorithm that is used in Phase 2 negotiations. Default value: **group2**.
21826
+ #
21827
+ # Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**.
21755
21828
  self.ipsec_pfs = ipsec_pfs
21756
21829
 
21757
21830
  def validate(self):
@@ -21797,12 +21870,32 @@ class CreateVpnAttachmentRequestTunnelOptionsSpecification(TeaModel):
21797
21870
  tunnel_index: int = None,
21798
21871
  tunnel_ipsec_config: CreateVpnAttachmentRequestTunnelOptionsSpecificationTunnelIpsecConfig = None,
21799
21872
  ):
21873
+ # The ID of the customer gateway that is associated with the tunnel.
21874
+ #
21875
+ # > This parameter is required when you create a dual-tunnel IPsec-VPN connection.
21800
21876
  self.customer_gateway_id = customer_gateway_id
21877
+ # Specifies whether to enable the DPD feature for the tunnel. Valid values:
21878
+ #
21879
+ # * **true** (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
21880
+ # * **false**: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
21801
21881
  self.enable_dpd = enable_dpd
21882
+ # Specifies whether to enable NAT traversal for the tunnel. Valid values:
21883
+ #
21884
+ # * **true** (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the IPsec-VPN tunnel.
21885
+ # * **false**: disables NAT traversal.
21802
21886
  self.enable_nat_traversal = enable_nat_traversal
21887
+ # The BGP configurations of the tunnel.
21888
+ #
21889
+ # > If you enable BGP for an IPsec-VPN connection, you must set **EnableTunnelsBgp** parameter to **true**.
21803
21890
  self.tunnel_bgp_config = tunnel_bgp_config
21891
+ # The configurations of Phase 1 negotiations.
21804
21892
  self.tunnel_ike_config = tunnel_ike_config
21893
+ # The order in which the tunnel was created.
21894
+ #
21895
+ # * **1**: Tunnel 1.
21896
+ # * **2**: Tunnel 2.
21805
21897
  self.tunnel_index = tunnel_index
21898
+ # The configurations of Phase 2 negotiations.
21806
21899
  self.tunnel_ipsec_config = tunnel_ipsec_config
21807
21900
 
21808
21901
  def validate(self):
@@ -21889,22 +21982,24 @@ class CreateVpnAttachmentRequest(TeaModel):
21889
21982
  # * **true** (default)
21890
21983
  # * **false**\
21891
21984
  self.auto_config_route = auto_config_route
21892
- # The Border Gateway Protocol (BGP) configurations:
21985
+ # This parameter is supported when you create an IPsec-VPN connection in single-tunnel mode.
21893
21986
  #
21894
- # * **BgpConfig.EnableBgp**: specifies whether to enable BGP. Valid values: **true** and **false**. Default value: false.
21987
+ # BGP configuration:
21988
+ #
21989
+ # * **BgpConfig.EnableBgp**: specifies whether to enable BGP. Valid values: **true** and **false** (default).
21895
21990
  #
21896
21991
  # * **BgpConfig.LocalAsn**: the ASN on the Alibaba Cloud side. Valid values: **1** to **4294967295**. Default value: **45104**.
21897
21992
  #
21898
- # You can enter the ASN in two segments. Separate the first 16 bits of the ASN from the remaining 16 bits with a period (.). Enter the number in each segment in decimal format.
21993
+ # You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format.
21899
21994
  #
21900
- # For example, if you enter 123.456, the ASN is: 123 × 65536 + 456 = 8061384.
21995
+ # For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
21901
21996
  #
21902
- # * **BgpConfig.TunnelCidr**: the CIDR block of the IPsec tunnel. The CIDR block falls within 169.254.0.0/16. The subnet mask of the CIDR block must be 30 bits in length.
21997
+ # * **BgpConfig.TunnelCidr**: The CIDR block of the IPsec tunnel. The CIDR block must fall into 169.254.0.0/16 and the mask of the CIDR block must be 30 bits in length. The CIDR block cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, or 169.254.169.252/30.
21903
21998
  #
21904
- # * **LocalBgpIp:** the BGP IP address on the Alibaba Cloud side. This IP address must fall within the CIDR block range of the IPsec tunnel.
21999
+ # * **LocalBgpIp**: the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
21905
22000
  #
21906
- # > * Before you configure BGP, we recommend that you learn about how BGP works and the limits. For more information, see [BGP dynamic routing ](https://help.aliyun.com/document_detail/170235.html).
21907
- # > * We recommend that you use a private ASN to establish a connection with Alibaba Cloud over BGP. Refer to the relevant documentation for the private ASN range.
22001
+ # > - Before you add BGP configurations, we recommend that you learn about how BGP works and the limits. For more information, see [Configure BGP dynamic routing](https://help.aliyun.com/document_detail/445767.html).
22002
+ # > - We recommend that you use a private ASN to establish BGP connections to Alibaba Cloud. Refer to the relevant documentation for the private ASN range.
21908
22003
  self.bgp_config = bgp_config
21909
22004
  # The client token that is used to ensure the idempotence of the request.
21910
22005
  #
@@ -21913,30 +22008,43 @@ class CreateVpnAttachmentRequest(TeaModel):
21913
22008
  # > If you do not specify this parameter, the system automatically uses the **request ID** as the **client token**. The **request ID** may be different for each request.
21914
22009
  self.client_token = client_token
21915
22010
  # The customer gateway ID.
22011
+ #
22012
+ # > This parameter is required only when you create a single-tunnel IPsec-VPN connection.
21916
22013
  self.customer_gateway_id = customer_gateway_id
21917
22014
  # Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
21918
22015
  #
21919
22016
  # * **true**: immediately starts IPsec negotiations after the configuration is complete.
21920
22017
  # * **false** (default): starts IPsec negotiations when inbound traffic is received.
21921
22018
  self.effect_immediately = effect_immediately
21922
- # Specifies whether to enable the dead peer detection (DPD) feature. Valid values:
22019
+ # This parameter is supported if you create an IPsec-VPN connection in single-tunnel mode.
21923
22020
  #
21924
- # * **true** (default) The initiator of the IPsec-VPN connection sends DPD packets to verify the existence and availability of the peer. If no response is received from the peer within a specified period of time, the connection fails. ISAKMP SAs and IPsec SAs are deleted. The IPsec tunnel is also deleted.
21925
- # * **false**\
22021
+ # Specifies whether to enable DPD. Valid values: Valid values:
22022
+ #
22023
+ # * **true** (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
22024
+ # * **false**: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
21926
22025
  self.enable_dpd = enable_dpd
22026
+ # This parameter is supported if you create an IPsec-VPN connection in single-tunnel mode.
22027
+ #
21927
22028
  # Specifies whether to enable NAT traversal. Valid values:
21928
22029
  #
21929
- # * **true** (default) After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the VPN tunnel.
21930
- # * **false**\
22030
+ # * **true** (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the IPsec-VPN tunnel.
22031
+ # * **false**: disables NAT traversal.
21931
22032
  self.enable_nat_traversal = enable_nat_traversal
22033
+ # This parameter is available if you create an IPsec-VPN connection in dual-tunnel mode.
22034
+ #
22035
+ # Specifies whether to enable the BGP feature for the tunnel. Valid values: **true** and **false**. Default value: false.
22036
+ #
22037
+ # > Before you add BGP configurations, we recommend that you learn about how BGP works and the limits. For more information, see [Configure BGP dynamic routing](https://help.aliyun.com/document_detail/445767.html)
21932
22038
  self.enable_tunnels_bgp = enable_tunnels_bgp
21933
- # The health check configuration:
22039
+ # This parameter is supported if you create an IPsec-VPN connection in single-tunnel mode.
21934
22040
  #
21935
- # * **HealthCheckConfig.enable**: specifies whether to enable health checks. Valid values: **true** and **false**. Default value: false.
22041
+ # The health check configurations:
21936
22042
  #
21937
- # * **HealthCheckConfig.dip**: the destination IP address configured for health checks. Enter the IP address on the data center side that the VPC can communicate with through the IPsec-VPN connection.
22043
+ # * **HealthCheckConfig.enable**: indicates whether the health check is enabled. Valid values: **true** and **false** (default).
21938
22044
  #
21939
- # * **HealthCheckConfig.sip**: the source IP address configured for health checks. Enter the IP address on the VPC side that the data center can communicate with through the IPsec-VPN connection.
22045
+ # * **HealthCheckConfig.dip**: the destination IP address configured for health checks. Enter the IP address of the on-premises data center that the VPC can access through the IPsec connection.
22046
+ #
22047
+ # * **HealthCheckConfig.sip**: the source IP address configured for health checks. Enter the IP address of the VPC that the on-premises data center can access through the IPsec connection.
21940
22048
  #
21941
22049
  # * **HealthCheckConfig.interval**: the time interval of health check retries. Unit: seconds. Default value: **3**.
21942
22050
  #
@@ -21947,11 +22055,13 @@ class CreateVpnAttachmentRequest(TeaModel):
21947
22055
  # * **revoke_route** (default): withdraws published routes.
21948
22056
  # * **reserve_route**: does not withdraw published routes.
21949
22057
  self.health_check_config = health_check_config
22058
+ # This parameter is supported if you create an IPsec-VPN connection in single-tunnel mode.
22059
+ #
21950
22060
  # The configurations of Phase 1 negotiations:
21951
22061
  #
21952
22062
  # * **IkeConfig.Psk**: the pre-shared key that is used for identity authentication between the VPN gateway and the on-premises data center.
21953
22063
  #
21954
- # * The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ``~!`@#$%^&*()_-+={}[]|;:\\",.<>/?``
22064
+ # * The key cannot contain space characters. The key must be 1 to 100 characters in length, and can contain digits, letters, and the following special characters: ``~!`@#$%^&*()_-+={}[]|;:\\",.<>/?``
21955
22065
  # * If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the [DescribeVpnConnection](https://help.aliyun.com/document_detail/2526951.html) operation to query the pre-shared key that is automatically generated by the system.
21956
22066
  #
21957
22067
  # > The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
@@ -21968,16 +22078,18 @@ class CreateVpnAttachmentRequest(TeaModel):
21968
22078
  #
21969
22079
  # * **IkeConfig.IkeLifetime**: the SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: **0** to **86400**. Default value: **86400**.
21970
22080
  #
21971
- # * **IkeConfig.LocalIdIPsec**: the identifier on the Alibaba Cloud side. The identifier cannot exceed 100 characters in length. This parameter is left empty by default.
22081
+ # * **IkeConfig.LocalId**: the identifier on the Alibaba Cloud side. The identifier cannot exceed 100 characters in length and cannot contain space characters. This parameter is empty by default.
21972
22082
  #
21973
- # * **IkeConfig.RemoteId**: the identifier on the data center side. The identifier cannot exceed 100 characters in length. The default value is the IP address of the customer gateway.
22083
+ # * **IkeConfig.RemoteId**: the identifier on the data center side. The identifier cannot exceed 100 characters in length and cannot contain space characters. The default value is the IP address of the customer gateway.
21974
22084
  self.ike_config = ike_config
22085
+ # This parameter is supported if you create an IPsec-VPN connection in single-tunnel mode.
22086
+ #
21975
22087
  # The configurations of Phase 2 negotiations:
21976
22088
  #
21977
22089
  # * **IpsecConfig.IpsecEncAlg**: the encryption algorithm that is used in Phase 2 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**. Default value: **aes**.
21978
22090
  # * **IpsecConfig. IpsecAuthAlg**: the authentication algorithm that is used in Phase 2 negotiations. Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**. Default value: **md5**.
21979
- # * **IpsecConfig. IpsecPfs**: the Diffie-Hellman key exchange algorithm that is used in Phase 2 negotiations. Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**. Default value: **group2**.
21980
- # * **IpsecConfig. IpsecLifetime**: the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: **0** to **86400**. Default value: **86400**.
22091
+ # * **IpsecConfig. IpsecPfs**: The Diffie-Hellman key exchange algorithm used in the second phase negotiation. Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**. Default value: **group2**.
22092
+ # * **IkeConfig.IkeLifetime**: the SA lifetime determined by Phase 2 negotiations. Unit: seconds. Valid values: **0** to **86400**. Default value: **86400**.
21981
22093
  self.ipsec_config = ipsec_config
21982
22094
  # The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.
21983
22095
  #
@@ -22032,6 +22144,10 @@ class CreateVpnAttachmentRequest(TeaModel):
22032
22144
  #
22033
22145
  # Each tag key corresponds to one tag value. You can specify up to 20 tag values in each call.
22034
22146
  self.tags = tags
22147
+ # The tunnel configurations.
22148
+ #
22149
+ # * You can specify parameters in the **TunnelOptionsSpecification** array when you create an IPsec-VPN connection in dual tunnel mode.
22150
+ # * When you create a IPsec-VPN connection in dual-tunnel mode, you must add both tunnels to IPsec-VPN connection to ensure that the IPsec-VPN connection has connection redundancy. Each IPsec-VPN connection supports only two tunnels.
22035
22151
  self.tunnel_options_specification = tunnel_options_specification
22036
22152
 
