pulumi-alicloud 3.76.0a1743571220__py3-none-any.whl → 3.76.0a1744139894__py3-none-any.whl

pulumi_alicloud/vpn/outputs.py

@@ -28,6 +28,10 @@ __all__ = [
     'GatewayVpnAttachmentHealthCheckConfig',
     'GatewayVpnAttachmentIkeConfig',
     'GatewayVpnAttachmentIpsecConfig',
+    'GatewayVpnAttachmentTunnelOptionsSpecification',
+    'GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfig',
+    'GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfig',
+    'GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfig',
     'IpsecServerIkeConfig',
     'IpsecServerIpsecConfig',
     'GetConnectionsConnectionResult',
@@ -46,6 +50,10 @@ __all__ = [
     'GetGatewayVpnAttachmentsAttachmentHealthCheckConfigResult',
     'GetGatewayVpnAttachmentsAttachmentIkeConfigResult',
     'GetGatewayVpnAttachmentsAttachmentIpsecConfigResult',
+    'GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationResult',
+    'GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfigResult',
+    'GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfigResult',
+    'GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfigResult',
     'GetGatewayZonesZoneResult',
     'GetGatewaysGatewayResult',
 ]
@@ -928,12 +936,16 @@ class GatewayVpnAttachmentBgpConfig(dict):
                  enable: Optional[bool] = None,
                  local_asn: Optional[int] = None,
                  local_bgp_ip: Optional[str] = None,
+                 status: Optional[str] = None,
                  tunnel_cidr: Optional[str] = None):
         """
-        :param bool enable: Whether to enable BGP.
-        :param int local_asn: The ASN on the Alibaba Cloud side.
-        :param str local_bgp_ip: The BGP IP address on the Alibaba Cloud side.
-        :param str tunnel_cidr: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
+        :param bool enable: Whether to enable the BGP function. Valid values: true or false (default).
+        :param int local_asn: The autonomous system number on the Alibaba Cloud side. The value range of autonomous system number is 1~4294967295. Default value: 45104
+        :param str local_bgp_ip: The BGP address on the Alibaba Cloud side. This address is an IP address in the IPsec tunnel network segment.
+               - Before adding the BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function. For more information, see BGP Dynamic Routing Bulletin.
+               - We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. Please refer to the documentation for the private number range of the autonomous system number.
+        :param str status: The negotiation status of Tunnel.
+        :param str tunnel_cidr: IPsec tunnel network segment. This network segment must be a network segment with a mask length of 30 within 169.254.0.0/16
         """
         if enable is not None:
             pulumi.set(__self__, "enable", enable)
@@ -941,6 +953,8 @@ class GatewayVpnAttachmentBgpConfig(dict):
             pulumi.set(__self__, "local_asn", local_asn)
         if local_bgp_ip is not None:
             pulumi.set(__self__, "local_bgp_ip", local_bgp_ip)
+        if status is not None:
+            pulumi.set(__self__, "status", status)
         if tunnel_cidr is not None:
             pulumi.set(__self__, "tunnel_cidr", tunnel_cidr)
 
@@ -948,7 +962,7 @@ class GatewayVpnAttachmentBgpConfig(dict):
     @pulumi.getter
     def enable(self) -> Optional[bool]:
         """
-        Whether to enable BGP.
+        Whether to enable the BGP function. Valid values: true or false (default).
         """
         return pulumi.get(self, "enable")
 
@@ -956,7 +970,7 @@ class GatewayVpnAttachmentBgpConfig(dict):
     @pulumi.getter(name="localAsn")
     def local_asn(self) -> Optional[int]:
         """
-        The ASN on the Alibaba Cloud side.
+        The autonomous system number on the Alibaba Cloud side. The value range of autonomous system number is 1~4294967295. Default value: 45104
         """
         return pulumi.get(self, "local_asn")
 
@@ -964,15 +978,25 @@ class GatewayVpnAttachmentBgpConfig(dict):
     @pulumi.getter(name="localBgpIp")
     def local_bgp_ip(self) -> Optional[str]:
         """
-        The BGP IP address on the Alibaba Cloud side.
+        The BGP address on the Alibaba Cloud side. This address is an IP address in the IPsec tunnel network segment.
+        - Before adding the BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function. For more information, see BGP Dynamic Routing Bulletin.
+        - We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. Please refer to the documentation for the private number range of the autonomous system number.
         """
         return pulumi.get(self, "local_bgp_ip")
 
+    @property
+    @pulumi.getter
+    def status(self) -> Optional[str]:
+        """
+        The negotiation status of Tunnel.
+        """
+        return pulumi.get(self, "status")
+
     @property
     @pulumi.getter(name="tunnelCidr")
     def tunnel_cidr(self) -> Optional[str]:
         """
-        The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
+        IPsec tunnel network segment. This network segment must be a network segment with a mask length of 30 within 169.254.0.0/16
         """
         return pulumi.get(self, "tunnel_cidr")
 
@@ -985,14 +1009,16 @@ class GatewayVpnAttachmentHealthCheckConfig(dict):
                  interval: Optional[int] = None,
                  policy: Optional[str] = None,
                  retry: Optional[int] = None,
-                 sip: Optional[str] = None):
+                 sip: Optional[str] = None,
+                 status: Optional[str] = None):
         """
-        :param str dip: The destination IP address that is used for health checks.
-        :param bool enable: Specifies whether to enable health checks.
-        :param int interval: The interval between two consecutive health checks. Unit: seconds.
-        :param str policy: Whether to revoke the published route when the health check fails. Valid values: `revoke_route` or `reserve_route`.
-        :param int retry: The maximum number of health check retries.
-        :param str sip: The source IP address that is used for health checks.
+        :param str dip: Target IP.
+        :param bool enable: Whether health check is enabled:-`false`: not enabled. - `true`: enabled.
+        :param int interval: The health check retry interval, in seconds.
+        :param str policy: Whether to revoke the published route when the health check fails
+        :param int retry: Number of retries for health check.
+        :param str sip: SOURCE IP.
+        :param str status: The negotiation status of Tunnel.
         """
         if dip is not None:
             pulumi.set(__self__, "dip", dip)
@@ -1006,12 +1032,14 @@ class GatewayVpnAttachmentHealthCheckConfig(dict):
             pulumi.set(__self__, "retry", retry)
         if sip is not None:
             pulumi.set(__self__, "sip", sip)
+        if status is not None:
+            pulumi.set(__self__, "status", status)
 
     @property
     @pulumi.getter
     def dip(self) -> Optional[str]:
         """
-        The destination IP address that is used for health checks.
+        Target IP.
         """
         return pulumi.get(self, "dip")
 
@@ -1019,7 +1047,7 @@ class GatewayVpnAttachmentHealthCheckConfig(dict):
     @pulumi.getter
     def enable(self) -> Optional[bool]:
         """
-        Specifies whether to enable health checks.
+        Whether health check is enabled:-`false`: not enabled. - `true`: enabled.
         """
         return pulumi.get(self, "enable")
 
@@ -1027,7 +1055,7 @@ class GatewayVpnAttachmentHealthCheckConfig(dict):
     @pulumi.getter
     def interval(self) -> Optional[int]:
         """
-        The interval between two consecutive health checks. Unit: seconds.
+        The health check retry interval, in seconds.
         """
         return pulumi.get(self, "interval")
 
@@ -1035,7 +1063,7 @@ class GatewayVpnAttachmentHealthCheckConfig(dict):
     @pulumi.getter
     def policy(self) -> Optional[str]:
         """
-        Whether to revoke the published route when the health check fails. Valid values: `revoke_route` or `reserve_route`.
+        Whether to revoke the published route when the health check fails
         """
         return pulumi.get(self, "policy")
 
@@ -1043,7 +1071,7 @@ class GatewayVpnAttachmentHealthCheckConfig(dict):
     @pulumi.getter
     def retry(self) -> Optional[int]:
         """
-        The maximum number of health check retries.
+        Number of retries for health check.
         """
         return pulumi.get(self, "retry")
 