22037
22153
  def validate(self):
@@ -22327,15 +22443,13 @@ class CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelBgpConfig(TeaMod
22327
22443
  ):
22328
22444
  # The autonomous system number (ASN) of the tunnel on the Alibaba Cloud side. Valid values: **1** to **4294967295**. Default value: **45104**.
22329
22445
  #
22330
- #
22331
- #
22332
22446
  # > - If you set **EnableTunnelsBgp** to **true**, you must set this parameter.
22333
- # > - Before you add BGP configurations, we recommend that you learn about how BGP dynamic routing works and the limits. For more information, see [VPN Gateway supports BGP dynamic routing](https://help.aliyun.com/document_detail/170235.html).
22447
+ # > - Before you add BGP configurations, we recommend that you learn about how BGP dynamic routing works and the limits. For more information, see [Configure BGP dynamic routing](https://help.aliyun.com/document_detail/2638220.html).
22334
22448
  # > - We recommend that you use a private ASN to establish BGP connections to Alibaba Cloud. For information about the range of private ASNs, see the relevant documentation.
22335
22449
  self.local_asn = local_asn
22336
22450
  # The BGP IP address of the tunnel on the Alibaba Cloud side. The address is an IP address that falls within the BGP CIDR block.
22337
22451
  self.local_bgp_ip = local_bgp_ip
22338
- # The BGP CIDR block of the tunnel. The CIDR block must fall within the 169.254.0.0/16 range. The subnet mask of the CIDR block must be 30 bits in length.
22452
+ # The BGP CIDR block of the tunnel. The CIDR block must fall within 169.254.0.0/16 and the mask of the CIDR block must be 30 bits in length. The CIDR block cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, or 169.254.169.252/30.
22339
22453
  #
22340
22454
  # > The BGP CIDR block of each tunnel must be unique on a VPN gateway.
22341
22455
  self.tunnel_cidr = tunnel_cidr
@@ -22389,14 +22503,14 @@ class CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelIkeConfig(TeaMod
22389
22503
  #
22390
22504
  # Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**. Default value: **aes**.
22391
22505
  self.ike_enc_alg = ike_enc_alg
22392
- # The SA lifetime as a result of Phase 1 negotiations. Unit: seconds.
22506
+ # The SA lifetime as a result of Phase 1 negotiations. Unit: seconds
22393
22507
  #
22394
22508
  # Valid values: **0** to **86400**. Default value: **86400**.
22395
22509
  self.ike_lifetime = ike_lifetime
22396
22510
  # The negotiation mode of IKE. Valid values: **main** and **aggressive**. Default value: **main**.
22397
22511
  #
22398
22512
  # * **main:** This mode offers higher security during negotiations.
22399
- # * **aggressive**: This mode supports faster negotiations and a higher success rate.
22513
+ # * **aggressive:** This mode is faster and has a higher success rate.
22400
22514
  self.ike_mode = ike_mode
22401
22515
  # The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value: **group2**.\\
22402
22516
  # Valid values: **group1**, **group2**, **group5**, and **group14**.
@@ -22405,18 +22519,18 @@ class CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelIkeConfig(TeaMod
22405
22519
  #
22406
22520
  # Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for scenarios with multiple CIDR blocks.
22407
22521
  self.ike_version = ike_version
22408
- # The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the tunnel.
22522
+ # The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. The identifier cannot exceed 100 characters in length and cannot contain space characters. The default value is the IP address of the tunnel.
22409
22523
  #
22410
22524
  # **LocalId** supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to **aggressive**.
22411
22525
  self.local_id = local_id
22412
22526
  # The pre-shared key that is used for identity authentication between the tunnel and the tunnel peer.
22413
22527
  #
22414
- # * The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ``~!\\`@#$%^&*()_-+={}[]|;:\\",.<>/?``
22528
+ # * The key cannot contain spaces. The key must be 1 to 100 characters in length, and can contain digits, letters, and the following special characters: ``~!\\`@#$%^&*()_-+={}[]|;:\\",.<>/?``
22415
22529
  # * If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the [DescribeVpnConnection](https://help.aliyun.com/document_detail/2526951.html) operation to query the pre-shared key that is automatically generated by the system.
22416
22530
  #
22417
22531
  # > The tunnel and the tunnel peer must use the same pre-shared key. Otherwise, the tunnel cannot be established.
22418
22532
  self.psk = psk
22419
- # The identifier of the tunnel peer, which is used in Phase 1 negotiations. It can contain at most 100 characters. The default value is the IP address of the customer gateway that is associated with the tunnel.
22533
+ # The identifier of the tunnel peer, which is used in Phase 1 negotiations. The identifier cannot exceed 100 characters in length and cannot contain space characters. The default value is the IP address of the customer gateway that is associated with the tunnel.
22420
22534
  #
22421
22535
  # **RemoteId** supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to **aggressive**.
22422
22536
  self.remote_id = remote_id
@@ -22489,7 +22603,7 @@ class CreateVpnConnectionRequestTunnelOptionsSpecificationTunnelIpsecConfig(TeaM
22489
22603
  #
22490
22604
  # Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**. Default value: **aes**.
22491
22605
  self.ipsec_enc_alg = ipsec_enc_alg
22492
- # The SA lifetime as a result of Phase 2 negotiations. Unit: seconds.
22606
+ # The SA lifetime as a result of Phase 2 negotiations. Unit: seconds
22493
22607
  #
22494
22608
  # Valid values: **0** to **86400**. Default value: **86400**.
22495
22609
  self.ipsec_lifetime = ipsec_lifetime
@@ -22563,7 +22677,7 @@ class CreateVpnConnectionRequestTunnelOptionsSpecification(TeaModel):
22563
22677
  # * If the VPN gateway uses an SM certificate, this parameter is required.
22564
22678
  # * If the VPN gateway does not use an SM certificate, leave this parameter empty.
22565
22679
  self.remote_ca_certificate = remote_ca_certificate
22566
- # The role of the tunnel. Valid values: Valid values:
22680
+ # The role of the tunnel. Valid values:
22567
22681
  #
22568
22682
  # * **master**: The tunnel is an active tunnel.
22569
22683
  # * **slave**: The tunnel is a standby tunnel.
@@ -22663,7 +22777,7 @@ class CreateVpnConnectionRequest(TeaModel):
22663
22777
  # * **true** (default)
22664
22778
  # * **false**\
22665
22779
  self.auto_config_route = auto_config_route
22666
- # This parameter is supported when you create an IPsec-VPN connection in single-tunnel mode.
22780
+ # This parameter is supported if you create an IPsec-VPN connection in single-tunnel mode.
22667
22781
  #
22668
22782
  # BGP configuration:
22669
22783
  #
@@ -22675,14 +22789,14 @@ class CreateVpnConnectionRequest(TeaModel):
22675
22789
  #
22676
22790
  # For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
22677
22791
  #
22678
- # * **BgpConfig.TunnelCidr**: The CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16 and the subnet mask is 30 bits in length.
22792
+ # * **BgpConfig.TunnelCidr**: The CIDR block of the IPsec tunnel. The CIDR block must fall within 169.254.0.0/16 and the mask of the CIDR block must be 30 bits in length. The CIDR block cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, or 169.254.169.252/30.
22679
22793
  #
22680
- # >The CIDR block of the IPsec tunnel for each IPsec-VPN connection on a VPN gateway must be unique.
22794
+ # > The CIDR block of the IPsec tunnel for each IPsec-VPN connection on a VPN gateway must be unique.
22681
22795
  #
22682
22796
  # * **LocalBgpIp**: the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
22683
22797
  #
22684
- # > * Before you add BGP configurations, we recommend that you learn about how BGP works and the limits. For more information, see [VPN Gateway supports BGP dynamic routing](https://help.aliyun.com/document_detail/170235.html).
22685
- # > * We recommend that you use private ASN to establish BGP connections to Alibaba Cloud. Refer to the relevant documentation for the private ASN range.
22798
+ # > - Before you add BGP configurations, we recommend that you learn about how BGP works and the limits. For more information, see [Configure BGP dynamic routing](https://help.aliyun.com/document_detail/2638220.html).
22799
+ # > - We recommend that you use a private ASN to establish BGP connections to Alibaba Cloud. Refer to the relevant documentation for the private ASN range.
22686
22800
  self.bgp_config = bgp_config
22687
22801
  # The client token that is used to ensure the idempotence of the request.
22688
22802
  #
@@ -22733,13 +22847,11 @@ class CreateVpnConnectionRequest(TeaModel):
22733
22847
  #
22734
22848
  # * **IkeConfig.Psk**: the pre-shared key that is used for identity authentication between the VPN gateway and the on-premises data center.
22735
22849
  #
22736
- # * The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ``~!\\`@#$%^&*()_-+={}[]|;:\\",.<>/?``
22850
+ # * The key cannot contain spaces. The key must be 1 to 100 characters in length, and can contain digits, letters, and the following special characters: ``~!\\`@#$%^&*()_-+={}[]|;:\\",.<>/?``
22737
22851
  #
22738
22852
  # * If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the [DescribeVpnConnection](https://help.aliyun.com/document_detail/2526951.html) operation to query the pre-shared key that is automatically generated by the system.
22739
22853
  #
22740
- # **\
22741
- #
22742
- # **Note** The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
22854
+ # > The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
22743
22855
  #
22744
22856
  # * **IkeConfig.IkeVersion**: the version of the Internet Key Exchange (IKE) protocol. Valid values: **ikev1** and **ikev2**. Default value: **ikev1**.
22745
22857
  #
@@ -22748,7 +22860,7 @@ class CreateVpnConnectionRequest(TeaModel):
22748
22860
  # * **IkeConfig.IkeMode**: the negotiation mode of IKE. Valid values: **main** and **aggressive**. Default value: **main**.
22749
22861
  #
22750
22862
  # * **main:** This mode offers higher security during negotiations.
22751
- # * **aggressive**: This mode supports faster negotiations and a higher success rate.
22863
+ # * **aggressive:** This mode is faster and has a higher success rate.
22752
22864
  #
22753
22865
  # * **IkeConfig.IkeEncAlg**: the encryption algorithm that is used in Phase 1 negotiations.
22754
22866
  #
@@ -22760,11 +22872,11 @@ class CreateVpnConnectionRequest(TeaModel):
22760
22872
  #
22761
22873
  # * **IkeConfig.IkePfs**: the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: **group1**, **group2**, **group5**, and **group14**. Default value: **group2**.
22762
22874
  #
22763
- # * **IkeConfig.IkeLifetime**: the SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: **0** to **86400**. Default value: **86400**.
22875
+ # * **IkeConfig.IkeLifetime**: the SA lifetime as a result of Phase 1 negotiations. Unit: seconds Valid values: **0** to **86400**. Default value: **86400**.
22764
22876
  #
22765
- # * **IkeConfig.LocalId**: the identifier of the VPN gateway. It can contain at most 100 characters. The default value is the IP address of the VPN gateway.
22877
+ # * **IkeConfig.LocalId**: the identifier of the VPN gateway. It can be up to 100 characters in length and cannot contain space characters. The default value is the IP address of the VPN gateway.
22766
22878
  #
22767
- # * **IkeConfig.RemoteId**: the identifier of the customer gateway. It can contain at most 100 characters. The default value is the IP address of the customer gateway.
22879
+ # * **IkeConfig.RemoteId**: the identifier of the customer gateway. It can be up to 100 characters in length and cannot contain space characters. The default value is the IP address of the customer gateway.
22768
22880
  self.ike_config = ike_config
22769
22881
  # This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
22770
22882
  #
@@ -27271,7 +27383,16 @@ class DeleteIpv6GatewayRequest(TeaModel):
27271
27383
  resource_owner_account: str = None,
27272
27384
  resource_owner_id: int = None,
27273
27385
  ):
27386
+ # The client token that is used to ensure the idempotence of the request.
27387
+ #
27388
+ # You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters.
27389
+ #
27390
+ # > If you do not specify this parameter, the system automatically uses the **request ID** as the **client token**. The **request ID** may be different for each request.
27274
27391
  self.client_token = client_token
27392
+ # Specifies whether to perform only a dry run, without performing the actual request. Valid values:
27393
+ #
27394
+ # * **true**: performs only a dry run. The system checks the request for potential issues, including missing parameter values, incorrect request syntax, and service limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the `DryRunOperation` error code is returned.
27395
+ # * **false** (default): performs a dry run and performs the actual request. If the request passes the dry run, a 2xx HTTP status code is returned and the operation is performed.
27275
27396
  self.dry_run = dry_run
27276
27397
  # The ID of the IPv6 gateway that you want to delete.
27277
27398
  #
@@ -27416,7 +27537,12 @@ class DeleteIpv6InternetBandwidthRequest(TeaModel):
27416
27537
  resource_owner_account: str = None,
27417
27538
  resource_owner_id: int = None,
27418
27539
  ):
27540
+ # The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters. If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
27419
27541
  self.client_token = client_token
27542
+ # Specifies whether to perform only a dry run, without performing the actual request. Valid values:
27543
+ #
27544
+ # * **true**: performs only a dry run. The system checks the request for potential issues, including missing parameter values, incorrect request syntax, and service limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the `DryRunOperation` error code is returned.
27545
+ # * **false** (default): performs a dry run and performs the actual request. If the request passes the dry run, a 2xx HTTP status code is returned and the operation is performed.
27420
27546
  self.dry_run = dry_run
27421
27547
  # The ID of the IPv6 address.
27422
27548
  #
@@ -30766,7 +30892,7 @@ class DeleteVcoRouteEntryRequest(TeaModel):
30766
30892
  # The tunneling protocol. Set the value to **Ipsec**, which specifies the IPsec tunneling protocol.
30767
30893
  self.overlay_mode = overlay_mode
30768
30894
  self.owner_account = owner_account
30769
- # The ID of the region where the IPsec-VPN connection is established.
30895
+ # The region ID of the IPsec-VPN connection.
30770
30896
  #
30771
30897
  # You can call the [DescribeRegions](https://help.aliyun.com/document_detail/36063.html) operation to query the most recent region list.
30772
30898
  #
@@ -31069,6 +31195,11 @@ class DeleteVpcRequest(TeaModel):
31069
31195
  resource_owner_id: int = None,
31070
31196
  vpc_id: str = None,
31071
31197
  ):
31198
+ # The client token that is used to ensure the idempotence of the request.
31199
+ #
31200
+ # You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.
31201
+ #
31202
+ # > If you do not specify this parameter, the system automatically uses the **RequestId** as the **ClientToken**. The **RequestId** may be different for each request.
31072
31203
  self.client_token = client_token
31073
31204
  # Specifies whether to perform a dry run. Valid values:
31074
31205
  #
@@ -35068,9 +35199,9 @@ class DescribeCustomerGatewayResponseBodyTagsTag(TeaModel):
35068
35199
  key: str = None,
35069
35200
  value: str = None,
35070
35201
  ):
35071
- # The key of tag N.
35202
+ # The tag key.
35072
35203
  self.key = key
35073
- # The value of tag N.
35204
+ # The tag value.
35074
35205
  self.value = value
35075
35206
 
35076
35207
  def validate(self):
@@ -35158,7 +35289,7 @@ class DescribeCustomerGatewayResponseBody(TeaModel):
35158
35289
  self.customer_gateway_id = customer_gateway_id
35159
35290
  # The description of the customer gateway.
35160
35291
  self.description = description
35161
- # The public IP address of the gateway device in the data center.
35292
+ # The IP address of the gateway device in the data center.
35162
35293
  self.ip_address = ip_address
35163
35294
  # The name of the customer gateway.
35164
35295
  self.name = name
@@ -36538,6 +36669,7 @@ class DescribeEipAddressesResponseBodyEipAddressesEipAddress(TeaModel):
36538
36669
  second_limited: bool = None,
36539
36670
  security_protection_types: DescribeEipAddressesResponseBodyEipAddressesEipAddressSecurityProtectionTypes = None,
36540
36671
  segment_instance_id: str = None,
36672
+ service_id: int = None,
36541
36673
  service_managed: int = None,
36542
36674
  status: str = None,
36543
36675
  tags: DescribeEipAddressesResponseBodyEipAddressesEipAddressTags = None,
@@ -36678,6 +36810,7 @@ class DescribeEipAddressesResponseBodyEipAddressesEipAddress(TeaModel):
36678
36810
  #
36679
36811
  # This value is returned only when you query contiguous EIPs.
36680
36812
  self.segment_instance_id = segment_instance_id
36813
+ self.service_id = service_id
36681
36814
  # Indicates whether the resource is created by the service account. Valid values:
36682
36815
  #
36683
36816
  # * **0**\
@@ -36790,6 +36923,8 @@ class DescribeEipAddressesResponseBodyEipAddressesEipAddress(TeaModel):
36790
36923
  result['SecurityProtectionTypes'] = self.security_protection_types.to_map()
36791
36924
  if self.segment_instance_id is not None:
36792
36925
  result['SegmentInstanceId'] = self.segment_instance_id
36926
+ if self.service_id is not None:
36927
+ result['ServiceID'] = self.service_id
36793
36928
  if self.service_managed is not None:
36794
36929
  result['ServiceManaged'] = self.service_managed
36795
36930
  if self.status is not None:
@@ -36878,6 +37013,8 @@ class DescribeEipAddressesResponseBodyEipAddressesEipAddress(TeaModel):
36878
37013
  self.security_protection_types = temp_model.from_map(m['SecurityProtectionTypes'])
36879
37014
  if m.get('SegmentInstanceId') is not None:
36880
37015
  self.segment_instance_id = m.get('SegmentInstanceId')
37016
+ if m.get('ServiceID') is not None:
37017
+ self.service_id = m.get('ServiceID')
36881
37018
  if m.get('ServiceManaged') is not None:
36882
37019
  self.service_managed = m.get('ServiceManaged')
36883
37020
  if m.get('Status') is not None:
@@ -43951,6 +44088,11 @@ class DescribeIpv6AddressesRequest(TeaModel):
43951
44088
  v_switch_id: str = None,
43952
44089
  vpc_id: str = None,
43953
44090
  ):
44091
+ # The type of IP address. Valid values:
44092
+ #
44093
+ # - IPv6Address (default): indicates an IPv6 instance used to query a single IPv6 address.
44094
+ #
44095
+ # - IPv6Prefix: indicates an IPv6 instance used to query prefix CIDR blocks.
43954
44096
  self.address_type = address_type
43955
44097
  # The ID of the instance that is assigned the IPv6 address.
43956
44098
  self.associated_instance_id = associated_instance_id
@@ -43972,7 +44114,7 @@ class DescribeIpv6AddressesRequest(TeaModel):
43972
44114
  self.ipv_6internet_bandwidth_id = ipv_6internet_bandwidth_id
43973
44115
  # The name of the IPv6 address that you want to query.
43974
44116
  #
43975
- # The name must be 2 to 128 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). The name must start with a letter but cannot start with `http://` or `https://`.
44117
+ # The name must be 0 to 128 characters in length and cannot start with `http://` or `https://`.
43976
44118
  self.name = name
43977
44119
  # The type of communication supported by the IPv6 address. Valid values:
43978
44120
  #
@@ -43981,9 +44123,9 @@ class DescribeIpv6AddressesRequest(TeaModel):
43981
44123
  self.network_type = network_type
43982
44124
  self.owner_account = owner_account
43983
44125
  self.owner_id = owner_id
43984
- # The number of the page to return. Default value: **1**.
44126
+ # The page number. Default value: **1**.
43985
44127
  self.page_number = page_number
43986
- # The number of entries to return per page. Maximum value: **50**. Default value: **10**.
44128
+ # The number of entries per page. Maximum value: **50**. Default value: **10**.
43987
44129
  self.page_size = page_size
43988
44130
  # The ID of the region in which you want to query IPv6 addresses. You can call the [DescribeRegions](https://help.aliyun.com/document_detail/36063.html) operation to query the most recent region list.
43989
44131
  #
@@ -44320,6 +44462,10 @@ class DescribeIpv6AddressesResponseBodyIpv6AddressesIpv6Address(TeaModel):
44320
44462
  v_switch_id: str = None,
44321
44463
  vpc_id: str = None,
44322
44464
  ):
44465
+ # The type of IPv6 address. Valid values:
44466
+ #
44467
+ # * IPv6Address (default): indicates a single IPv6 IP.
44468
+ # * IPv6Prefix: indicates IPv6 CIDR.
44323
44469
  self.address_type = address_type
44324
44470
  # The time when the IPv6 address was created.
44325
44471
  self.allocation_time = allocation_time
@@ -44621,9 +44767,10 @@ class DescribeIpv6EgressOnlyRulesRequest(TeaModel):
44621
44767
  ):
44622
44768
  # The ID of the instance that is associated with the IPv6 address to which the egress-only rule is applied.
44623
44769
  self.instance_id = instance_id
44624
- # The type of the instance to which you want to apply the egress-only rule. Set the value to
44770
+ # The type of the instance to which you want to apply the egress-only rule. Valid values:
44625
44771
  #
44626
- # **Ipv6Address**, which specifies that the egress-only rule applies to an IPv6 address.
44772
+ # * IPv6Address (default)
44773
+ # * IPv6Prefix
44627
44774
  self.instance_type = instance_type
44628
44775
  # The ID of the egress-only rule that you want to query.
44629
44776
  self.ipv_6egress_only_rule_id = ipv_6egress_only_rule_id
@@ -44635,9 +44782,9 @@ class DescribeIpv6EgressOnlyRulesRequest(TeaModel):
44635
44782
  self.name = name
44636
44783
  self.owner_account = owner_account
44637
44784
  self.owner_id = owner_id
44638
- # The number of the page to return. Default value: **1**.
44785
+ # The page number. Default value: **1**.
44639
44786
  self.page_number = page_number
44640
- # The number of entries to return on each page. Maximum value: **50**. Default value: **10**.
44787
+ # The number of entries per page. Maximum value: **50**. Default value: **10**.
44641
44788
  self.page_size = page_size
44642
44789
  # The ID of the region where the IPv6 gateway is deployed. You can call the [DescribeRegions](https://help.aliyun.com/document_detail/36063.html) operation to query the most recent region list.
44643
44790
  #
@@ -54328,8 +54475,7 @@ class DescribeSslVpnClientCertsRequest(TeaModel):
54328
54475
  self.region_id = region_id
54329
54476
  # The ID of the resource group to which the SSL client certificate belongs.
54330
54477
  #
54331
- # The SSL client certificate is the same as the resource group of the SSL server associated with it.
54332
- # You can call the [DescribeSslVpnServers](https://help.aliyun.com/document_detail/2794078.html) operation to query the ID of the resource group to which the SSL server belongs.
54478
+ # The SSL client certificate and its associated SSL server belong to the same resource group. You can call the [DescribeSslVpnServers](https://help.aliyun.com/document_detail/2794078.html) operation to query the ID of the resource group to which the SSL server belongs.
54333
54479
  self.resource_group_id = resource_group_id
54334
54480
  self.resource_owner_account = resource_owner_account
54335
54481
  self.resource_owner_id = resource_owner_id
@@ -54410,21 +54556,21 @@ class DescribeSslVpnClientCertsResponseBodySslVpnClientCertKeysSslVpnClientCertK
54410
54556
  ssl_vpn_server_id: str = None,
54411
54557
  status: str = None,
54412
54558
  ):
54413
- # The timestamp that indicates when the SSL client certificate was created. Unit: millisecond.
54559
+ # The timestamp generated when the SSL client certificate was created. Unit: milliseconds.
54414
54560
  #
54415
- # This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.
54561
+ # This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.
54416
54562
  self.create_time = create_time
54417
- # The timestamp that indicates when the SSL client certificate expires. Unit: millisecond.
54563
+ # The timestamp generated when the SSL client certificate expires. Unit: milliseconds.
54418
54564
  #
54419
- # This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.
54565
+ # This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.
54420
54566
  self.end_time = end_time
54421
54567
  # The name of the SSL client certificate.
54422
54568
  self.name = name
54423
- # The region where the SSL client certificate is created.
54569
+ # The region ID of the SSL client certificate.
54424
54570
  self.region_id = region_id
54425
54571
  # The ID of the resource group to which the SSL client certificate belongs.
54426
54572
  #
54427
- # You can call the [ListResourceGroups](https://help.aliyun.com/document_detail/158855.html) operation to query the resource group information.
54573
+ # You can call the [ListResourceGroups](https://help.aliyun.com/document_detail/158855.html) operation to query resource groups.
54428
54574
  self.resource_group_id = resource_group_id
54429
54575
  # The ID of the SSL client certificate.
54430
54576
  self.ssl_vpn_client_cert_id = ssl_vpn_client_cert_id
@@ -54432,7 +54578,7 @@ class DescribeSslVpnClientCertsResponseBodySslVpnClientCertKeysSslVpnClientCertK
54432
54578
  self.ssl_vpn_server_id = ssl_vpn_server_id
54433
54579
  # The status of the SSL client certificate. Valid values:
54434
54580
  #
54435
- # * **expiring-soon**\
54581
+ # * **expiring-soon**: The certificate expires in one week.
54436
54582
  # * **normal**\
54437
54583
  # * **expired**\
54438
54584
  self.status = status
@@ -54931,11 +55077,9 @@ class DescribeSslVpnServersRequest(TeaModel):
54931
55077
  #
54932
55078
  # This parameter is required.
54933
55079
  self.region_id = region_id
54934
- # The ID of the resource group to which the SSL server belongs.
54935
- #
54936
- # The SSL server has the same resource group as its associated VPN gateway instance.
55080
+ # The resource group ID of the SSL server.
54937
55081
  #
54938
- # You can call the [DescribeVpnGateway](https://help.aliyun.com/document_detail/2526915.html) operation to query the ID of the resource group to which the VPN gateway instance belongs.
55082
+ # The SSL server and its associated VPN gateway belong to the same resource group. You can call the [DescribeVpnGateway](https://help.aliyun.com/document_detail/2794055.html) operation to query the ID of the resource group to which the VPN gateway belongs.
54939
55083
  self.resource_group_id = resource_group_id
54940
55084
  self.resource_owner_account = resource_owner_account
54941
55085
  self.resource_owner_id = resource_owner_id
@@ -55046,11 +55190,16 @@ class DescribeSslVpnServersResponseBodySslVpnServersSslVpnServer(TeaModel):
55046
55190
  # * **true**\
55047
55191
  # * **false** (default)
55048
55192
  self.enable_multi_factor_auth = enable_multi_factor_auth
55193
+ # The ID of the IDaaS application.
55049
55194
  self.idaa_sapplication_id = idaa_sapplication_id
55050
- # The ID of the IDaaS instance.
55195
+ # The ID of the IDaaS EIAM instance.
55051
55196
  self.idaa_sinstance_id = idaa_sinstance_id
55197
+ # The version of the IDaaS EIAM instance.
55198
+ #
55199
+ # * This parameter is returned only if the SSL server is associated with an IDaaS EIAM 2.0 instance. Only **EIAM 2.0** is returned.
55200
+ # * If the SSL server is associated with an IDaaS EIAM 1.0 instance, no value is returned.
55052
55201
  self.idaa_sinstance_version = idaa_sinstance_version
55053
- # The region ID of the IDaaS instance.
55202
+ # The region ID of the IDaaS EIAM instance.
55054
55203
  self.idaa_sregion_id = idaa_sregion_id
55055
55204
  # The public IP address of the VPN gateway.
55056
55205
  self.internet_ip = internet_ip
@@ -55058,19 +55207,19 @@ class DescribeSslVpnServersResponseBodySslVpnServersSslVpnServer(TeaModel):
55058
55207
  self.local_subnet = local_subnet
55059
55208
  # The maximum number of connections.
55060
55209
  self.max_connections = max_connections
55061
- # The name of the SSL-VPN server.
55210
+ # The name of the SSL server.
55062
55211
  self.name = name
55063
55212
  # The port that is used by the SSL-VPN server.
55064
55213
  self.port = port
55065
- # The protocol that is used by the SSL-VPN server.
55214
+ # The protocol that is used by the SSL server.
55066
55215
  self.proto = proto
55067
- # The region ID of the SSL-VPN server.
55216
+ # The region ID of the SSL server.
55068
55217
  self.region_id = region_id
55069
- # The resource group ID of the SSL-VPN server.
55218
+ # The resource group ID of the SSL server.
55070
55219
  #
55071
55220
  # You can call the [ListResourceGroups](https://help.aliyun.com/document_detail/158855.html) operation to query resource groups.
55072
55221
  self.resource_group_id = resource_group_id
55073
- # The ID of the SSL-VPN server.
55222
+ # The ID of the SSL server.
55074
55223
  self.ssl_vpn_server_id = ssl_vpn_server_id
55075
55224
  # The ID of the VPN gateway.
55076
55225
  self.vpn_gateway_id = vpn_gateway_id
@@ -55221,7 +55370,7 @@ class DescribeSslVpnServersResponseBody(TeaModel):
55221
55370
  self.page_size = page_size
55222
55371
  # The request ID.
55223
55372
  self.request_id = request_id
55224
- # The detailed information about the SSL-VPN server.
55373
+ # The detailed information about the SSL-VPN servers.
55225
55374
  self.ssl_vpn_servers = ssl_vpn_servers
55226
55375
  # The number of entries returned.
55227
55376
  self.total_count = total_count
@@ -57782,6 +57931,10 @@ class DescribeVcoRouteEntriesResponseBodyVcoRouteEntries(TeaModel):
57782
57931
  self.create_time = create_time
57783
57932
  # The next hop of the route.
57784
57933
  self.next_hop = next_hop
57934
+ # The list of next hops.
57935
+ #
57936
+ # > - This parameter is returned only by dual-tunnel IPsec connections.
57937
+ # > - This parameter is returned only when the tunnel status is **Phase 2 Negotiation Successful**.
57785
57938
  self.next_hop_tunnel_id_list = next_hop_tunnel_id_list
57786
57939
  # The destination CIDR block of the route.
57787
57940
  self.route_dest = route_dest
@@ -57802,10 +57955,9 @@ class DescribeVcoRouteEntriesResponseBodyVcoRouteEntries(TeaModel):
57802
57955
  self.state = state
57803
57956
  # The ID of the IPsec-VPN connection.
57804
57957
  self.vpn_connection_id = vpn_connection_id
57805
- # The weight of the destination-based route. Valid values:
57958
+ # The weight of the destination-based route.
57806
57959
  #
57807
- # * **0**: a low priority
57808
- # * **100**: a high priority
57960
+ # > The current parameter has no effect.
57809
57961
  self.weight = weight
57810
57962
 
57811
57963
  def validate(self):
@@ -57875,8 +58027,17 @@ class DescribeVcoRouteEntriesResponseBodyVpnRouteCounts(TeaModel):
57875
58027
  route_entry_type: str = None,
57876
58028
  source: str = None,
57877
58029
  ):
58030
+ # The number of route entries.
57878
58031
  self.route_count = route_count
58032
+ # The route type. Valid values:
58033
+ #
58034
+ # * **custom**: destination-based route.
58035
+ # * **bgp**: BGP route.
57879
58036
  self.route_entry_type = route_entry_type
58037
+ # The source of the BGP route. Valid values:
58038
+ #
58039
+ # * **CLOUD**: The current BGP route is learned by the IPsec connection from the transit router.
58040
+ # * **VPN_BGP**: The current BGP route is learned by the IPsec connection from the data center.
57880
58041
  self.source = source
57881
58042
 