@@ -1051,10 +1079,18 @@ class GatewayVpnAttachmentHealthCheckConfig(dict):
     @pulumi.getter
     def sip(self) -> Optional[str]:
         """
-        The source IP address that is used for health checks.
+        SOURCE IP.
         """
         return pulumi.get(self, "sip")
 
+    @property
+    @pulumi.getter
+    def status(self) -> Optional[str]:
+        """
+        The negotiation status of Tunnel.
+        """
+        return pulumi.get(self, "status")
+
 
 @pulumi.output_type
 class GatewayVpnAttachmentIkeConfig(dict):
@@ -1100,15 +1136,17 @@ class GatewayVpnAttachmentIkeConfig(dict):
                  psk: Optional[str] = None,
                  remote_id: Optional[str] = None):
         """
-        :param str ike_auth_alg: IKE authentication algorithm supports sha1 and MD5.
-        :param str ike_enc_alg: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.
-        :param int ike_lifetime: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
-        :param str ike_mode: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: `main`.
-        :param str ike_pfs: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
-        :param str ike_version: The version of the IKE protocol. Valid value: `ikev1`, `ikev2`. Default value: `ikev1`.
-        :param str local_id: The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.
-        :param str psk: Used for authentication between the IPsec VPN gateway and the customer gateway.
-        :param str remote_id: The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.
+        :param str ike_auth_alg: The authentication algorithm negotiated in the first stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: md5.
+        :param str ike_enc_alg: The encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
+        :param int ike_lifetime: The SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
+        :param str ike_mode: IKE mode, the negotiation mode. Valid values: main and aggressive. Default value: main.
+        :param str ike_pfs: The Diffie-Hellman key exchange algorithm used in the first stage negotiation. Valid values: group1, group2, group5, or group14. Default value: group2.
+        :param str ike_version: The version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev1.
+        :param str local_id: The identifier on the Alibaba Cloud side of the IPsec connection. The length is limited to 100 characters. The default value is leftId-not-exist
+        :param str psk: A pre-shared key for authentication between the VPN gateway and the local data center. The key length is 1~100 characters.
+               - If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key.
+               - The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
+        :param str remote_id: The identifier of the IPsec connection to the local data center. The length is limited to 100 characters. The default value is the IP address of the user gateway.
         """
         if ike_auth_alg is not None:
             pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
@@ -1133,7 +1171,7 @@ class GatewayVpnAttachmentIkeConfig(dict):
     @pulumi.getter(name="ikeAuthAlg")
     def ike_auth_alg(self) -> Optional[str]:
         """
-        IKE authentication algorithm supports sha1 and MD5.
+        The authentication algorithm negotiated in the first stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: md5.
         """
         return pulumi.get(self, "ike_auth_alg")
 
@@ -1141,7 +1179,7 @@ class GatewayVpnAttachmentIkeConfig(dict):
     @pulumi.getter(name="ikeEncAlg")
     def ike_enc_alg(self) -> Optional[str]:
         """
-        The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.
+        The encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
         """
         return pulumi.get(self, "ike_enc_alg")
 
@@ -1149,7 +1187,7 @@ class GatewayVpnAttachmentIkeConfig(dict):
     @pulumi.getter(name="ikeLifetime")
     def ike_lifetime(self) -> Optional[int]:
         """
-        The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
+        The SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
         """
         return pulumi.get(self, "ike_lifetime")
 
@@ -1157,7 +1195,7 @@ class GatewayVpnAttachmentIkeConfig(dict):
     @pulumi.getter(name="ikeMode")
     def ike_mode(self) -> Optional[str]:
         """
-        The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: `main`.
+        IKE mode, the negotiation mode. Valid values: main and aggressive. Default value: main.
         """
         return pulumi.get(self, "ike_mode")
 
@@ -1165,7 +1203,7 @@ class GatewayVpnAttachmentIkeConfig(dict):
     @pulumi.getter(name="ikePfs")
     def ike_pfs(self) -> Optional[str]:
         """
-        The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
+        The Diffie-Hellman key exchange algorithm used in the first stage negotiation. Valid values: group1, group2, group5, or group14. Default value: group2.
         """
         return pulumi.get(self, "ike_pfs")
 
@@ -1173,7 +1211,7 @@ class GatewayVpnAttachmentIkeConfig(dict):
     @pulumi.getter(name="ikeVersion")
     def ike_version(self) -> Optional[str]:
         """
-        The version of the IKE protocol. Valid value: `ikev1`, `ikev2`. Default value: `ikev1`.
+        The version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev1.
         """
         return pulumi.get(self, "ike_version")
 
@@ -1181,7 +1219,7 @@ class GatewayVpnAttachmentIkeConfig(dict):
     @pulumi.getter(name="localId")
     def local_id(self) -> Optional[str]:
         """
-        The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.
+        The identifier on the Alibaba Cloud side of the IPsec connection. The length is limited to 100 characters. The default value is leftId-not-exist
         """
         return pulumi.get(self, "local_id")
 
@@ -1189,7 +1227,9 @@ class GatewayVpnAttachmentIkeConfig(dict):
     @pulumi.getter
     def psk(self) -> Optional[str]:
         """
-        Used for authentication between the IPsec VPN gateway and the customer gateway.
+        A pre-shared key for authentication between the VPN gateway and the local data center. The key length is 1~100 characters.
+        - If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key.
+        - The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
         """
         return pulumi.get(self, "psk")
 
@@ -1197,7 +1237,7 @@ class GatewayVpnAttachmentIkeConfig(dict):
     @pulumi.getter(name="remoteId")
     def remote_id(self) -> Optional[str]:
         """
-        The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.
+        The identifier of the IPsec connection to the local data center. The length is limited to 100 characters. The default value is the IP address of the user gateway.
         """
         return pulumi.get(self, "remote_id")
 
@@ -1233,10 +1273,10 @@ class GatewayVpnAttachmentIpsecConfig(dict):
                  ipsec_lifetime: Optional[int] = None,
                  ipsec_pfs: Optional[str] = None):
         """
-        :param str ipsec_auth_alg: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
-        :param str ipsec_enc_alg: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
-        :param int ipsec_lifetime: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
-        :param str ipsec_pfs: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2
+        :param str ipsec_auth_alg: The authentication algorithm negotiated in the second stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: MD5.
+        :param str ipsec_enc_alg: The encryption algorithm negotiated in the second stage. Valid values: aes, aes192, aes256, des, or 3des. Default value: aes.
+        :param int ipsec_lifetime: The life cycle of SA negotiated in the second stage. Unit: seconds. Value range: 0~86400. Default value: 86400.
+        :param str ipsec_pfs: Diffie-Hellman Key Exchange Algorithm Used in Second Stage Negotiation
         """
         if ipsec_auth_alg is not None:
             pulumi.set(__self__, "ipsec_auth_alg", ipsec_auth_alg)
@@ -1251,7 +1291,7 @@ class GatewayVpnAttachmentIpsecConfig(dict):
     @pulumi.getter(name="ipsecAuthAlg")
     def ipsec_auth_alg(self) -> Optional[str]:
         """
-        The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
+        The authentication algorithm negotiated in the second stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: MD5.
         """
         return pulumi.get(self, "ipsec_auth_alg")
 
@@ -1259,7 +1299,7 @@ class GatewayVpnAttachmentIpsecConfig(dict):
     @pulumi.getter(name="ipsecEncAlg")
     def ipsec_enc_alg(self) -> Optional[str]:
         """
-        The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
+        The encryption algorithm negotiated in the second stage. Valid values: aes, aes192, aes256, des, or 3des. Default value: aes.
         """
         return pulumi.get(self, "ipsec_enc_alg")
 
@@ -1267,7 +1307,7 @@ class GatewayVpnAttachmentIpsecConfig(dict):
     @pulumi.getter(name="ipsecLifetime")
     def ipsec_lifetime(self) -> Optional[int]:
         """
-        The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
+        The life cycle of SA negotiated in the second stage. Unit: seconds. Value range: 0~86400. Default value: 86400.
         """
         return pulumi.get(self, "ipsec_lifetime")
 
@@ -1275,176 +1315,644 @@ class GatewayVpnAttachmentIpsecConfig(dict):
     @pulumi.getter(name="ipsecPfs")
     def ipsec_pfs(self) -> Optional[str]:
         """
-        The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2
+        Diffie-Hellman Key Exchange Algorithm Used in Second Stage Negotiation
         """
         return pulumi.get(self, "ipsec_pfs")
 
 
 @pulumi.output_type
-class IpsecServerIkeConfig(dict):
+class GatewayVpnAttachmentTunnelOptionsSpecification(dict):
     @staticmethod
     def __key_warning(key: str):
         suggest = None
-        if key == "ikeAuthAlg":
-            suggest = "ike_auth_alg"
-        elif key == "ikeEncAlg":
-            suggest = "ike_enc_alg"
-        elif key == "ikeLifetime":
-            suggest = "ike_lifetime"
-        elif key == "ikeMode":
-            suggest = "ike_mode"
-        elif key == "ikePfs":
-            suggest = "ike_pfs"
-        elif key == "ikeVersion":
-            suggest = "ike_version"
-        elif key == "localId":
-            suggest = "local_id"
-        elif key == "remoteId":
-            suggest = "remote_id"
+        if key == "customerGatewayId":
+            suggest = "customer_gateway_id"
+        elif key == "tunnelIndex":
+            suggest = "tunnel_index"
+        elif key == "enableDpd":
+            suggest = "enable_dpd"
+        elif key == "enableNatTraversal":
+            suggest = "enable_nat_traversal"
+        elif key == "internetIp":
+            suggest = "internet_ip"
+        elif key == "tunnelBgpConfig":
+            suggest = "tunnel_bgp_config"
+        elif key == "tunnelId":
+            suggest = "tunnel_id"
+        elif key == "tunnelIkeConfig":
+            suggest = "tunnel_ike_config"
+        elif key == "tunnelIpsecConfig":
+            suggest = "tunnel_ipsec_config"
+        elif key == "zoneNo":
+            suggest = "zone_no"
 
         if suggest:
-            pulumi.log.warn(f"Key '{key}' not found in IpsecServerIkeConfig. Access the value via the '{suggest}' property getter instead.")
+            pulumi.log.warn(f"Key '{key}' not found in GatewayVpnAttachmentTunnelOptionsSpecification. Access the value via the '{suggest}' property getter instead.")
 
     def __getitem__(self, key: str) -> Any:
-        IpsecServerIkeConfig.__key_warning(key)
+        GatewayVpnAttachmentTunnelOptionsSpecification.__key_warning(key)
         return super().__getitem__(key)
 
     def get(self, key: str, default = None) -> Any:
-        IpsecServerIkeConfig.__key_warning(key)
+        GatewayVpnAttachmentTunnelOptionsSpecification.__key_warning(key)
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 ike_auth_alg: Optional[str] = None,
-                 ike_enc_alg: Optional[str] = None,
-                 ike_lifetime: Optional[int] = None,
-                 ike_mode: Optional[str] = None,
-                 ike_pfs: Optional[str] = None,
-                 ike_version: Optional[str] = None,
-                 local_id: Optional[str] = None,
-                 remote_id: Optional[str] = None):
+                 customer_gateway_id: str,
+                 tunnel_index: int,
+                 enable_dpd: Optional[bool] = None,
+                 enable_nat_traversal: Optional[bool] = None,
+                 internet_ip: Optional[str] = None,
+                 role: Optional[str] = None,
+                 state: Optional[str] = None,
+                 status: Optional[str] = None,
+                 tunnel_bgp_config: Optional['outputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfig'] = None,
+                 tunnel_id: Optional[str] = None,
+                 tunnel_ike_config: Optional['outputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfig'] = None,
+                 tunnel_ipsec_config: Optional['outputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfig'] = None,
+                 zone_no: Optional[str] = None):
         """
-        :param str ike_auth_alg: The authentication algorithm that is used in Phase 1 negotiations. Default value: `sha1`.
-        :param str ike_enc_alg: The encryption algorithm that is used in Phase 1 negotiations. Default value: `aes`.
-        :param int ike_lifetime: IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values: `0` to `86400`. Default value: `86400`. Unit: `seconds`.
-        :param str ike_mode: The IKE negotiation mode. Default value: `main`.
-        :param str ike_pfs: The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value: `group2`.
-        :param str ike_version: The IKE version. Valid values: `ikev1` and `ikev2`. Default value: `ikev2`.
-        :param str local_id: The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
-        :param str remote_id: The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
+        :param str customer_gateway_id: The ID of the user gateway associated with the tunnel.
+               
+               > **NOTE:**  This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
+        :param int tunnel_index: The order in which the tunnel was created.
+        :param bool enable_dpd: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:
+        :param bool enable_nat_traversal: Whether the NAT crossing function is enabled for the tunnel. Value:
+        :param str internet_ip: The local internet IP in Tunnel.
+        :param str role: The role of Tunnel.
+        :param str state: The state of Tunnel.
+        :param str status: The negotiation status of Tunnel.
+        :param 'GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs' tunnel_bgp_config: Add the BGP configuration for the tunnel.
+               
+               > **NOTE:**  After you enable the BGP function for IPsec connections (that is, specify `EnableTunnelsBgp` as `true`), you must configure this parameter.
+               See `tunnel_bgp_config` below.
+        :param str tunnel_id: The tunnel ID of IPsec-VPN connection.
+        :param 'GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs' tunnel_ike_config: Configuration information for the first phase negotiation. See `tunnel_ike_config` below.
+        :param 'GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs' tunnel_ipsec_config: Configuration information for the second-stage negotiation. See `tunnel_ipsec_config` below.
+        :param str zone_no: The zoneNo of tunnel.
         """
-        if ike_auth_alg is not None:
-            pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
-        if ike_enc_alg is not None:
-            pulumi.set(__self__, "ike_enc_alg", ike_enc_alg)
-        if ike_lifetime is not None:
-            pulumi.set(__self__, "ike_lifetime", ike_lifetime)
-        if ike_mode is not None:
-            pulumi.set(__self__, "ike_mode", ike_mode)
-        if ike_pfs is not None:
-            pulumi.set(__self__, "ike_pfs", ike_pfs)
-        if ike_version is not None:
-            pulumi.set(__self__, "ike_version", ike_version)
-        if local_id is not None:
-            pulumi.set(__self__, "local_id", local_id)
-        if remote_id is not None:
-            pulumi.set(__self__, "remote_id", remote_id)
+        pulumi.set(__self__, "customer_gateway_id", customer_gateway_id)
+        pulumi.set(__self__, "tunnel_index", tunnel_index)
+        if enable_dpd is not None:
+            pulumi.set(__self__, "enable_dpd", enable_dpd)
+        if enable_nat_traversal is not None:
+            pulumi.set(__self__, "enable_nat_traversal", enable_nat_traversal)
+        if internet_ip is not None:
+            pulumi.set(__self__, "internet_ip", internet_ip)
+        if role is not None:
+            pulumi.set(__self__, "role", role)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+        if status is not None:
+            pulumi.set(__self__, "status", status)
+        if tunnel_bgp_config is not None:
+            pulumi.set(__self__, "tunnel_bgp_config", tunnel_bgp_config)
+        if tunnel_id is not None:
+            pulumi.set(__self__, "tunnel_id", tunnel_id)
+        if tunnel_ike_config is not None:
+            pulumi.set(__self__, "tunnel_ike_config", tunnel_ike_config)
+        if tunnel_ipsec_config is not None:
+            pulumi.set(__self__, "tunnel_ipsec_config", tunnel_ipsec_config)
+        if zone_no is not None:
+            pulumi.set(__self__, "zone_no", zone_no)
 