57882
58043
  def validate(self):
@@ -57925,8 +58086,11 @@ class DescribeVcoRouteEntriesResponseBody(TeaModel):
57925
58086
  self.request_id = request_id
57926
58087
  # The number of entries returned.
57927
58088
  self.total_count = total_count
57928
- # The list of routes.
58089
+ # The list of route entries.
57929
58090
  self.vco_route_entries = vco_route_entries
58091
+ # The information on route entries of the dual-tunnel IPsec connection.
58092
+ #
58093
+ # > This parameter is returned only for IPsec connections in dual-tunnel mode.
57930
58094
  self.vpn_route_counts = vpn_route_counts
57931
58095
 
57932
58096
  def validate(self):
@@ -61326,7 +61490,9 @@ class DescribeVpnAttachmentsResponseBodyVpnAttachmentsTags(TeaModel):
61326
61490
  key: str = None,
61327
61491
  value: str = None,
61328
61492
  ):
61493
+ # The tag key of the IPsec-VPN connection.
61329
61494
  self.key = key
61495
+ # The tag value of the IPsec-VPN connection.
61330
61496
  self.value = value
61331
61497
 
61332
61498
  def validate(self):
@@ -61379,7 +61545,16 @@ class DescribeVpnAttachmentsResponseBodyVpnAttachments(TeaModel):
61379
61545
  self.instance_id = instance_id
61380
61546
  # The name of the IPsec-VPN connection.
61381
61547
  self.name = name
61548
+ # The system tags of the IPsec-VPN connection.
61549
+ #
61550
+ # You can check whether an IPsec-VPN connection supports BGP based on the system tags.
61551
+ #
61552
+ # **BGPSupport**: indicates whether the IPsec-VPN connection supports BGP.
61553
+ #
61554
+ # * **true**\
61555
+ # * **false**\
61382
61556
  self.tag = tag
61557
+ # The list of tags to be added to the IPsec-VPN connection.
61383
61558
  self.tags = tags
61384
61559
  # The ID of the transit router with which the IPsec-VPN connection is associated.
61385
61560
  self.transit_router_id = transit_router_id
@@ -62089,6 +62264,12 @@ class DescribeVpnConnectionResponseBodyTunnelOptionsSpecificationTunnelOptions(T
62089
62264
  self.tunnel_id = tunnel_id
62090
62265
  # The configuration of Phase 1 negotiations.
62091
62266
  self.tunnel_ike_config = tunnel_ike_config
62267
+ # The order in which the tunnel is created.
62268
+ #
62269
+ # * **1**: Tunnel 1.
62270
+ # * **2**: Tunnel 2.
62271
+ #
62272
+ # > This parameter is returned only if the IPsec-VPN connection is associated with a transit router.
62092
62273
  self.tunnel_index = tunnel_index
62093
62274
  # The configurations of Phase 2 negotiations.
62094
62275
  self.tunnel_ipsec_config = tunnel_ipsec_config
@@ -62509,9 +62690,9 @@ class DescribeVpnConnectionResponseBody(TeaModel):
62509
62690
  self.transit_router_id = transit_router_id
62510
62691
  # The name of the transit router.
62511
62692
  self.transit_router_name = transit_router_name
62512
- # The tunnel configuration of the IPsec-VPN connection.
62693
+ # The tunnel configurations of the IPsec-VPN connection.
62513
62694
  #
62514
- # Parameters in **TunnelOptionsSpecification** are returned only if you query IPsec-VPN connections in dual-tunnel mode.
62695
+ # Parameters in **TunnelOptionsSpecification** are returned only if you query an IPsec-VPN connection in dual-tunnel mode.
62515
62696
  self.tunnel_options_specification = tunnel_options_specification
62516
62697
  # The health check information about the IPsec-VPN connection.
62517
62698
  self.vco_health_check = vco_health_check
@@ -63038,9 +63219,9 @@ class DescribeVpnConnectionsRequest(TeaModel):
63038
63219
  self.customer_gateway_id = customer_gateway_id
63039
63220
  self.owner_account = owner_account
63040
63221
  self.owner_id = owner_id
63041
- # The number of the page to return. Default value: **1**.
63222
+ # The page number of the page to return. Default value: **1**.
63042
63223
  self.page_number = page_number
63043
- # The number of entries to return on each page. Default value: **10**. Valid values: **1** to **50**.
63224
+ # The number of entries returned on each page. Default value: **10**. Valid values: **1** to **50**.
63044
63225
  self.page_size = page_size
63045
63226
  # The ID of the region where the IPsec-VPN connection is created.
63046
63227
  #
@@ -63610,6 +63791,12 @@ class DescribeVpnConnectionsResponseBodyVpnConnectionsVpnConnectionTunnelOptions
63610
63791
  self.tunnel_id = tunnel_id
63611
63792
  # The configuration of Phase 1 negotiations.
63612
63793
  self.tunnel_ike_config = tunnel_ike_config
63794
+ # The order in which the tunnel is created.
63795
+ #
63796
+ # * **1**: Tunnel 1.
63797
+ # * **2**: Tunnel 2.
63798
+ #
63799
+ # > This parameter is returned only if the IPsec-VPN connection is associated with a transit router.
63613
63800
  self.tunnel_index = tunnel_index
63614
63801
  # The configurations of Phase 2 negotiations.
63615
63802
  self.tunnel_ipsec_config = tunnel_ipsec_config
@@ -64018,9 +64205,9 @@ class DescribeVpnConnectionsResponseBodyVpnConnectionsVpnConnection(TeaModel):
64018
64205
  self.transit_router_id = transit_router_id
64019
64206
  # The name of the transit router.
64020
64207
  self.transit_router_name = transit_router_name
64021
- # The tunnel configuration of the IPsec-VPN connection.
64208
+ # The tunnel configurations of the IPsec-VPN connection.
64022
64209
  #
64023
- # Parameters in **TunnelOptionsSpecification** are returned only if you query IPsec-VPN connections in dual-tunnel mode.
64210
+ # Parameters in **TunnelOptionsSpecification** are returned only if you query an IPsec-VPN connection in dual-tunnel mode.
64024
64211
  self.tunnel_options_specification = tunnel_options_specification
64025
64212
  # The health check configuration of the IPsec-VPN connection.
64026
64213
  self.vco_health_check = vco_health_check
@@ -64232,7 +64419,7 @@ class DescribeVpnConnectionsResponseBody(TeaModel):
64232
64419
  self.request_id = request_id
64233
64420
  # The total number of entries returned.
64234
64421
  self.total_count = total_count
64235
- # The information about the IPsec-VPN connection.
64422
+ # The information about the IPsec-VPN connections.
64236
64423
  self.vpn_connections = vpn_connections
64237
64424
 