     @property
-    @pulumi.getter(name="ikeAuthAlg")
-    def ike_auth_alg(self) -> Optional[str]:
+    @pulumi.getter(name="customerGatewayId")
+    def customer_gateway_id(self) -> str:
         """
-        The authentication algorithm that is used in Phase 1 negotiations. Default value: `sha1`.
+        The ID of the user gateway associated with the tunnel.
+
+        > **NOTE:**  This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
         """
-        return pulumi.get(self, "ike_auth_alg")
+        return pulumi.get(self, "customer_gateway_id")
 
     @property
-    @pulumi.getter(name="ikeEncAlg")
-    def ike_enc_alg(self) -> Optional[str]:
+    @pulumi.getter(name="tunnelIndex")
+    def tunnel_index(self) -> int:
         """
-        The encryption algorithm that is used in Phase 1 negotiations. Default value: `aes`.
+        The order in which the tunnel was created.
         """
-        return pulumi.get(self, "ike_enc_alg")
+        return pulumi.get(self, "tunnel_index")
 
     @property
-    @pulumi.getter(name="ikeLifetime")
-    def ike_lifetime(self) -> Optional[int]:
+    @pulumi.getter(name="enableDpd")
+    def enable_dpd(self) -> Optional[bool]:
         """
-        IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values: `0` to `86400`. Default value: `86400`. Unit: `seconds`.
+        Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:
         """
-        return pulumi.get(self, "ike_lifetime")
+        return pulumi.get(self, "enable_dpd")
 
     @property
-    @pulumi.getter(name="ikeMode")
-    def ike_mode(self) -> Optional[str]:
+    @pulumi.getter(name="enableNatTraversal")
+    def enable_nat_traversal(self) -> Optional[bool]:
         """
-        The IKE negotiation mode. Default value: `main`.
+        Whether the NAT crossing function is enabled for the tunnel. Value:
         """
-        return pulumi.get(self, "ike_mode")
+        return pulumi.get(self, "enable_nat_traversal")
 
     @property
-    @pulumi.getter(name="ikePfs")
-    def ike_pfs(self) -> Optional[str]:
+    @pulumi.getter(name="internetIp")
+    def internet_ip(self) -> Optional[str]:
         """
-        The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value: `group2`.
+        The local internet IP in Tunnel.
         """
-        return pulumi.get(self, "ike_pfs")
+        return pulumi.get(self, "internet_ip")
 
     @property
-    @pulumi.getter(name="ikeVersion")
-    def ike_version(self) -> Optional[str]:
+    @pulumi.getter
+    def role(self) -> Optional[str]:
         """
-        The IKE version. Valid values: `ikev1` and `ikev2`. Default value: `ikev2`.
+        The role of Tunnel.
         """
-        return pulumi.get(self, "ike_version")
+        return pulumi.get(self, "role")
 
     @property
-    @pulumi.getter(name="localId")
-    def local_id(self) -> Optional[str]:
+    @pulumi.getter
+    def state(self) -> Optional[str]:
         """
-        The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
+        The state of Tunnel.
         """
-        return pulumi.get(self, "local_id")
+        return pulumi.get(self, "state")
 
     @property
-    @pulumi.getter(name="remoteId")
-    def remote_id(self) -> Optional[str]:
+    @pulumi.getter
+    def status(self) -> Optional[str]:
         """
-        The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
+        The negotiation status of Tunnel.
         """
-        return pulumi.get(self, "remote_id")
+        return pulumi.get(self, "status")
+
+    @property
+    @pulumi.getter(name="tunnelBgpConfig")
+    def tunnel_bgp_config(self) -> Optional['outputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfig']:
+        """
+        Add the BGP configuration for the tunnel.
+
+        > **NOTE:**  After you enable the BGP function for IPsec connections (that is, specify `EnableTunnelsBgp` as `true`), you must configure this parameter.
+        See `tunnel_bgp_config` below.
+        """
+        return pulumi.get(self, "tunnel_bgp_config")
+
+    @property
+    @pulumi.getter(name="tunnelId")
+    def tunnel_id(self) -> Optional[str]:
+        """
+        The tunnel ID of IPsec-VPN connection.
+        """
+        return pulumi.get(self, "tunnel_id")
+
+    @property
+    @pulumi.getter(name="tunnelIkeConfig")
+    def tunnel_ike_config(self) -> Optional['outputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfig']:
+        """
+        Configuration information for the first phase negotiation. See `tunnel_ike_config` below.
+        """
+        return pulumi.get(self, "tunnel_ike_config")
+
+    @property
+    @pulumi.getter(name="tunnelIpsecConfig")
+    def tunnel_ipsec_config(self) -> Optional['outputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfig']:
+        """
+        Configuration information for the second-stage negotiation. See `tunnel_ipsec_config` below.
+        """
+        return pulumi.get(self, "tunnel_ipsec_config")
+
+    @property
+    @pulumi.getter(name="zoneNo")
+    def zone_no(self) -> Optional[str]:
+        """
+        The zoneNo of tunnel.
+        """
+        return pulumi.get(self, "zone_no")
 
 
 @pulumi.output_type
-class IpsecServerIpsecConfig(dict):
+class GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfig(dict):
     @staticmethod
     def __key_warning(key: str):
         suggest = None
-        if key == "ipsecAuthAlg":
-            suggest = "ipsec_auth_alg"
-        elif key == "ipsecEncAlg":
-            suggest = "ipsec_enc_alg"
-        elif key == "ipsecLifetime":
-            suggest = "ipsec_lifetime"
-        elif key == "ipsecPfs":
-            suggest = "ipsec_pfs"
+        if key == "bgpStatus":
+            suggest = "bgp_status"
+        elif key == "localAsn":
+            suggest = "local_asn"
+        elif key == "localBgpIp":
+            suggest = "local_bgp_ip"
+        elif key == "peerAsn":
+            suggest = "peer_asn"
+        elif key == "peerBgpIp":
+            suggest = "peer_bgp_ip"
+        elif key == "tunnelCidr":
+            suggest = "tunnel_cidr"
 
         if suggest:
-            pulumi.log.warn(f"Key '{key}' not found in IpsecServerIpsecConfig. Access the value via the '{suggest}' property getter instead.")
+            pulumi.log.warn(f"Key '{key}' not found in GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfig. Access the value via the '{suggest}' property getter instead.")
 
     def __getitem__(self, key: str) -> Any:
-        IpsecServerIpsecConfig.__key_warning(key)
+        GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfig.__key_warning(key)
         return super().__getitem__(key)
 
     def get(self, key: str, default = None) -> Any:
-        IpsecServerIpsecConfig.__key_warning(key)
+        GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfig.__key_warning(key)
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 ipsec_auth_alg: Optional[str] = None,
-                 ipsec_enc_alg: Optional[str] = None,
-                 ipsec_lifetime: Optional[int] = None,
-                 ipsec_pfs: Optional[str] = None):
-        """
+                 bgp_status: Optional[str] = None,
+                 local_asn: Optional[int] = None,
+                 local_bgp_ip: Optional[str] = None,
+                 peer_asn: Optional[str] = None,
+                 peer_bgp_ip: Optional[str] = None,
+                 tunnel_cidr: Optional[str] = None):
+        """
+        :param str bgp_status: BGP status.
+        :param str peer_asn: Peer asn.
+        :param str peer_bgp_ip: Peer bgp ip.
+        """
+        if bgp_status is not None:
+            pulumi.set(__self__, "bgp_status", bgp_status)
+        if local_asn is not None:
+            pulumi.set(__self__, "local_asn", local_asn)
+        if local_bgp_ip is not None:
+            pulumi.set(__self__, "local_bgp_ip", local_bgp_ip)
+        if peer_asn is not None:
+            pulumi.set(__self__, "peer_asn", peer_asn)
+        if peer_bgp_ip is not None:
+            pulumi.set(__self__, "peer_bgp_ip", peer_bgp_ip)
+        if tunnel_cidr is not None:
+            pulumi.set(__self__, "tunnel_cidr", tunnel_cidr)
+
+    @property
+    @pulumi.getter(name="bgpStatus")
+    def bgp_status(self) -> Optional[str]:
+        """
+        BGP status.
+        """
+        return pulumi.get(self, "bgp_status")
+
+    @property
+    @pulumi.getter(name="localAsn")
+    def local_asn(self) -> Optional[int]:
+        return pulumi.get(self, "local_asn")
+
+    @property
+    @pulumi.getter(name="localBgpIp")
+    def local_bgp_ip(self) -> Optional[str]:
+        return pulumi.get(self, "local_bgp_ip")
+
+    @property
+    @pulumi.getter(name="peerAsn")
+    def peer_asn(self) -> Optional[str]:
+        """
+        Peer asn.
+        """
+        return pulumi.get(self, "peer_asn")
+
+    @property
+    @pulumi.getter(name="peerBgpIp")
+    def peer_bgp_ip(self) -> Optional[str]:
+        """
+        Peer bgp ip.
+        """
+        return pulumi.get(self, "peer_bgp_ip")
+
+    @property
+    @pulumi.getter(name="tunnelCidr")
+    def tunnel_cidr(self) -> Optional[str]:
+        return pulumi.get(self, "tunnel_cidr")
+
+
+@pulumi.output_type
+class GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfig(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "ikeAuthAlg":
+            suggest = "ike_auth_alg"
+        elif key == "ikeEncAlg":
+            suggest = "ike_enc_alg"
+        elif key == "ikeLifetime":
+            suggest = "ike_lifetime"
+        elif key == "ikeMode":
+            suggest = "ike_mode"
+        elif key == "ikePfs":
+            suggest = "ike_pfs"
+        elif key == "ikeVersion":
+            suggest = "ike_version"
+        elif key == "localId":
+            suggest = "local_id"
+        elif key == "remoteId":
+            suggest = "remote_id"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfig. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfig.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfig.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 ike_auth_alg: Optional[str] = None,
+                 ike_enc_alg: Optional[str] = None,
+                 ike_lifetime: Optional[int] = None,
+                 ike_mode: Optional[str] = None,
+                 ike_pfs: Optional[str] = None,
+                 ike_version: Optional[str] = None,
+                 local_id: Optional[str] = None,
+                 psk: Optional[str] = None,
+                 remote_id: Optional[str] = None):
+        if ike_auth_alg is not None:
+            pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
+        if ike_enc_alg is not None:
+            pulumi.set(__self__, "ike_enc_alg", ike_enc_alg)
+        if ike_lifetime is not None:
+            pulumi.set(__self__, "ike_lifetime", ike_lifetime)
+        if ike_mode is not None:
+            pulumi.set(__self__, "ike_mode", ike_mode)
+        if ike_pfs is not None:
+            pulumi.set(__self__, "ike_pfs", ike_pfs)
+        if ike_version is not None:
+            pulumi.set(__self__, "ike_version", ike_version)
+        if local_id is not None:
+            pulumi.set(__self__, "local_id", local_id)
+        if psk is not None:
+            pulumi.set(__self__, "psk", psk)
+        if remote_id is not None:
+            pulumi.set(__self__, "remote_id", remote_id)
+
+    @property
+    @pulumi.getter(name="ikeAuthAlg")
+    def ike_auth_alg(self) -> Optional[str]:
+        return pulumi.get(self, "ike_auth_alg")
+
+    @property
+    @pulumi.getter(name="ikeEncAlg")
+    def ike_enc_alg(self) -> Optional[str]:
+        return pulumi.get(self, "ike_enc_alg")
+
+    @property
+    @pulumi.getter(name="ikeLifetime")
+    def ike_lifetime(self) -> Optional[int]:
+        return pulumi.get(self, "ike_lifetime")
+
+    @property
+    @pulumi.getter(name="ikeMode")
+    def ike_mode(self) -> Optional[str]:
+        return pulumi.get(self, "ike_mode")
+
+    @property
+    @pulumi.getter(name="ikePfs")
+    def ike_pfs(self) -> Optional[str]:
+        return pulumi.get(self, "ike_pfs")
+
+    @property
+    @pulumi.getter(name="ikeVersion")
+    def ike_version(self) -> Optional[str]:
+        return pulumi.get(self, "ike_version")
+
+    @property
+    @pulumi.getter(name="localId")
+    def local_id(self) -> Optional[str]:
+        return pulumi.get(self, "local_id")
+
+    @property
+    @pulumi.getter
+    def psk(self) -> Optional[str]:
+        return pulumi.get(self, "psk")
+
+    @property
+    @pulumi.getter(name="remoteId")
+    def remote_id(self) -> Optional[str]:
+        return pulumi.get(self, "remote_id")
+
+
+@pulumi.output_type
+class GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfig(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "ipsecAuthAlg":
+            suggest = "ipsec_auth_alg"
+        elif key == "ipsecEncAlg":
+            suggest = "ipsec_enc_alg"
+        elif key == "ipsecLifetime":
+            suggest = "ipsec_lifetime"
+        elif key == "ipsecPfs":
+            suggest = "ipsec_pfs"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfig. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfig.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfig.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 ipsec_auth_alg: Optional[str] = None,
+                 ipsec_enc_alg: Optional[str] = None,
+                 ipsec_lifetime: Optional[int] = None,
+                 ipsec_pfs: Optional[str] = None):
+        if ipsec_auth_alg is not None:
+            pulumi.set(__self__, "ipsec_auth_alg", ipsec_auth_alg)
+        if ipsec_enc_alg is not None:
+            pulumi.set(__self__, "ipsec_enc_alg", ipsec_enc_alg)
+        if ipsec_lifetime is not None:
+            pulumi.set(__self__, "ipsec_lifetime", ipsec_lifetime)
+        if ipsec_pfs is not None:
+            pulumi.set(__self__, "ipsec_pfs", ipsec_pfs)
+
+    @property
+    @pulumi.getter(name="ipsecAuthAlg")
+    def ipsec_auth_alg(self) -> Optional[str]:
+        return pulumi.get(self, "ipsec_auth_alg")
+
+    @property
+    @pulumi.getter(name="ipsecEncAlg")
+    def ipsec_enc_alg(self) -> Optional[str]:
+        return pulumi.get(self, "ipsec_enc_alg")
+
+    @property
+    @pulumi.getter(name="ipsecLifetime")
+    def ipsec_lifetime(self) -> Optional[int]:
+        return pulumi.get(self, "ipsec_lifetime")
+
+    @property
+    @pulumi.getter(name="ipsecPfs")
+    def ipsec_pfs(self) -> Optional[str]:
+        return pulumi.get(self, "ipsec_pfs")
+
+
+@pulumi.output_type
+class IpsecServerIkeConfig(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "ikeAuthAlg":
+            suggest = "ike_auth_alg"
+        elif key == "ikeEncAlg":
+            suggest = "ike_enc_alg"
+        elif key == "ikeLifetime":
+            suggest = "ike_lifetime"
+        elif key == "ikeMode":
+            suggest = "ike_mode"
+        elif key == "ikePfs":
+            suggest = "ike_pfs"
+        elif key == "ikeVersion":
+            suggest = "ike_version"
+        elif key == "localId":
+            suggest = "local_id"
+        elif key == "remoteId":
+            suggest = "remote_id"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in IpsecServerIkeConfig. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        IpsecServerIkeConfig.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        IpsecServerIkeConfig.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 ike_auth_alg: Optional[str] = None,
+                 ike_enc_alg: Optional[str] = None,
+                 ike_lifetime: Optional[int] = None,
+                 ike_mode: Optional[str] = None,
+                 ike_pfs: Optional[str] = None,
+                 ike_version: Optional[str] = None,
+                 local_id: Optional[str] = None,
+                 remote_id: Optional[str] = None):
+        """
+        :param str ike_auth_alg: The authentication algorithm that is used in Phase 1 negotiations. Default value: `sha1`.