64238
64425
  def validate(self):
@@ -64328,18 +64515,18 @@ class DescribeVpnCrossAccountAuthorizationsRequest(TeaModel):
64328
64515
  ):
64329
64516
  # The client token that is used to ensure the idempotence of the request.
64330
64517
  #
64331
- # You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken can contain only ASCII characters.
64518
+ # You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters.
64332
64519
  #
64333
- # > If you do not set this parameter, the system automatically uses **RequestId** as **ClientToken**. **RequestId** of each API request may be different.
64520
+ # > If you do not specify this parameter, the system automatically uses the **request ID** as the **client token**. The **request ID** may be different for each request.
64334
64521
  self.client_token = client_token
64335
64522
  self.owner_account = owner_account
64336
- # The number of the page to return. Default value: **1**.
64523
+ # The page number. Default value: **1**.
64337
64524
  self.page_number = page_number
64338
- # The number of entries to return on each page. Default value: **10**. Valid values: **1** to **50**.
64525
+ # The number of entries to return per page. Default value: **10**. Valid values: **1** to **50**.
64339
64526
  self.page_size = page_size
64340
64527
  # The ID of the region to which the IPsec-VPN connection belongs.
64341
64528
  #
64342
- # You can call the [DescribeRegions](https://help.aliyun.com/document_detail/36063.html) operation to query the most recent region list.
64529
+ # You can call the [DescribeRegions](https://help.aliyun.com/document_detail/36063.html) operation to query the region ID.
64343
64530
  #
64344
64531
  # This parameter is required.
64345
64532
  self.region_id = region_id
@@ -64412,13 +64599,13 @@ class DescribeVpnCrossAccountAuthorizationsResponseBodyCrossAccountAuthorization
64412
64599
  self.ali_uid = ali_uid
64413
64600
  # The ID of the CEN instance.
64414
64601
  self.bind_instance = bind_instance
64415
- # The resource type of the authorization.
64602
+ # The type of resource that can be associated with the IPsec-VPN connection.
64416
64603
  #
64417
- # The value is set to **CEN**, which indicates that the IPsec-VPN connection can be associated with a transit router of a Cloud Enterprise Network (CEN) instance that belongs to another Alibaba Cloud account.
64604
+ # Only **CEN** can be returned, which indicates that the IPsec-VPN connection is authorized to be associated with the transit router of a Cloud Enterprise Network (CEN) instance that belongs to another Alibaba Cloud account.
64418
64605
  self.bind_product = bind_product
64419
- # The ID of the Alibaba Cloud account whose resource the IPsec-VPN connection can be associated with.
64606
+ # The ID of the Alibaba Cloud account whose resources the IPsec-VPN connection is authorized to be associated with.
64420
64607
  self.bind_uid = bind_uid
64421
- # The timestamp when the authorization for the IPsec-VPN connection was created.
64608
+ # The time when the authorization for the IPsec-VPN connection was created.
64422
64609
  #
64423
64610
  # This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.
64424
64611
  self.creation_time = creation_time
@@ -64476,11 +64663,11 @@ class DescribeVpnCrossAccountAuthorizationsResponseBody(TeaModel):
64476
64663
  ):
64477
64664
  # The cross-account authorization information about the IPsec-VPN connection.
64478
64665
  self.cross_account_authorizations = cross_account_authorizations
64479
- # The page number of the returned page.
64666
+ # The page number.
64480
64667
  self.page_number = page_number
64481
- # The number of entries returned per page.
64668
+ # The number of entries per page.
64482
64669
  self.page_size = page_size
64483
- # The ID of the request.
64670
+ # The request ID.
64484
64671
  self.request_id = request_id
64485
64672
  # The number of entries returned.
64486
64673
  self.total_count = total_count
@@ -67020,9 +67207,7 @@ class DescribeVpnSslServerLogsResponseBody(TeaModel):
67020
67207
  ):
67021
67208
  # The number of log entries.
67022
67209
  self.count = count
67023
- # An array of strings.
67024
- #
67025
- # Each item in the array is a log entry.
67210
+ # Log information list.
67026
67211
  self.data = data
67027
67212
  # Indicates whether the log is accurate. Valid values:
67028
67213
  #
@@ -67793,10 +67978,10 @@ class DiagnoseVpnGatewayRequest(TeaModel):
67793
67978
  #
67794
67979
  # > If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
67795
67980
  self.client_token = client_token
67796
- # The configuration when you check the connectivity of the IPsec-VPN connection. Valid values:
67981
+ # Check the connectivity of the destination address. Valid values:
67797
67982
  #
67798
- # * **PrivateSourceIp**: the source IP address used when you check the connectivity of the IPsec-VPN connection. The source IP address must be on the VPC side.
67799
- # * **PrivateDestinationIp**: the destination IP address used when you check the connectivity of the IPsec-VPN connection. The destination IP address must be on the data center side.
67983
+ # * **PrivateSourceIp**: the source IP address. The source IP address must be on the VPC side.
67984
+ # * **PrivateDestinationIp**: the destination IP address. The destination IP address must be on the data center side.
67800
67985
  self.ipsec_extend_info = ipsec_extend_info
67801
67986
  # The region ID of the VPN gateway.
67802
67987
  #
@@ -67865,7 +68050,9 @@ class DiagnoseVpnGatewayResponseBody(TeaModel):
67865
68050
  diagnose_id: str = None,
67866
68051
  request_id: str = None,
67867
68052
  ):
67868
- # The ID of the diagnostic.
68053
+ # The diagnostic ID.
68054
+ #
68055
+ # After a diagnostic ID is returned, you can call [GetVpnGatewayDiagnoseResult](https://help.aliyun.com/document_detail/2521963.html) to query the diagnostic report.
67869
68056
  self.diagnose_id = diagnose_id
67870
68057
  # The request ID.
67871
68058
  self.request_id = request_id
@@ -75587,9 +75774,7 @@ class ListIpsecServerLogsResponseBody(TeaModel):
75587
75774
  ):
75588
75775
  # The number of entries on the current page.
75589
75776
  self.count = count
75590
- # An array of strings.
75591
- #
75592
- # Each item in the array is a log entry.
75777
+ # Log information list.
75593
75778
  self.data = data
75594
75779
  # Indicates whether the log is accurate. Valid values:
75595
75780
  #
@@ -85653,7 +85838,7 @@ class ModifyHaVipAttributeRequest(TeaModel):
85653
85838
  self.client_token = client_token
85654
85839
  # The description of the HAVIP.
85655
85840
  #
85656
- # The description must be 1 to 256 characters in length and cannot start with `http://` or `https://`.
85841
+ # The description must be 1 to 255 characters in length and cannot start with `http://` or `https://`.
85657
85842
  self.description = description
85658
85843
  # The ID of the HAVIP.
85659
85844
  #
@@ -86649,11 +86834,20 @@ class ModifyIpv6AddressAttributeRequest(TeaModel):
86649
86834
  resource_owner_account: str = None,
86650
86835
  resource_owner_id: int = None,
86651
86836
  ):
86837
+ # The client token that is used to ensure the idempotence of the request.
86838
+ #
86839
+ # You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters.
86840
+ #
86841
+ # > If you do not specify this parameter, the system automatically uses the **request ID** as the **client token**. The **request ID** may be different for each request.
86652
86842
  self.client_token = client_token
86653
86843
  # The description of the IPv6 address.
86654
86844
  #
86655
- # It must be 2 to 256 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). It must start with a letter. The name must start with a letter and cannot start with `http://` or `https://`.
86845
+ # The description must be 0 to 256 characters in length and cannot start with `http://` or `https://`.
86656
86846
  self.description = description
86847
+ # Specifies whether to perform a dry run, without performing the actual request. Valid values:
86848
+ #
86849
+ # * **true**: performs only a dry run. The system checks the request for potential issues, including missing parameter values, incorrect request syntax, and service limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the `DryRunOperation` error code is returned.
86850
+ # * **false** (default): performs a dry run and performs the actual request. If the request passes the dry run, a 2xx HTTP status code is returned and the operation is performed.
86657
86851
  self.dry_run = dry_run
86658
86852
  # The ID of the IPv6 address.
86659
86853
  #
@@ -86661,7 +86855,7 @@ class ModifyIpv6AddressAttributeRequest(TeaModel):
86661
86855
  self.ipv_6address_id = ipv_6address_id
86662
86856
  # The name of the IPv6 address.
86663
86857
  #
86664
- # The name must be 2 to 128 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). The name must start with a letter. The name must start with a letter and cannot start with `http://` or `https://`.
86858
+ # The name must be 0 to 128 characters in length and cannot start with `http://` or `https://`.
86665
86859
  self.name = name
86666
86860
  self.owner_account = owner_account
86667
86861
  self.owner_id = owner_id
@@ -86811,9 +87005,20 @@ class ModifyIpv6GatewayAttributeRequest(TeaModel):
86811
87005
  resource_owner_account: str = None,
86812
87006
  resource_owner_id: int = None,
86813
87007
  ):
87008
+ # The client token that is used to ensure the idempotence of the request.
87009
+ #
87010
+ # You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters.
87011
+ #
87012
+ # > If you do not specify this parameter, the system automatically uses the **request ID** as the **client token**. The **request ID** may be different for each request.
86814
87013
  self.client_token = client_token
86815
87014
  # The description of the IPv6 gateway.
87015
+ #
87016
+ # The description must be 0 to 256 characters in length and cannot start with `http://` or `https://`.
86816
87017
  self.description = description
87018
+ # Specifies whether to perform only a dry run, without performing the actual request. Valid values:
87019
+ #
87020
+ # * **true**: performs only a dry run. The system checks the request for potential issues, including invalid AccessKey pairs, unauthorized RAM users, and missing parameter values. If the request fails the dry run, an error message is returned. If the request passes dry run, the `DryRunOperation` error code is returned.
87021
+ # * **false**: sends the API request. After the request passes the check, a 2XX HTTP status code is returned and the gateway endpoint is associated with the route table. This is the default value.
86817
87022
  self.dry_run = dry_run
86818
87023
  # The ID of the IPv6 gateway that you want to modify.
86819
87024
  #
@@ -86821,7 +87026,7 @@ class ModifyIpv6GatewayAttributeRequest(TeaModel):
86821
87026
  self.ipv_6gateway_id = ipv_6gateway_id
86822
87027
  # The name of the IPv6 gateway.
86823
87028
  #
86824
- # It must be 2 to 256 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). It must start with a letter. The name must start with a letter and cannot start with `http://` or `https://`.
87029
+ # The name must be 0 to 128 characters in length and cannot start with `http://` or `https://`.
86825
87030
  self.name = name
86826
87031
  self.owner_account = owner_account
86827
87032
  self.owner_id = owner_id
@@ -88592,6 +88797,11 @@ class ModifyRouteTableAttributesRequest(TeaModel):
88592
88797
  self.region_id = region_id
88593
88798
  self.resource_owner_account = resource_owner_account
88594
88799
  self.resource_owner_id = resource_owner_id
88800
+ # Indicates whether to enable route propagation to receive dynamic routes. Valid values:
88801
+ #
88802
+ # - **true** (default): enables route propagation.
88803
+ #
88804
+ # - **false**: disables route propagation.
88595
88805
  self.route_propagation_enable = route_propagation_enable
88596
88806
  # The ID of the route table.
88597
88807
  #
@@ -89522,7 +89732,45 @@ class ModifySslVpnServerRequest(TeaModel):
89522
89732
  # * **AES-256-CBC**\
89523
89733
  # * **none**\
89524
89734
  self.cipher = cipher
89525
- # The client IP address pool.
89735
+ # The client CIDR block.
89736
+ #
89737
+ # The CIDR block from which an IP address is allocated to the virtual network interface controller (NIC) of the client, rather than the private CIDR block.
89738
+ #
89739
+ # If the client accesses the SSL server over an SSL-VPN connection, the VPN gateway assigns an IP address from the specified client CIDR block for the client to access cloud resources.
89740
+ #
89741
+ # Make sure that the number of IP addresses in the client CIDR block is at least four times the maximum number of SSL-VPN connections supported by the VPN gateway.
89742
+ #
89743
+ # <details>
89744
+ # <summary>Click to view the reason.</summary>
89745
+ #
89746
+ # For example, if you specify 192.168.0.0/24 as the client CIDR block, the system first divides a subnet CIDR block with a subnet mask of 30 from 192.168.0.0/24, such as 192.168.0.4/30. This subnet provides up to four IP addresses. Then, the system allocates an IP address from 192.168.0.4/30 to the client and uses the other three IP addresses to ensure network communication. In this case, one client consumes four IP addresses. Therefore, to ensure that an IP address is assigned to your client, the number of IP addresses in the client CIDR block must be at least four times the maximum number of SSL-VPN connections supported by the VPN gateway with which the SSL server is associated.
89747
+ # </details>
89748
+ # <details>
89749
+ # <summary>Click to view the CIDR blocks that are not supported.</summary>
89750
+ #
89751
+ # * 100.64.0.0~100.127.255.255
89752
+ # * 127.0.0.0~127.255.255.255
89753
+ # * 169.254.0.0~169.254.255.255
89754
+ # * 224.0.0.0~239.255.255.255
89755
+ # * 255.0.0.0~255.255.255.255
89756
+ # </details>
89757
+ # <details>
89758
+ # <summary>Click to view the recommended client CIDR blocks for different numbers of SSL-VPN connections.</summary>
89759
+ #
89760
+ # * If the number of SSL-VPN connections is 5, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 27 bits in length. Examples: 10.0.0.0/27 and 10.0.0.0/26.
89761
+ # * If the number of SSL-VPN connections is 10, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 26 bits in length. Examples: 10.0.0.0/26 and 10.0.0.0/25.
89762
+ # * If the number of SSL-VPN connections is 20, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 25 bits in length. Examples: 10.0.0.0/25 and 10.0.0.0/24.
89763
+ # * If the number of SSL-VPN connections is 50, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 24 bits in length. Examples: 10.0.0.0/24 and 10.0.0.0/23.
89764
+ # * If the number of SSL-VPN connections is 100, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 23 bits in length. Examples: 10.0.0.0/23 and 10.0.0.0/22.
89765
+ # * If the number of SSL-VPN connections is 200, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 22 bits in length. Examples: 10.0.0.0/22 and 10.0.0.0/21.
89766
+ # * If the number of SSL-VPN connections is 500, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 21 bits in length. Examples: 10.0.0.0/21 and 10.0.0.0/20.
89767
+ # * If the number of SSL-VPN connections is 1,000, we recommend that you specify a client CIDR block with a subnet mask that is less than or equal to 20 bits in length. Examples: 10.0.0.0/20 and 10.0.0.0/19.
89768
+ # </details>
89769
+ #
89770
+ # > - The subnet mask of the client CIDR block must be 16 to 29 bits in length.
89771
+ # > - Make sure that the client CIDR block does not overlap with the local CIDR block, the VPC CIDR block, or route CIDR blocks associated with the client.
89772
+ # > - We recommend that you use 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or one of their subnets as the client CIDR block. If you want to specify a public CIDR block as the client CIDR block, you must specify the public CIDR block as the user CIDR block of the virtual private cloud (VPC). This way, the VPC can access the public CIDR block. For more information, see [VPC FAQs](https://help.aliyun.com/document_detail/185311.html).
89773
+ # > - After you create an SSL server, the system automatically adds routes that point to the client CIDR block to the VPC route table. Do not manually add routes that point to the client CIDR block. Otherwise, SSL-VPN connections cannot work as expected.
89526
89774
  self.client_ip_pool = client_ip_pool
89527
89775
  # The client token that is used to ensure the idempotence of the request.
89528
89776
  #
@@ -89535,20 +89783,36 @@ class ModifySslVpnServerRequest(TeaModel):
89535
89783
  # * **true** (default)
89536
89784
  # * **false**\
89537
89785
  self.compress = compress
89538
- # Specifies whether to enable two-factor authentication. If you enable two-factor authentication, you must also specify an IDaaS instance ID. Valid values:
89786
+ # Specifies whether to enable two-factor authentication. To enable two-factor authentication, you need to specify **IDaaSInstanceId**, **IDaaSRegionId**, and **IDaaSApplicationId**. Valid values:
89539
89787
  #
89540
- # * **true**\
89541
- # * **false**\
89788
+ # * **true**: enables the feature.
89789
+ # * **false**: disables the feature.
89542
89790
  #
89543
- # > * Two-factor authentication supports only IDaaS instances of earlier versions. If you do not have and cannot create IDaaS instances of earlier versions, you cannot enable two-factor authentication.
89544
- # > * For existing SSL servers, if two-factor authentication is already enabled, you can continue to use two-factor authentication.
89791
+ # > - If you use two-factor authentication for the first time, you must first complete [authorization](https://ram.console.aliyun.com/role/authorization?request=%7B%22Services%22%3A%5B%7B%22Service%22%3A%22VPN%22%2C%22Roles%22%3A%5B%7B%22RoleName%22%3A%22AliyunVpnAccessingIdaasRole%22%2C%22TemplateId%22%3A%22IdaasRole%22%7D%5D%7D%5D%2C%22ReturnUrl%22%3A%22https%3A%2F%2Fvpc.console.aliyun.com%2Fsslvpn%2Fcn-shanghai%2Fvpn-servers%22%7D).
89792
+ # > - When you create an SSL server in the UAE (Dubai) region, we recommend that you associate the SSL server with an IDaaS EIAM 2.0 instance in Singapore to reduce latency.
89793
+ # > - IDaaS EIAM 1.0 instances are no longer available for purchase. If your Alibaba Cloud account has IDaaS EIAM 1.0 instances, the IDaaS EIAM 1.0 instances can be associated after two-factor authentication is enabled. If your Alibaba Cloud account does not have IDaaS EIAM 1.0 instances, only IDaaS EIAM 2.0 instances can be associated after two-factor authentication is enabled.
89545
89794
  self.enable_multi_factor_auth = enable_multi_factor_auth
89795
+ # The ID of the IDaaS application.
89796
+ #
89797
+ # * If an IDaaS EIAM 2.0 instance is associated, you need to specify an IDaaS application ID.
89798
+ # * If an IDaaS EIAM 1.0 instance is associated, you do not need to specify an IDaaS application ID.
89546
89799
  self.idaa_sapplication_id = idaa_sapplication_id
89547
- # The ID of the Identity as a Service (IDaaS) instance.
89800
+ # The ID of the IDaaS EIAM instance.
89548
89801
  self.idaa_sinstance_id = idaa_sinstance_id
89549
- # The ID of the region where the IDaaS instance is created.
89802
+ # The region ID of the IDaaS EIAM instance.
89550
89803
  self.idaa_sregion_id = idaa_sregion_id
89551
- # The CIDR block of the client.
89804
+ # The local CIDR block.
89805
+ #
89806
+ # The CIDR block that your client needs to access by using the SSL-VPN connection.
89807
+ #
89808
+ # This value can be the CIDR block of a VPC, a vSwitch, a data center that is connected to a VPC by using an Express Connect circuit, or an Alibaba Cloud service such as Object Storage Service (OSS).
89809
+ #
89810
+ # The subnet mask of the specified local CIDR block must be 8 to 32 bits in length. You cannot specify the following CIDR blocks as the local CIDR blocks:
89811
+ #
89812
+ # * 127.0.0.0~127.255.255.255
89813
+ # * 169.254.0.0~169.254.255.255
89814
+ # * 224.0.0.0~239.255.255.255
89815
+ # * 255.0.0.0~255.255.255.255
89552
89816
  self.local_subnet = local_subnet
89553
89817
  # The name of the SSL server.
89554
89818
  #
@@ -89692,7 +89956,7 @@ class ModifySslVpnServerResponseBody(TeaModel):
89692
89956
  ):
89693
89957
  # The encryption algorithm.
89694
89958
  self.cipher = cipher
89695
- # The client IP address pool.
89959
+ # The client CIDR block.
89696
89960
  self.client_ip_pool = client_ip_pool
89697
89961
  # Indicates whether data compression is enabled.
89698
89962
  self.compress = compress
@@ -89705,13 +89969,18 @@ class ModifySslVpnServerResponseBody(TeaModel):
89705
89969
  # * **true**\
89706
89970
  # * **false** (default)
89707
89971
  self.enable_multi_factor_auth = enable_multi_factor_auth
89972
+ # The ID of the IDaaS application.
89708
89973
  self.idaa_sapplication_id = idaa_sapplication_id
89709
- # The ID of the IDaaS instance.
89974
+ # The ID of the IDaaS EIAM instance.
89710
89975
  self.idaa_sinstance_id = idaa_sinstance_id
89976
+ # The version of the IDaaS EIAM instance.
89977
+ #
89978
+ # * This parameter is returned only if the SSL server is associated with an IDaaS EIAM 2.0 instance. Only **EIAM 2.0** is returned.
89979
+ # * If the SSL server is associated with an IDaaS EIAM 1.0 instance, no value is returned.
89711
89980
  self.idaa_sinstance_version = idaa_sinstance_version
89712
89981
  # The public IP address.
89713
89982
  self.internet_ip = internet_ip
89714
- # The CIDR block of the client.
89983
+ # The local CIDR block.
89715
89984
  self.local_subnet = local_subnet
89716
89985
  # The maximum number of connections.
89717
89986
  self.max_connections = max_connections
@@ -89884,7 +90153,7 @@ class ModifyTunnelAttributeRequestTunnelOptionsSpecificationTunnelBgpConfig(TeaM
89884
90153
  self.local_bgp_ip = local_bgp_ip
89885
90154
  # The CIDR block of the tunnel.
89886
90155
  #
89887
- # The CIDR block must fall into 169.254.0.0/16. The subnet mask of the CIDR block must be 30 bits in length.
90156
+ # The CIDR block must fall within the 169.254.0.0/16 range. The subnet mask of the CIDR block must be 30 bits in length.
89888
90157
  self.tunnel_cidr = tunnel_cidr
89889
90158
 