+        :param str ike_enc_alg: The encryption algorithm that is used in Phase 1 negotiations. Default value: `aes`.
+        :param int ike_lifetime: IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values: `0` to `86400`. Default value: `86400`. Unit: `seconds`.
+        :param str ike_mode: The IKE negotiation mode. Default value: `main`.
+        :param str ike_pfs: The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value: `group2`.
+        :param str ike_version: The IKE version. Valid values: `ikev1` and `ikev2`. Default value: `ikev2`.
+        :param str local_id: The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
+        :param str remote_id: The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
+        """
+        if ike_auth_alg is not None:
+            pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
+        if ike_enc_alg is not None:
+            pulumi.set(__self__, "ike_enc_alg", ike_enc_alg)
+        if ike_lifetime is not None:
+            pulumi.set(__self__, "ike_lifetime", ike_lifetime)
+        if ike_mode is not None:
+            pulumi.set(__self__, "ike_mode", ike_mode)
+        if ike_pfs is not None:
+            pulumi.set(__self__, "ike_pfs", ike_pfs)
+        if ike_version is not None:
+            pulumi.set(__self__, "ike_version", ike_version)
+        if local_id is not None:
+            pulumi.set(__self__, "local_id", local_id)
+        if remote_id is not None:
+            pulumi.set(__self__, "remote_id", remote_id)
+
+    @property
+    @pulumi.getter(name="ikeAuthAlg")
+    def ike_auth_alg(self) -> Optional[str]:
+        """
+        The authentication algorithm that is used in Phase 1 negotiations. Default value: `sha1`.
+        """
+        return pulumi.get(self, "ike_auth_alg")
+
+    @property
+    @pulumi.getter(name="ikeEncAlg")
+    def ike_enc_alg(self) -> Optional[str]:
+        """
+        The encryption algorithm that is used in Phase 1 negotiations. Default value: `aes`.
+        """
+        return pulumi.get(self, "ike_enc_alg")
+
+    @property
+    @pulumi.getter(name="ikeLifetime")
+    def ike_lifetime(self) -> Optional[int]:
+        """
+        IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Valid values: `0` to `86400`. Default value: `86400`. Unit: `seconds`.
+        """
+        return pulumi.get(self, "ike_lifetime")
+
+    @property
+    @pulumi.getter(name="ikeMode")
+    def ike_mode(self) -> Optional[str]:
+        """
+        The IKE negotiation mode. Default value: `main`.
+        """
+        return pulumi.get(self, "ike_mode")
+
+    @property
+    @pulumi.getter(name="ikePfs")
+    def ike_pfs(self) -> Optional[str]:
+        """
+        The Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Default value: `group2`.
+        """
+        return pulumi.get(self, "ike_pfs")
+
+    @property
+    @pulumi.getter(name="ikeVersion")
+    def ike_version(self) -> Optional[str]:
+        """
+        The IKE version. Valid values: `ikev1` and `ikev2`. Default value: `ikev2`.
+        """
+        return pulumi.get(self, "ike_version")
+
+    @property
+    @pulumi.getter(name="localId")
+    def local_id(self) -> Optional[str]:
+        """
+        The identifier of the IPsec server. The value can be a fully qualified domain name (FQDN) or an IP address. The default value is the public IP address of the VPN gateway.
+        """
+        return pulumi.get(self, "local_id")
+
+    @property
+    @pulumi.getter(name="remoteId")
+    def remote_id(self) -> Optional[str]:
+        """
+        The identifier of the customer gateway. The value can be an FQDN or an IP address. By default, this parameter is not specified.
+        """
+        return pulumi.get(self, "remote_id")
+
+
+@pulumi.output_type
+class IpsecServerIpsecConfig(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "ipsecAuthAlg":
+            suggest = "ipsec_auth_alg"
+        elif key == "ipsecEncAlg":
+            suggest = "ipsec_enc_alg"
+        elif key == "ipsecLifetime":
+            suggest = "ipsec_lifetime"
+        elif key == "ipsecPfs":
+            suggest = "ipsec_pfs"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in IpsecServerIpsecConfig. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        IpsecServerIpsecConfig.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        IpsecServerIpsecConfig.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 ipsec_auth_alg: Optional[str] = None,
+                 ipsec_enc_alg: Optional[str] = None,
+                 ipsec_lifetime: Optional[int] = None,
+                 ipsec_pfs: Optional[str] = None):
+        """
         :param str ipsec_auth_alg: The authentication algorithm that is used in Phase 2 negotiations. Default value: `sha1`.
         :param str ipsec_enc_alg: The encryption algorithm that is used in Phase 2 negotiations. Default value: `aes`.
         :param int ipsec_lifetime: The SA lifetime determined by Phase 2 negotiations. Valid values: `0` to `86400`. Default value: `86400`. Unit: `seconds`.
@@ -1463,7 +1971,363 @@ class IpsecServerIpsecConfig(dict):
     @pulumi.getter(name="ipsecAuthAlg")
     def ipsec_auth_alg(self) -> Optional[str]:
         """
-        The authentication algorithm that is used in Phase 2 negotiations. Default value: `sha1`.
+        The authentication algorithm that is used in Phase 2 negotiations. Default value: `sha1`.
+        """
+        return pulumi.get(self, "ipsec_auth_alg")
+
+    @property
+    @pulumi.getter(name="ipsecEncAlg")
+    def ipsec_enc_alg(self) -> Optional[str]:
+        """
+        The encryption algorithm that is used in Phase 2 negotiations. Default value: `aes`.
+        """
+        return pulumi.get(self, "ipsec_enc_alg")
+
+    @property
+    @pulumi.getter(name="ipsecLifetime")
+    def ipsec_lifetime(self) -> Optional[int]:
+        """
+        The SA lifetime determined by Phase 2 negotiations. Valid values: `0` to `86400`. Default value: `86400`. Unit: `seconds`.
+        """
+        return pulumi.get(self, "ipsec_lifetime")
+
+    @property
+    @pulumi.getter(name="ipsecPfs")
+    def ipsec_pfs(self) -> Optional[str]:
+        """
+        Forwards packets of all protocols. The Diffie-Hellman key exchange algorithm used in Phase 2 negotiations. Default value: `group2`.
+        """
+        return pulumi.get(self, "ipsec_pfs")
+
+
+@pulumi.output_type
+class GetConnectionsConnectionResult(dict):
+    def __init__(__self__, *,
+                 create_time: str,
+                 customer_gateway_id: str,
+                 effect_immediately: bool,
+                 enable_dpd: bool,
+                 enable_nat_traversal: bool,
+                 enable_tunnels_bgp: bool,
+                 id: str,
+                 local_subnet: str,
+                 name: str,
+                 remote_subnet: str,
+                 status: str,
+                 tunnel_options_specifications: Sequence['outputs.GetConnectionsConnectionTunnelOptionsSpecificationResult'],
+                 vpn_gateway_id: str,
+                 ike_configs: Optional[Sequence['outputs.GetConnectionsConnectionIkeConfigResult']] = None,
+                 ipsec_configs: Optional[Sequence['outputs.GetConnectionsConnectionIpsecConfigResult']] = None,
+                 vco_health_checks: Optional[Sequence['outputs.GetConnectionsConnectionVcoHealthCheckResult']] = None,
+                 vpn_bgp_configs: Optional[Sequence['outputs.GetConnectionsConnectionVpnBgpConfigResult']] = None):
+        """
+        :param str customer_gateway_id: Use the VPN customer gateway ID as the search key.
+        :param bool enable_dpd: Wether enable Dpd detection.
+        :param bool enable_nat_traversal: enable nat traversal.
+        :param bool enable_tunnels_bgp: Enable tunnel bgp.
+        :param str id: ID of the VPN connection.
+        :param str local_subnet: The local subnet of the VPN connection.
+        :param str name: The name of the VPN connection.
+        :param str remote_subnet: The remote subnet of the VPN connection.
+        :param str status: The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        :param Sequence['GetConnectionsConnectionTunnelOptionsSpecificationArgs'] tunnel_options_specifications: The tunnel_options_specification supports the following:
+        :param str vpn_gateway_id: Use the VPN gateway ID as the search key.
+        :param Sequence['GetConnectionsConnectionIkeConfigArgs'] ike_configs: The ike_config mapping supports the following:
+        :param Sequence['GetConnectionsConnectionIpsecConfigArgs'] ipsec_configs: The ipsec_config mapping supports the following:
+        :param Sequence['GetConnectionsConnectionVpnBgpConfigArgs'] vpn_bgp_configs: The vpn_bgp_config mapping supports the following:
+        """
+        pulumi.set(__self__, "create_time", create_time)
+        pulumi.set(__self__, "customer_gateway_id", customer_gateway_id)
+        pulumi.set(__self__, "effect_immediately", effect_immediately)
+        pulumi.set(__self__, "enable_dpd", enable_dpd)
+        pulumi.set(__self__, "enable_nat_traversal", enable_nat_traversal)
+        pulumi.set(__self__, "enable_tunnels_bgp", enable_tunnels_bgp)
+        pulumi.set(__self__, "id", id)
+        pulumi.set(__self__, "local_subnet", local_subnet)
+        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "remote_subnet", remote_subnet)
+        pulumi.set(__self__, "status", status)
+        pulumi.set(__self__, "tunnel_options_specifications", tunnel_options_specifications)
+        pulumi.set(__self__, "vpn_gateway_id", vpn_gateway_id)
+        if ike_configs is not None:
+            pulumi.set(__self__, "ike_configs", ike_configs)
+        if ipsec_configs is not None:
+            pulumi.set(__self__, "ipsec_configs", ipsec_configs)
+        if vco_health_checks is not None:
+            pulumi.set(__self__, "vco_health_checks", vco_health_checks)
+        if vpn_bgp_configs is not None:
+            pulumi.set(__self__, "vpn_bgp_configs", vpn_bgp_configs)
+
+    @property
+    @pulumi.getter(name="createTime")
+    def create_time(self) -> str:
+        return pulumi.get(self, "create_time")
+
+    @property
+    @pulumi.getter(name="customerGatewayId")
+    def customer_gateway_id(self) -> str:
+        """
+        Use the VPN customer gateway ID as the search key.
+        """
+        return pulumi.get(self, "customer_gateway_id")
+
+    @property
+    @pulumi.getter(name="effectImmediately")
+    def effect_immediately(self) -> bool:
+        return pulumi.get(self, "effect_immediately")
+
+    @property
+    @pulumi.getter(name="enableDpd")
+    def enable_dpd(self) -> bool:
+        """
+        Wether enable Dpd detection.
+        """
+        return pulumi.get(self, "enable_dpd")
+
+    @property
+    @pulumi.getter(name="enableNatTraversal")
+    def enable_nat_traversal(self) -> bool:
+        """
+        enable nat traversal.
+        """
+        return pulumi.get(self, "enable_nat_traversal")
+
+    @property
+    @pulumi.getter(name="enableTunnelsBgp")
+    def enable_tunnels_bgp(self) -> bool:
+        """
+        Enable tunnel bgp.
+        """
+        return pulumi.get(self, "enable_tunnels_bgp")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        ID of the VPN connection.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="localSubnet")
+    def local_subnet(self) -> str:
+        """
+        The local subnet of the VPN connection.
+        """
+        return pulumi.get(self, "local_subnet")
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        """
+        The name of the VPN connection.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter(name="remoteSubnet")
+    def remote_subnet(self) -> str:
+        """
+        The remote subnet of the VPN connection.
+        """
+        return pulumi.get(self, "remote_subnet")
+
+    @property
+    @pulumi.getter
+    def status(self) -> str:
+        """
+        The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        """
+        return pulumi.get(self, "status")
+
+    @property
+    @pulumi.getter(name="tunnelOptionsSpecifications")
+    def tunnel_options_specifications(self) -> Sequence['outputs.GetConnectionsConnectionTunnelOptionsSpecificationResult']:
+        """
+        The tunnel_options_specification supports the following:
+        """
+        return pulumi.get(self, "tunnel_options_specifications")
+
+    @property
+    @pulumi.getter(name="vpnGatewayId")
+    def vpn_gateway_id(self) -> str:
+        """
+        Use the VPN gateway ID as the search key.
+        """
+        return pulumi.get(self, "vpn_gateway_id")
+
+    @property
+    @pulumi.getter(name="ikeConfigs")
+    def ike_configs(self) -> Optional[Sequence['outputs.GetConnectionsConnectionIkeConfigResult']]:
+        """
+        The ike_config mapping supports the following:
+        """
+        return pulumi.get(self, "ike_configs")
+
+    @property
+    @pulumi.getter(name="ipsecConfigs")
+    def ipsec_configs(self) -> Optional[Sequence['outputs.GetConnectionsConnectionIpsecConfigResult']]:
+        """
+        The ipsec_config mapping supports the following:
+        """
+        return pulumi.get(self, "ipsec_configs")
+
+    @property
+    @pulumi.getter(name="vcoHealthChecks")
+    def vco_health_checks(self) -> Optional[Sequence['outputs.GetConnectionsConnectionVcoHealthCheckResult']]:
+        return pulumi.get(self, "vco_health_checks")
+
+    @property
+    @pulumi.getter(name="vpnBgpConfigs")
+    def vpn_bgp_configs(self) -> Optional[Sequence['outputs.GetConnectionsConnectionVpnBgpConfigResult']]:
+        """
+        The vpn_bgp_config mapping supports the following:
+        """
+        return pulumi.get(self, "vpn_bgp_configs")
+
+
+@pulumi.output_type
+class GetConnectionsConnectionIkeConfigResult(dict):
+    def __init__(__self__, *,
+                 ike_auth_alg: Optional[str] = None,
+                 ike_enc_alg: Optional[str] = None,
+                 ike_lifetime: Optional[int] = None,
+                 ike_local_id: Optional[str] = None,
+                 ike_mode: Optional[str] = None,
+                 ike_pfs: Optional[str] = None,
+                 ike_remote_id: Optional[str] = None,
+                 ike_version: Optional[str] = None,
+                 psk: Optional[str] = None):
+        """
+        :param str ike_auth_alg: IKE auth Algorithm.
+        :param str ike_enc_alg: IKE encript algorithm.
+        :param int ike_lifetime: IKE lifetime.
+        :param str ike_local_id: The identification of the VPN gateway.
+        :param str ike_mode: IKE Mode.
+        :param str ike_pfs: DH Group.
+        :param str ike_remote_id: The identification of the customer gateway.
+        :param str ike_version: IKE Version.
+        :param str psk: Preshared secret key.
+        """
+        if ike_auth_alg is not None:
+            pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
+        if ike_enc_alg is not None:
+            pulumi.set(__self__, "ike_enc_alg", ike_enc_alg)
+        if ike_lifetime is not None:
+            pulumi.set(__self__, "ike_lifetime", ike_lifetime)
+        if ike_local_id is not None:
+            pulumi.set(__self__, "ike_local_id", ike_local_id)
+        if ike_mode is not None:
+            pulumi.set(__self__, "ike_mode", ike_mode)
+        if ike_pfs is not None:
+            pulumi.set(__self__, "ike_pfs", ike_pfs)
+        if ike_remote_id is not None:
+            pulumi.set(__self__, "ike_remote_id", ike_remote_id)
+        if ike_version is not None:
+            pulumi.set(__self__, "ike_version", ike_version)
+        if psk is not None:
+            pulumi.set(__self__, "psk", psk)
+
+    @property
+    @pulumi.getter(name="ikeAuthAlg")
+    def ike_auth_alg(self) -> Optional[str]:
+        """
+        IKE auth Algorithm.
+        """
+        return pulumi.get(self, "ike_auth_alg")
+
+    @property
+    @pulumi.getter(name="ikeEncAlg")
+    def ike_enc_alg(self) -> Optional[str]:
+        """
+        IKE encript algorithm.
+        """
+        return pulumi.get(self, "ike_enc_alg")
+
+    @property
+    @pulumi.getter(name="ikeLifetime")
+    def ike_lifetime(self) -> Optional[int]:
+        """
+        IKE lifetime.
+        """
+        return pulumi.get(self, "ike_lifetime")
+
+    @property
+    @pulumi.getter(name="ikeLocalId")
+    def ike_local_id(self) -> Optional[str]:
+        """
+        The identification of the VPN gateway.
+        """
+        return pulumi.get(self, "ike_local_id")
+
+    @property
+    @pulumi.getter(name="ikeMode")
+    def ike_mode(self) -> Optional[str]:
+        """
+        IKE Mode.
+        """
+        return pulumi.get(self, "ike_mode")
+
+    @property
+    @pulumi.getter(name="ikePfs")
+    def ike_pfs(self) -> Optional[str]:
+        """
+        DH Group.
+        """
+        return pulumi.get(self, "ike_pfs")
+
+    @property
+    @pulumi.getter(name="ikeRemoteId")
+    def ike_remote_id(self) -> Optional[str]:
+        """
+        The identification of the customer gateway.
+        """
+        return pulumi.get(self, "ike_remote_id")
+
+    @property
+    @pulumi.getter(name="ikeVersion")
+    def ike_version(self) -> Optional[str]:
+        """
+        IKE Version.
+        """
+        return pulumi.get(self, "ike_version")
+
+    @property
+    @pulumi.getter
+    def psk(self) -> Optional[str]:
+        """
+        Preshared secret key.
+        """
+        return pulumi.get(self, "psk")
+
+
+@pulumi.output_type
+class GetConnectionsConnectionIpsecConfigResult(dict):
+    def __init__(__self__, *,
+                 ipsec_auth_alg: Optional[str] = None,
+                 ipsec_enc_alg: Optional[str] = None,
+                 ipsec_lifetime: Optional[int] = None,
+                 ipsec_pfs: Optional[str] = None):
+        """
+        :param str ipsec_auth_alg: IPsec Auth algorithm.
+        :param str ipsec_enc_alg: IPsec Encript algorithm.
+        :param int ipsec_lifetime: IPsec lifetime.
+        :param str ipsec_pfs: DH Group.
+        """
+        if ipsec_auth_alg is not None:
+            pulumi.set(__self__, "ipsec_auth_alg", ipsec_auth_alg)
+        if ipsec_enc_alg is not None:
+            pulumi.set(__self__, "ipsec_enc_alg", ipsec_enc_alg)
+        if ipsec_lifetime is not None:
+            pulumi.set(__self__, "ipsec_lifetime", ipsec_lifetime)
+        if ipsec_pfs is not None:
+            pulumi.set(__self__, "ipsec_pfs", ipsec_pfs)
+
+    @property
+    @pulumi.getter(name="ipsecAuthAlg")
+    def ipsec_auth_alg(self) -> Optional[str]:
+        """
+        IPsec Auth algorithm.
         """
         return pulumi.get(self, "ipsec_auth_alg")
 