89890
90159
  def validate(self):
@@ -89935,28 +90204,28 @@ class ModifyTunnelAttributeRequestTunnelOptionsSpecificationTunnelIkeConfig(TeaM
89935
90204
  self.ike_auth_alg = ike_auth_alg
89936
90205
  # The encryption algorithm that is used in IKE Phase 1 negotiations.
89937
90206
  #
89938
- # * Valid values when the IPsec connection is attached to a standard VPN gateway: **aes**, **aes192**, **sha256**, **des**, and **3des**.
89939
- # * Valid values when the IPsec connection is attached to a VPN gateway that uses an SM certificate: **sm4**.
90207
+ # * Valid values when the IPsec connection is attached to a standard VPN gateway: **aes**, **aes192**, **aes256**, **des**, and **3des**.
90208
+ # * If the IPsec connection is attached to a VPN gateway that uses an SM certificate, set the value to **sm4**.
89940
90209
  self.ike_enc_alg = ike_enc_alg
89941
- # The SA lifetime that is used in IKE Phase 1 negotiations. Unit: seconds. Valid values: **0 to 86400**.
90210
+ # The SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: **0 to 86400**.
89942
90211
  self.ike_lifetime = ike_lifetime
89943
- # The IKE negotiation mode. Valid values:
90212
+ # The negotiation mode of IKE. Valid values:
89944
90213
  #
89945
90214
  # * **main:** This mode offers higher security during negotiations.
89946
- # * **aggressive:** This mode is faster and has a higher success rate.
90215
+ # * **aggressive**: This mode is faster and has a higher success rate.
89947
90216
  self.ike_mode = ike_mode
89948
- # The Diffie-Hellman (DH) key exchange algorithm that is used in IKE Phase 1 negotiations. Valid values: **group1**, **group2**, **group5**, and **group14**.
90217
+ # The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: **group1**, **group2**, **group5**, and **group14**.
89949
90218
  self.ike_pfs = ike_pfs
89950
- # The IKE version. Valid values: **ikev1** and **ikev2**.
90219
+ # The version of the IKE protocol. Valid values: **ikev1** and **ikev2**.
89951
90220
  self.ike_version = ike_version
89952
- # The tunnel identifier. The identifier can be up to 100 characters in length, and supports fully qualified domain names (FQDNs) and IP addresses. The default identifier is the tunnel IP address.
90221
+ # The tunnel identifier. The identifier can be up to 100 characters in length, and supports FQDNs and IP addresses. The default value is the IP address of the tunnel.
89953
90222
  self.local_id = local_id
89954
90223
  # The pre-shared key that is used to verify identities between the tunnel and peer.
89955
90224
  #
89956
- # * It must be 1 to 100 characters in length, and can contain letters, digits, and the following characters: ``~!`@#$%^&*()_-+={}[]|;:\\",.<>/?``
89957
- # * If you do not specify a pre-shared key, the system generates a random 16-character string as the pre-shared key. You can call the [DescribeVpnConnection](https://help.aliyun.com/document_detail/120374.html) operation to query the pre-shared key that is generated by the system.
90225
+ # * The key must be 1 to 100 characters in length and can contain digits, letters, and the following special characters: ``~!`@#$%^&*()_-+={}[]|;:\\",.<>/?``
90226
+ # * If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the [DescribeVpnConnection](https://help.aliyun.com/document_detail/120374.html) operation to query the pre-shared key that is automatically generated by the system.
89958
90227
  #
89959
- # > The pre-shared key that is configured for the tunnel and the tunnel peer must be the same. Otherwise, the system cannot establish the tunnel.
90228
+ # > The pre-shared key that is configured for the tunnel and the tunnel peer must be the same. Otherwise, the system cannot establish the tunnel.
89960
90229
  self.psk = psk
89961
90230
  # The peer identifier. The identifier can be up to 100 characters in length, and supports FQDNs and IP addresses. The default identifier is the IP address of the customer gateway associated with the tunnel.
89962
90231
  self.remote_id = remote_id
@@ -90028,12 +90297,12 @@ class ModifyTunnelAttributeRequestTunnelOptionsSpecificationTunnelIpsecConfig(Te
90028
90297
  self.ipsec_auth_alg = ipsec_auth_alg
90029
90298
  # The encryption algorithm that is used in IPsec Phase 2 negotiations.
90030
90299
  #
90031
- # * Valid values when the IPsec connection is attached to a standard VPN gateway: **aes**, **aes192**, **sha256**, **des**, and **3des**.
90032
- # * Valid values when the IPsec connection is attached to a VPN gateway that uses an SM certificate: **sm4**.
90300
+ # * Valid values when the IPsec connection is attached to a standard VPN gateway: **aes**, **aes192**, **aes256**, **des**, and **3des**.
90301
+ # * If the IPsec connection is attached to a VPN gateway that uses an SM certificate, set the value to **sm4**.
90033
90302
  self.ipsec_enc_alg = ipsec_enc_alg
90034
- # The SA lifetime that is used in IPsec Phase 2 negotiations. Unit: seconds. Valid values: **0 to 86400**.
90303
+ # The SA lifetime as a result of Phase 2 negotiations. Unit: seconds. Valid values: **0 to 86400**.
90035
90304
  self.ipsec_lifetime = ipsec_lifetime
90036
- # The DH key exchange algorithm that is used in IPsec Phase 2 negotiations. Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**.
90305
+ # The Diffie-Hellman key exchange algorithm that is used in Phase 2 negotiations. Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**.
90037
90306
  self.ipsec_pfs = ipsec_pfs
90038
90307
 
90039
90308
  def validate(self):
@@ -90080,15 +90349,15 @@ class ModifyTunnelAttributeRequestTunnelOptionsSpecification(TeaModel):
90080
90349
  tunnel_ipsec_config: ModifyTunnelAttributeRequestTunnelOptionsSpecificationTunnelIpsecConfig = None,
90081
90350
  ):
90082
90351
  self.customer_gateway_id = customer_gateway_id
90083
- # Specifies whether to enable the dead peer detection (DPD) feature. Valid values:
90352
+ # Specifies whether to enable dead peer detection (DPD). Valid values: Valid values:
90084
90353
  #
90085
- # * **true**: DPD is enabled. The IPsec initiator sends DPD packets to verify the existence and availability of the IPsec peer. If no response is received from the peer within a specified period of time, the IPsec peer is considered disconnected. Then, the ISAKMP SA, IPsec SA, and IPsec tunnel are deleted.
90354
+ # * **true** The IPsec initiator sends DPD packets to verify the existence and availability of the IPsec peer. If no response is received from the peer within a specified period of time, the IPsec peer is considered disconnected. Then, the ISAKMP SA, IPsec SA, and IPsec tunnel are deleted.
90086
90355
  # * **false**: DPD is disabled. The IPsec initiator does not send DPD packets.
90087
90356
  self.enable_dpd = enable_dpd
90088
90357
  # Specifies whether to enable NAT traversal. Valid values:
90089
90358
  #
90090
- # * **true**: NAT traversal is enabled. After NAT traversal is enabled, the initiator does not check the UDP ports during Internet Key Exchange (IKE) negotiations and can automatically discover NAT gateway devices along the IPsec-VPN tunnel.
90091
- # * **false**: NAT traversal is disabled.
90359
+ # * **true**: enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the IPsec-VPN tunnel.
90360
+ # * **false**: disables NAT traversal.
90092
90361
  self.enable_nat_traversal = enable_nat_traversal
90093
90362
  # The peer certificate authority (CA) certificate when you want to attach the IPsec connection to a virtual private network (VPN) gateway that uses a ShangMi (SM) certificate.
90094
90363
  self.remote_ca_certificate = remote_ca_certificate
@@ -91151,7 +91420,7 @@ class ModifyVcoRouteEntryWeightRequest(TeaModel):
91151
91420
  # The tunneling protocol. Set the value to **Ipsec**, which specifies the IPsec tunneling protocol.
91152
91421
  self.overlay_mode = overlay_mode
91153
91422
  self.owner_account = owner_account
91154
- # The ID of the region where the IPsec-VPN connection is established.
91423
+ # The region ID of the IPsec-VPN connection.
91155
91424
  #
91156
91425
  # You can call the [DescribeRegions](https://help.aliyun.com/document_detail/36063.html) operation to query the most recent region list.
91157
91426
  #
@@ -91628,6 +91897,10 @@ class ModifyVpcAttributeRequest(TeaModel):
91628
91897
  #
91629
91898
  # The description must be 1 to 256 characters in length, and cannot start with `http://` or `https://`.
91630
91899
  self.description = description
91900
+ # Indicates whether the DNS hostname feature is enabled. Valid values:
91901
+ #
91902
+ # * **false** (default): disabled.
91903
+ # * **true**: enabled.
91631
91904
  self.enable_dns_hostname = enable_dns_hostname
91632
91905
  # Specifies whether to enable IPv6 CIDR blocks. Valid values:
91633
91906
  #
@@ -92096,8 +92369,15 @@ class ModifyVpnAttachmentAttributeRequestTunnelOptionsSpecificationTunnelBgpConf
92096
92369
  local_bgp_ip: str = None,
92097
92370
  tunnel_cidr: str = None,
92098
92371
  ):
92372
+ # The autonomous system number (ASN) of the tunnel on the Alibaba Cloud side. Valid values: **1** to **4294967295**. Default value: **45104**.
92373
+ #
92374
+ # > We recommend that you use a private ASN to establish BGP connections to Alibaba Cloud. Refer to the relevant documentation for the private ASN range.
92099
92375
  self.local_asn = local_asn
92376
+ # The BGP IP address of the tunnel on the Alibaba Cloud side. The address is an IP address that falls within the BGP CIDR block.
92100
92377
  self.local_bgp_ip = local_bgp_ip
92378
+ # The BGP CIDR block of the tunnel. The CIDR block must fall within 169.254.0.0/16 and the mask of the CIDR block must be 30 bits in length. The CIDR block cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, or 169.254.169.252/30.
92379
+ #
92380
+ # > The two tunnels of an IPsec connection must use different CIDR blocks.
92101
92381
  self.tunnel_cidr = tunnel_cidr
92102
92382
 
92103
92383
  def validate(self):
@@ -92141,14 +92421,39 @@ class ModifyVpnAttachmentAttributeRequestTunnelOptionsSpecificationTunnelIkeConf
92141
92421
  psk: str = None,
92142
92422
  remote_id: str = None,
92143
92423
  ):
92424
+ # The authentication algorithm that is used in Phase 1 negotiations. Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**.
92144
92425
  self.ike_auth_alg = ike_auth_alg
92426
+ # The encryption algorithm that is used in Phase 1 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**.
92145
92427
  self.ike_enc_alg = ike_enc_alg
92428
+ # The SA lifetime as a result of Phase 1 negotiations. Unit: seconds.
92429
+ #
92430
+ # Valid values: **0** to **86400**.
92146
92431
  self.ike_lifetime = ike_lifetime
92432
+ # The negotiation mode of IKE. Valid values: **main** and **aggressive**.
92433
+ #
92434
+ # * **main:** This mode offers higher security during negotiations.
92435
+ # * **aggressive**: This mode is faster with a higher success rate.
92147
92436
  self.ike_mode = ike_mode
92437
+ # The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: **group1**, **group2**, **group5**, and **group14**.
92148
92438
  self.ike_pfs = ike_pfs
92439
+ # The version of the IKE protocol. Valid values: **ikev1** and **ikev2**.
92440
+ #
92441
+ # Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for scenarios with multiple CIDR blocks.
92149
92442
  self.ike_version = ike_version
92443
+ # The identifier of the tunnel on the Alibaba Cloud side, which is used in Phase 1 negotiations. The identifier cannot exceed 100 characters in length and cannot contain spaces.
92444
+ #
92445
+ # **LocalId** supports fully qualified domain names (FQDNs). If you use an FQDN, we recommend that you set the negotiation mode to **aggressive**.
92150
92446
  self.local_id = local_id
92447
+ # The pre-shared key that is used for identity authentication between the tunnel and the tunnel peer.
92448
+ #
92449
+ # * The key must be 1 to 100 characters in length, and can contain digits, and letters. The key cannot contain spaces. ``~!\\`@#$%^&*()_-+={}[]|;:\\",.<>/?``
92450
+ # * If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the [DescribeVpnAttachments](https://help.aliyun.com/document_detail/2526939.html) operation to query the pre-shared key that is automatically generated by the system.
92451
+ #
92452
+ # > The tunnel and the tunnel peer must use the same pre-shared key. Otherwise, the tunnel cannot be established.
92151
92453
  self.psk = psk
92454
+ # The identifier of the tunnel peer, which is used in Phase 1 negotiations. The identifier cannot exceed 100 characters in length and cannot contain spaces.
92455
+ #
92456
+ # **RemoteId** supports FQDNs. If you use an FQDN, we recommend that you set the negotiation mode to **aggressive**.
92152
92457
  self.remote_id = remote_id
92153
92458
 
92154
92459
  def validate(self):
@@ -92211,9 +92516,19 @@ class ModifyVpnAttachmentAttributeRequestTunnelOptionsSpecificationTunnelIpsecCo
92211
92516
  ipsec_lifetime: int = None,
92212
92517
  ipsec_pfs: str = None,
92213
92518
  ):
92519
+ # The authentication algorithm that is used in Phase 2 negotiations.
92520
+ #
92521
+ # Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**.
92214
92522
  self.ipsec_auth_alg = ipsec_auth_alg
92523
+ # The encryption algorithm that is used in Phase 2 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**.
92215
92524
  self.ipsec_enc_alg = ipsec_enc_alg
92525
+ # The SA lifetime as a result of Phase 2 negotiations. Unit: seconds.
92526
+ #
92527
+ # Valid values: **0** to **86400**.
92216
92528
  self.ipsec_lifetime = ipsec_lifetime
92529
+ # The Diffie-Hellman key exchange algorithm that is used in Phase 2 negotiations.
92530
+ #
92531
+ # Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**.
92217
92532
  self.ipsec_pfs = ipsec_pfs
92218
92533
 
92219
92534
  def validate(self):
@@ -92260,13 +92575,34 @@ class ModifyVpnAttachmentAttributeRequestTunnelOptionsSpecification(TeaModel):
92260
92575
  tunnel_index: int = None,
92261
92576
  tunnel_ipsec_config: ModifyVpnAttachmentAttributeRequestTunnelOptionsSpecificationTunnelIpsecConfig = None,
92262
92577
  ):
92578
+ # The ID of the customer gateway that is associated with the tunnel.
92579
+ #
92580
+ # > This parameter is only supported in dual-tunnel IPsec-VPN connections.
92263
92581
  self.customer_gateway_id = customer_gateway_id
92582
+ # Specifies whether to enable the Dead Peer Detection (DPD) feature for the tunnel. Valid values:
92583
+ #
92584
+ # * **true**: enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
92585
+ # * **false**: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
92264
92586
  self.enable_dpd = enable_dpd
92587
+ # Specifies whether to enable NAT traversal for the tunnel. Valid values:
92588
+ #
92589
+ # * **true**: enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the IPsec-VPN tunnel.
92590
+ # * **false**: disables NAT traversal.
92265
92591
  self.enable_nat_traversal = enable_nat_traversal
92592
+ # Add BGP configurations for the tunnel.
92593
+ #
92594
+ # > If you enable BGP for an IPsec-VPN connection, you must set **EnableTunnelsBgp** parameter to **true**.
92266
92595
  self.tunnel_bgp_config = tunnel_bgp_config
92596
+ # The tunnel ID.
92267
92597
  self.tunnel_id = tunnel_id
92598
+ # The configuration of Phase 1 negotiations.
92268
92599
  self.tunnel_ike_config = tunnel_ike_config
92600
+ # The order in which the tunnel was created.
92601
+ #
92602
+ # * **1**: Tunnel 1.
92603
+ # * **2**: Tunnel 2.
92269
92604
  self.tunnel_index = tunnel_index
92605
+ # The configuration of Phase 2 negotiations.
92270
92606
  self.tunnel_ipsec_config = tunnel_ipsec_config
92271
92607
 
92272
92608
  def validate(self):
@@ -92356,7 +92692,9 @@ class ModifyVpnAttachmentAttributeRequest(TeaModel):
92356
92692
  # * **true**\
92357
92693
  # * **false**\
92358
92694
  self.auto_config_route = auto_config_route
92359
- # The Border Gateway Protocol (BGP) configuration:
92695
+ # This parameter is supported if you modify the configurations of an IPsec-VPN connection in single-tunnel mode.
92696
+ #
92697
+ # BGP configuration:
92360
92698
  #
92361
92699
  # * **BgpConfig.EnableBgp**: specifies whether to enable BGP. Valid values:
92362
92700
  #
@@ -92365,16 +92703,16 @@ class ModifyVpnAttachmentAttributeRequest(TeaModel):
92365
92703
  #
92366
92704
  # * **BgpConfig.LocalAsn**: the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: **1** to **4294967295**.
92367
92705
  #
92368
- # You can enter the ASN in two segments. Separate the first 16 bits of the ASN from the remaining 16 bits with a period (.). Enter the number in each segment in decimal format.
92706
+ # You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format.
92369
92707
  #
92370
- # For example, if you enter 123.456, the ASN is: 123 × 65536 + 456 = 8061384.
92708
+ # For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
92371
92709
  #
92372
- # * **BgpConfig.TunnelCidr:** the CIDR block of the IPsec tunnel. The CIDR block falls within 169.254.0.0/16. The subnet mask of the CIDR block must be 30 bits in length.
92710
+ # * **BgpConfig.TunnelCidr**: The CIDR block of the IPsec tunnel. The CIDR block must fall into 169.254.0.0/16 and the mask of the CIDR block must be 30 bits in length. The CIDR block cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, or 169.254.169.252/30.
92373
92711
  #
92374
- # * **LocalBgpIp:** the BGP IP address on the Alibaba Cloud side. This IP address must fall within the CIDR block of the IPsec tunnel.
92712
+ # * **LocalBgpIp**: the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
92375
92713
  #
92376
- # > - Before you configure BGP, we recommend that you learn how BGP dynamic routing works and the limits of using BGP dynamic routing. For more information, see [BGP dynamic routing ](https://help.aliyun.com/document_detail/170235.html).
92377
- # > - We recommend that you use a private ASN to establish a connection with Alibaba Cloud over BGP. Refer to the relevant documentation for the private ASN range.
92714
+ # > - Before you add BGP configurations, we recommend that you learn about how BGP works and the limits. For more information, see [Configure BGP dynamic routing](https://help.aliyun.com/document_detail/445767.html).
92715
+ # > - We recommend that you use a private ASN to establish BGP connections to Alibaba Cloud. Refer to the relevant documentation for the private ASN range.
92378
92716
  self.bgp_config = bgp_config
92379
92717
  # The client token that is used to ensure the idempotence of the request.
92380
92718
  #
@@ -92382,24 +92720,37 @@ class ModifyVpnAttachmentAttributeRequest(TeaModel):
92382
92720
  #
92383
92721
  # > If you do not specify this parameter, the system automatically uses the value of **RequestId** as the value of **ClientToken**. The **request ID** may be different for each request.
92384
92722
  self.client_token = client_token
92385
- # The customer gateway associated with the IPsec-VPN connection.
92723
+ # The customer gateways to be associated with the IPsec-VPN connections.
92724
+ #
92725
+ # > Only single-tunnel IPsec-VPN connections support this parameter.
92386
92726
  self.customer_gateway_id = customer_gateway_id
92387
92727
  # Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
92388
92728
  #
92389
92729
  # * **true**: immediately starts IPsec negotiations after the configuration is complete.
92390
92730
  # * **false**: starts IPsec negotiations when inbound traffic is detected.
92391
92731
  self.effect_immediately = effect_immediately
92392
- # Specifies whether to enable the dead peer detection (DPD) feature. Valid values:
92732
+ # This parameter is supported if you modify the configurations of an IPsec-VPN connection in single-tunnel mode.
92393
92733
  #
92394
- # * **true**: enables the DPD feature. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within a specific period of time, the connection fails. Then, the ISAKMP SA, IPsec SA, and IPsec tunnel are deleted.
92395
- # * **false**: disables the DPD feature. The initiator of the IPsec-VPN connection does not send DPD packets.
92734
+ # Specifies whether to enable dead peer detection (DPD). Valid values:
92735
+ #
92736
+ # * **true**: enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted, along with the security tunnel.
92737
+ # * **false**: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
92396
92738
  self.enable_dpd = enable_dpd
92739
+ # This parameter is supported if you modify the configurations of an IPsec-VPN connection in single-tunnel mode.
92740
+ #
92397
92741
  # Specifies whether to enable NAT traversal. Valid values:
92398
92742
  #
92399
- # * **true** After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the IPsec tunnel.
92400
- # * **false**\
92743
+ # * **true**: enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the IPsec-VPN tunnel.
92744
+ # * **false**: disables NAT traversal.
92401
92745
  self.enable_nat_traversal = enable_nat_traversal
92746
+ # You can specify this parameter if you modify the configuration of a dual-tunnel IPsec-VPN connection.
92747
+ #
92748
+ # Specifies whether to enable the BGP feature for the tunnel. Valid values: **true** and **false**.
92749
+ #
92750
+ # > Before you add BGP configurations, we recommend that you learn about how BGP works and the limits. For more information, see [Configure BGP dynamic routing](https://help.aliyun.com/document_detail/445767.html).
92402
92751
  self.enable_tunnels_bgp = enable_tunnels_bgp
92752
+ # This parameter is supported if you modify the configurations of an IPsec-VPN connection in single-tunnel mode.
92753
+ #
92403
92754
  # The health check configurations:
92404
92755
  #
92405
92756
  # * **HealthCheckConfig.enable**: specifies whether to enable the health check feature. Valid values:
@@ -92407,9 +92758,9 @@ class ModifyVpnAttachmentAttributeRequest(TeaModel):
92407
92758
  # * **true**\
92408
92759
  # * **false**\
92409
92760
  #
92410
- # * **HealthCheckConfig.dip**: the destination IP address that is used for health checks. Enter the IP address on the data center side that the VPC can communicate with through the IPsec-VPN connection.
92761
+ # * **HealthCheckConfig.dip**: the destination IP address configured for health checks. Specify the IP address of the data center with which the VPC can access through the IPsec-VPN connection.
92411
92762
  #
92412
- # * **HealthCheckConfig.sip**: the source IP address that is used for health checks. Enter the IP address on the VPC side that the data center can communicate with through the IPsec-VPN connection.
92763
+ # * **HealthCheckConfig.sip**: the source IP address configured for health checks. The IP address of the VPC with which the data center can access through the IPsec-VPN connection.
92413
92764
  #
92414
92765
  # * **HealthCheckConfig.interval**: the interval between two consecutive health checks. Unit: seconds.
92415
92766
  #
@@ -92420,37 +92771,41 @@ class ModifyVpnAttachmentAttributeRequest(TeaModel):
92420
92771
  # * **revoke_route**\
92421
92772
  # * **reserve_route**\
92422
92773
  self.health_check_config = health_check_config
92774
+ # This parameter is supported if you modify the configurations of an IPsec-VPN connection in single-tunnel mode.
92775
+ #
92423
92776
  # The configuration of Phase 1 negotiations:
92424
92777
  #
92425
- # * **IkeConfig.Psk**: The pre-shared key that is used for authentication between the VPN gateway and the data center.
92778
+ # * **IkeConfig.Psk**: The pre-shared key that is used for identity authentication between the Alibaba Cloud IPsec connection and the on-premises data center.
92426
92779
  #
92427
- # * The pre-shared key must be 1 to 100 characters in length and can contain letters, digits, and the following characters: ``~ ! ` @ # $ % ^ & * () _ - + = {} [] | ; : \\" , . < > / ?``
92428
- # * If you do not specify a pre-shared key, the system generates a random 16-character string as the pre-shared key. You can call the [DescribeVpnConnection](https://help.aliyun.com/document_detail/120374.html) operation to query the pre-shared key that is generated by the system.
92780
+ # * The key must be 1 to 100 characters in length, and can contain digits, and letters. The key cannot contain spaces. ``~!`@#$%^&*()_-+={}[]|;:\\",.<>/?``
92781
+ # * If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the [DescribeVpnConnection](https://help.aliyun.com/document_detail/120374.html) operation to query the pre-shared key that is automatically generated by the system.
92429
92782
  #
92430
- # >The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the data center. Otherwise, you cannot establish a connection between the data center and the VPN gateway.
92783
+ # > The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
92431
92784
  #
92432
- # * **IkeConfig.IkeVersion**: the Internet Key Exchange (IKE) version. Valid values: **ikev1** and **ikev2**.
92785
+ # * **IkeConfig.IkeVersion**: the version of the Internet Key Exchange (IKE) protocol. Valid values: **ikev1** and **ikev2**.
92433
92786
  #
92434
92787
  # * **IkeConfig.IkeMode**: the negotiation mode. Valid values: **main** and **aggressive**.
92435
92788
  #
92436
- # * **IkeConfig.IkeEncAlg**: the encryption algorithm that is used in Phase 1 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**.
92789
+ # * **IkeConfig.IkeEncAlg:** the encryption algorithm that is used in Phase 1 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**.
92437
92790
  #
92438
92791
  # * **IkeConfig.IkeAuthAlg**: the authentication algorithm that is used in Phase 1 negotiations. Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**.
92439
92792
  #
92440
- # * **IkeConfig.IkePfs**: the Diffie-Hellman (DH) key exchange algorithm that is used in Phase 1 negotiations. Valid values: **group1**, **group2**, **group5**, and **group14**.
92793
+ # * **IkeConfig.IkePfs**: the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: **group1**, **group2**, **group5**, and **group14**.
92441
92794
  #
92442
- # * **IkeConfig.IkeLifetime**: the security association (SA) lifetime determined by Phase 1 negotiations. Unit: seconds. Valid values: **0** to **86400**.
92795
+ # * **IkeConfig.IkeLifetime**: the SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: **0** to **86400**.
92443
92796
  #
92444
- # * **IkeConfig.LocalIdIPsec**: the identifier of the IPsec-VPN connection on the Alibaba Cloud side. The identifier can be up to 100 characters in length.
92797
+ # * **IkeConfig.LocalId**: the identifier on the Alibaba Cloud side. The identifier cannot exceed 100 characters in length and cannot contain spaces.
92445
92798
  #
92446
- # * **IkeConfig.RemoteId**: the identifier of the IPsec-VPN connection on the data center side. The identifier can be up to 100 characters in length.
92799
+ # * **IkeConfig.RemoteId**: the identifier of the data center. It cannot exceed 100 characters in length and cannot contain spaces.
92447
92800
  self.ike_config = ike_config
92801
+ # This parameter is supported if you modify the configurations of an IPsec-VPN connection in single-tunnel mode.
92802
+ #
92448
92803
  # The configuration of Phase 2 negotiations:
92449
92804
  #
92450
92805
  # * **IpsecConfig.IpsecEncAlg:** the encryption algorithm that is used in Phase 2 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**.
92451
92806
  # * **IpsecConfig. IpsecAuthAlg:** the authentication algorithm that is used in Phase 2 negotiations. Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**.
92452
- # * **IpsecConfig. IpsecPfs:** the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**.
92453
- # * **IpsecConfig. IpsecLifetime**: the SA lifetime determined by Phase 2 negotiations. Unit: seconds. Valid values: **0** to **86400**.
92807
+ # * **IpsecConfig. IpsecPfs:** the Diffie-Hellman key exchange algorithm that is used in Phase 2 negotiations. Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**.
92808
+ # * **IkeConfig.IkeLifetime**: the SA lifetime determined by Phase 2 negotiations. Unit: seconds. Valid values: **0** to **86400**.
92454
92809
  self.ipsec_config = ipsec_config
92455
92810
  # The CIDR block of the virtual private cloud (VPC) that communicates with the data center. The CIDR block is used in Phase 2 negotiations.
92456
92811
  #
@@ -92490,6 +92845,9 @@ class ModifyVpnAttachmentAttributeRequest(TeaModel):
92490
92845
  self.remote_subnet = remote_subnet
92491
92846
  self.resource_owner_account = resource_owner_account
92492
92847
  self.resource_owner_id = resource_owner_id
92848
+ # The tunnel configurations.
92849
+ #
92850
+ # You can specify parameters in the **TunnelOptionsSpecification** array when you modify the configurations of an IPsec-VPN connection in dual-tunnel mode. You can modify the configurations of the two tunnels of the IPsec-VPN connection.
92493
92851
  self.tunnel_options_specification = tunnel_options_specification
92494
92852
  # The ID of the IPsec-VPN connection.
92495
92853
  #
@@ -92627,17 +92985,25 @@ class ModifyVpnAttachmentAttributeResponseBodyIkeConfig(TeaModel):
92627
92985
  self.ike_enc_alg = ike_enc_alg
92628
92986
  # The SA lifetime that is determined by Phase 1 negotiations. Unit: seconds.
92629
92987
  self.ike_lifetime = ike_lifetime
92630
- # The negotiation mode.
92988
+ # The IKE negotiation mode.
92989
+ #
92990
+ # * **main:** This mode offers higher security during negotiations.
92991
+ # * **aggressive**: This mode is faster with a higher success rate.
92631
92992
  self.ike_mode = ike_mode
92632
92993
  # The DH key exchange algorithm that is used in Phase 1 negotiations.
92633
92994
  self.ike_pfs = ike_pfs
92634
92995
  # The version of the IKE protocol.
92996
+ #
92997
+ # * **ikev1**\
92998
+ # * **ikev2**\
92999
+ #
93000
+ # Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for scenarios with multiple CIDR blocks.
92635
93001
  self.ike_version = ike_version
92636
93002
  # The identifier of the IPsec-VPN connection on the Alibaba Cloud side.
92637
93003
  self.local_id = local_id
92638
- # The pre-shared key that is used for identity authentication between the VPN gateway and the data center.
93004
+ # Enter a pre-shared key that is used for identity authentication between Alibaba Cloud and the data center.
92639
93005
  #
92640
- # > The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the data center. Otherwise, you cannot establish a connection between the data center and the VPN gateway.
93006
+ # > The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and Alibaba Cloud cannot be established.
92641
93007
  self.psk = psk
92642
93008
  # The identifier of the IPsec-VPN connection on the data center side.
92643
93009
  self.remote_id = remote_id
@@ -92752,10 +93118,15 @@ class ModifyVpnAttachmentAttributeResponseBodyTunnelOptionsSpecificationTunnelBg
92752
93118
  peer_bgp_ip: str = None,
92753
93119
  tunnel_cidr: str = None,
92754
93120
  ):
93121
+ # The ASN on the Alibaba Cloud side.
92755
93122
  self.local_asn = local_asn
93123
+ # The BGP IP address of the tunnel on the Alibaba Cloud side.
92756
93124
  self.local_bgp_ip = local_bgp_ip
93125
+ # The ASN of the tunnel peer.
92757
93126
  self.peer_asn = peer_asn
93127
+ # The BGP IP address of the tunnel peer.
92758
93128
  self.peer_bgp_ip = peer_bgp_ip
93129
+ # The BGP CIDR block of the tunnel.
92759
93130
  self.tunnel_cidr = tunnel_cidr
92760
93131
 
92761
93132
  def validate(self):
@@ -92807,14 +93178,26 @@ class ModifyVpnAttachmentAttributeResponseBodyTunnelOptionsSpecificationTunnelIk
92807
93178
  psk: str = None,
92808
93179
  remote_id: str = None,
92809
93180
  ):
93181
+ # The authentication algorithm in the IKE phase.
92810
93182
  self.ike_auth_alg = ike_auth_alg
93183
+ # The encryption algorithm in the IKE phase.
92811
93184
  self.ike_enc_alg = ike_enc_alg
93185
+ # The lifetime in the IKE phase. Unit: seconds.
92812
93186
  self.ike_lifetime = ike_lifetime
93187
+ # The negotiation mode of IKE. Valid values:
93188
+ #
93189
+ # * **main:** This mode offers higher security during negotiations.
93190
+ # * **aggressive**: This mode is faster with a higher success rate.
92813
93191
  self.ike_mode = ike_mode
93192
+ # The Diffie-Hellman (DH) group in the IKE phase.
92814
93193
  self.ike_pfs = ike_pfs
93194
+ # The version of the IKE protocol.
92815
93195
  self.ike_version = ike_version
93196
+ # The identifier of the tunnel on the Alibaba Cloud side.
92816
93197
  self.local_id = local_id
93198
+ # The pre-shared key.
92817
93199
  self.psk = psk
93200
+ # The peer identifier.
92818
93201
  self.remote_id = remote_id
92819
93202
 
92820
93203
  def validate(self):
@@ -92877,9 +93260,13 @@ class ModifyVpnAttachmentAttributeResponseBodyTunnelOptionsSpecificationTunnelIp
92877
93260
  ipsec_lifetime: int = None,
92878
93261
  ipsec_pfs: str = None,
92879
93262
  ):
93263
+ # The authentication algorithm in the IPsec phase.
92880
93264
  self.ipsec_auth_alg = ipsec_auth_alg
93265
+ # The encryption algorithm in the IPsec phase.
92881
93266
  self.ipsec_enc_alg = ipsec_enc_alg
93267
+ # The lifetime in the IPsec phase. Unit: seconds.
92882
93268
  self.ipsec_lifetime = ipsec_lifetime
93269
+ # The DH group in the IPsec phase.
92883
93270
  self.ipsec_pfs = ipsec_pfs
92884
93271
 
92885
93272
  def validate(self):
@@ -92929,16 +93316,43 @@ class ModifyVpnAttachmentAttributeResponseBodyTunnelOptionsSpecification(TeaMode
92929
93316
  tunnel_index: int = None,
92930
93317
  tunnel_ipsec_config: ModifyVpnAttachmentAttributeResponseBodyTunnelOptionsSpecificationTunnelIpsecConfig = None,
92931
93318
  ):
93319
+ # The ID of the customer gateway that is associated with the tunnel.
92932
93320
  self.customer_gateway_id = customer_gateway_id
93321
+ # Whether the DPD feature is enabled for the tunnel.
93322
+ #
93323
+ # * **true**: The feature is enabled.
93324
+ # * **false**: The feature is disabled.
92933
93325
  self.enable_dpd = enable_dpd
93326
+ # Indicates whether traversal feature is enabled for the tunnel. Valid values:
93327
+ #
93328
+ # * **true**: The feature is enabled.
93329
+ # * **false**: The feature is disabled.
92934
93330
  self.enable_nat_traversal = enable_nat_traversal
93331
+ # The IP address on the Alibaba Cloud side.
92935
93332
  self.internet_ip = internet_ip
93333
+ # The tunnel role. Valid values:
93334
+ #
93335
+ # * **master**: The tunnel is an active tunnel.
93336
+ # * **slave**: The tunnel is a standby tunnel.
92936
93337
  self.role = role
93338
+ # The status of the tunnel. Valid values:
93339
+ #
93340
+ # * **active**: The tunnel is active.
93341
+ # * **updating**: The tunnel is being updated.
93342
+ # * **deleting:** The tunnel is being deleted.
92937
93343
  self.state = state
93344
+ # BGP configuration.
92938
93345
  self.tunnel_bgp_config = tunnel_bgp_config
93346
+ # The tunnel ID.
92939
93347
  self.tunnel_id = tunnel_id
93348
+ # The configurations of Phase 1 negotiations.
92940
93349
  self.tunnel_ike_config = tunnel_ike_config
93350
+ # The order in which the tunnel was created.
93351
+ #
93352
+ # * **1**: Tunnel 1.
93353
+ # * **2**: Tunnel 2.
92941
93354
  self.tunnel_index = tunnel_index
93355
+ # The configurations of Phase 2 negotiations.
92942
93356
  self.tunnel_ipsec_config = tunnel_ipsec_config
92943
93357
 
92944
93358
  def validate(self):
@@ -93195,6 +93609,8 @@ class ModifyVpnAttachmentAttributeResponseBody(TeaModel):
93195
93609
  # This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.
93196
93610
  self.create_time = create_time
93197
93611
  # The ID of the customer gateway associated with the IPsec-VPN connection.
93612
+ #
93613
+ # This parameter is returned only for single-tunnel IPsec-VPN connections.
93198
93614
  self.customer_gateway_id = customer_gateway_id
93199
93615
  # The description of the IPsec-VPN connection.
93200
93616
  self.description = description
@@ -93203,22 +93619,36 @@ class ModifyVpnAttachmentAttributeResponseBody(TeaModel):
93203
93619
  # * **true**\
93204
93620
  # * **false**\
93205
93621
  self.effect_immediately = effect_immediately
93206
- # Indicates whether the DPD feature is enabled for the IPsec-VPN connection. Valid values:
93622
+ # Indicates whether the DPD feature is enabled for the IPsec-VPN connection.
93207
93623
  #
93208
- # * **true**\
93209
- # * **false**\
93624
+ # * **true**: The feature is enabled.
93625
+ # * **false**: The feature is disabled.
93626
+ #
93627
+ # This parameter is returned only for single-tunnel IPsec-VPN connections.
93210
93628
  self.enable_dpd = enable_dpd
93211
- # Indicates whether NAT traversal is enabled for the IPsec-VPN connection. Valid values:
93629
+ # Specifies whether to enable NAT traversal for the IPsec-VPN connection.
93212
93630
  #
93213
- # * **true**\
93214
- # * **false**\
93631
+ # * **true**: The feature is enabled.
93632
+ # * **false**: The feature is disabled.
93633
+ #
93634
+ # This parameter is returned only for single-tunnel IPsec-VPN connections.
93215
93635
  self.enable_nat_traversal = enable_nat_traversal
93636
+ # Specifies whether to enable Border Gateway Protocol (BGP) for tunnels.
93637
+ #
93638
+ # * **true**: The feature is enabled.
93639
+ # * **false**: The feature is disabled.
93640
+ #
93641
+ # This parameter is returned only by dual-tunnel IPsec-VPN connections.
93216
93642
  self.enable_tunnels_bgp = enable_tunnels_bgp
93217
93643
  # The configuration of Phase 1 negotiations.
93644
+ #
93645
+ # **IkeConfig** parameters are returned only for single-tunnel IPsec-VPN connections.
93218
93646
  self.ike_config = ike_config
93219
93647
  # The configuration of Phase 2 negotiations.
93648
+ #
93649
+ # **IpsecConfig** parameters are returned only for single-tunnel IPsec-VPN connections.
93220
93650
  self.ipsec_config = ipsec_config
93221
- # The CIDR block of the VPC with which the data center can communicate.
93651
+ # The CIDR block on the Alibaba Cloud side that communicates with the on-premises data center is required, such as CIDR blocks of VPCs.
93222
93652
  self.local_subnet = local_subnet
93223
93653
  # The name of the IPsec-VPN connection.
93224
93654
  self.name = name
@@ -93227,7 +93657,7 @@ class ModifyVpnAttachmentAttributeResponseBody(TeaModel):
93227
93657
  # * **public**: an encrypted connection over the Internet
93228
93658
  # * **private**: an encrypted connection over private networks
93229
93659
  self.network_type = network_type
93230
- # The CIDR block of the data center with which the VPC can communicate.
93660
+ # The CIDR block of the on-premises data center that communicates with Alibaba Cloud is required.
93231
93661
  self.remote_subnet = remote_subnet
93232
93662
  # The request ID.
93233
93663
  self.request_id = request_id
@@ -93246,14 +93676,23 @@ class ModifyVpnAttachmentAttributeResponseBody(TeaModel):
93246
93676
  # * **ipsec_sa_not_established**: Phase 2 negotiations failed.
93247
93677
  # * **ipsec_sa_established**: Phase 2 negotiations succeeded.
93248
93678
  self.status = status
93679
+ # The tunnel configurations of the IPsec-VPN connection.
93680
+ #
93681
+ # **TunnelOptionsSpecification** parameters are returned only for dual-tunnel IPsec-VPN connections.
93249
93682
  self.tunnel_options_specification = tunnel_options_specification
93250
- # The health check configuration of the IPsec-VPN connection.
93683
+ # The health check configurations of the IPsec-VPN connection.
93684
+ #
93685
+ # **VcoHealthCheck** parameters are returned only for single-tunnel IPsec-VPC connections.
93251
93686
  self.vco_health_check = vco_health_check
93252
- # The BGP configuration of the IPsec-VPN connection.
93687
+ # The BGP configurations of the IPsec-VPN connection.
93688
+ #
93689
+ # **VpnBgpConfig** parameters are returned only for single-tunnel IPsec-VPN connections.
93253
93690
  self.vpn_bgp_config = vpn_bgp_config
93254
93691
  # The ID of the IPsec-VPN connection.
93255
93692
  self.vpn_connection_id = vpn_connection_id
93256
- # The ID of the VPN gateway associated with the IPsec-VPN connection.
93693
+ # The ID of the VPN gateway that is associated with the IPsec-VPN connection.
93694
+ #
93695
+ # **vpn-not-exist**: The IPsec-VPN connection is not associated with a VPN Gateway.
93257
93696
  self.vpn_gateway_id = vpn_gateway_id
93258
93697
 
93259
93698
  def validate(self):
@@ -93841,9 +94280,7 @@ class ModifyVpnConnectionAttributeRequest(TeaModel):
93841
94280
  # * The key cannot contain space characters. The key must be 1 to 100 characters in length, and can contain digits, letters, and the following special characters: ``~!`@#$%^&*()_-+={}[]|;:\\",.<>/?``
93842
94281
  # * If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. You can call the [DescribeVpnConnection](https://help.aliyun.com/document_detail/2526951.html) operation to query the pre-shared key that is automatically generated by the system.
93843
94282
  #
93844
- # **\
93845
- #
93846
- # **Description** The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
94283
+ # > The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
93847
94284
  #
93848
94285
  # * **IkeConfig.IkeVersion**: the version of the Internet Key Exchange (IKE) protocol. Valid values: **ikev1** and **ikev2**.
93849
94286
  #
@@ -94940,9 +95377,9 @@ class ModifyVpnGatewayAttributeRequest(TeaModel):
94940
95377
  #
94941
95378
  # > If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
94942
95379
  self.client_token = client_token
94943
- # The new description of the VPN gateway.
95380
+ # The new description of the VPN connection.
94944
95381
  #
94945
- # The description must be 1 to 100 characters in length and cannot start with `http://` or `https://`.
95382
+ # The description must be 1 to 100 characters in length.
94946
95383
  self.description = description
94947
95384
  # The new name of the VPN gateway.
94948
95385
  #
@@ -95081,15 +95518,12 @@ class ModifyVpnGatewayAttributeResponseBody(TeaModel):
95081
95518
  self.internet_ip = internet_ip
95082
95519
  # The IP address of the VPN gateway.
95083
95520
  #
95084
- # This parameter is returned only when the VPN gateway is a private VPN gateway and supports only the single-tunnel mode.
95521
+ # This parameter is returned only if the VPN gateway supports IPsec-VPN connections in single-tunnel mode.
95085
95522
  self.intranet_ip = intranet_ip
95086
95523
  # The name of the VPN gateway.
95087
95524
  self.name = name
95088
95525
  # The request ID.
95089
95526
  self.request_id = request_id
95090
- # VPN网关实例所属的资源组ID。
95091
- #
95092
- # 您可以调用[ListResourceGroups](https://help.aliyun.com/document_detail/158855.html)接口查询资源组信息。
95093
95527
  self.resource_group_id = resource_group_id
95094
95528
  # The maximum bandwidth of the VPN gateway. Unit: Mbit/s.
95095
95529
  self.spec = spec
@@ -103141,11 +103575,11 @@ class UpdateIpsecServerRequest(TeaModel):
103141
103575
  self.local_subnet = local_subnet
103142
103576
  # The pre-shared key.
103143
103577
  #
103144
- # The pre-shared key that is used for authentication between the IPsec-VPN server and the client. It must be 1 to 100 characters in length.
103578
+ # The pre-shared key that is used for authentication between the IPsec server and the client. The key must be 1 to 100 characters in length.
103145
103579
  #
103146
103580
  # You can call [ListIpsecServers](https://help.aliyun.com/document_detail/2794120.html) to query keys generated by the system.
103147
103581
  #
103148
- # > The pre-shared key of the IPsec server key must be the same as that of the client. Otherwise, the connection between the IPsec server and the client cannot be established.
103582
+ # > The pre-shared key of the IPsec server key must be the same as that of the client. Otherwise, the connection between the IPsec server and the client cannot be established.
103149
103583
  self.psk = psk
103150
103584
  # Specifies whether to enable pre-shared key authentication. If you set the value to **true**, pre-shared key authentication is enabled.
103151
103585
  self.psk_enabled = psk_enabled