@@ -1471,7 +2335,7 @@ class IpsecServerIpsecConfig(dict):
     @pulumi.getter(name="ipsecEncAlg")
     def ipsec_enc_alg(self) -> Optional[str]:
         """
-        The encryption algorithm that is used in Phase 2 negotiations. Default value: `aes`.
+        IPsec Encript algorithm.
         """
         return pulumi.get(self, "ipsec_enc_alg")
 
@@ -1479,7 +2343,7 @@ class IpsecServerIpsecConfig(dict):
     @pulumi.getter(name="ipsecLifetime")
     def ipsec_lifetime(self) -> Optional[int]:
         """
-        The SA lifetime determined by Phase 2 negotiations. Valid values: `0` to `86400`. Default value: `86400`. Unit: `seconds`.
+        IPsec lifetime.
         """
         return pulumi.get(self, "ipsec_lifetime")
 
@@ -1487,73 +2351,48 @@ class IpsecServerIpsecConfig(dict):
     @pulumi.getter(name="ipsecPfs")
     def ipsec_pfs(self) -> Optional[str]:
         """
-        Forwards packets of all protocols. The Diffie-Hellman key exchange algorithm used in Phase 2 negotiations. Default value: `group2`.
+        DH Group.
         """
         return pulumi.get(self, "ipsec_pfs")
 
 
 @pulumi.output_type
-class GetConnectionsConnectionResult(dict):
+class GetConnectionsConnectionTunnelOptionsSpecificationResult(dict):
     def __init__(__self__, *,
-                 create_time: str,
                  customer_gateway_id: str,
-                 effect_immediately: bool,
                  enable_dpd: bool,
                  enable_nat_traversal: bool,
-                 enable_tunnels_bgp: bool,
-                 id: str,
-                 local_subnet: str,
-                 name: str,
-                 remote_subnet: str,
-                 status: str,
-                 tunnel_options_specifications: Sequence['outputs.GetConnectionsConnectionTunnelOptionsSpecificationResult'],
-                 vpn_gateway_id: str,
-                 ike_configs: Optional[Sequence['outputs.GetConnectionsConnectionIkeConfigResult']] = None,
-                 ipsec_configs: Optional[Sequence['outputs.GetConnectionsConnectionIpsecConfigResult']] = None,
-                 vco_health_checks: Optional[Sequence['outputs.GetConnectionsConnectionVcoHealthCheckResult']] = None,
-                 vpn_bgp_configs: Optional[Sequence['outputs.GetConnectionsConnectionVpnBgpConfigResult']] = None):
+                 internet_ip: str,
+                 role: str,
+                 state: str,
+                 status: str,
+                 tunnel_bgp_config: 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelBgpConfigResult',
+                 tunnel_id: str,
+                 tunnel_ike_config: 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelIkeConfigResult',
+                 tunnel_ipsec_config: 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelIpsecConfigResult',
+                 zone_no: str):
         """
         :param str customer_gateway_id: Use the VPN customer gateway ID as the search key.
         :param bool enable_dpd: Wether enable Dpd detection.
         :param bool enable_nat_traversal: enable nat traversal.
-        :param bool enable_tunnels_bgp: Enable tunnel bgp.
-        :param str id: ID of the VPN connection.
-        :param str local_subnet: The local subnet of the VPN connection.
-        :param str name: The name of the VPN connection.
-        :param str remote_subnet: The remote subnet of the VPN connection.
+        :param str role: The role of Tunnel.
         :param str status: The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
-        :param Sequence['GetConnectionsConnectionTunnelOptionsSpecificationArgs'] tunnel_options_specifications: The tunnel_options_specification supports the following:
-        :param str vpn_gateway_id: Use the VPN gateway ID as the search key.
-        :param Sequence['GetConnectionsConnectionIkeConfigArgs'] ike_configs: The ike_config mapping supports the following:
-        :param Sequence['GetConnectionsConnectionIpsecConfigArgs'] ipsec_configs: The ipsec_config mapping supports the following:
-        :param Sequence['GetConnectionsConnectionVpnBgpConfigArgs'] vpn_bgp_configs: The vpn_bgp_config mapping supports the following:
+        :param 'GetConnectionsConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs' tunnel_bgp_config: The bgp config of Tunnel.
+        :param 'GetConnectionsConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs' tunnel_ike_config: The configuration of Phase 1 negotiations in Tunnel.
+        :param 'GetConnectionsConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs' tunnel_ipsec_config: IPsec configuration in Tunnel.
         """
-        pulumi.set(__self__, "create_time", create_time)
         pulumi.set(__self__, "customer_gateway_id", customer_gateway_id)
-        pulumi.set(__self__, "effect_immediately", effect_immediately)
         pulumi.set(__self__, "enable_dpd", enable_dpd)
         pulumi.set(__self__, "enable_nat_traversal", enable_nat_traversal)
-        pulumi.set(__self__, "enable_tunnels_bgp", enable_tunnels_bgp)
-        pulumi.set(__self__, "id", id)
-        pulumi.set(__self__, "local_subnet", local_subnet)
-        pulumi.set(__self__, "name", name)
-        pulumi.set(__self__, "remote_subnet", remote_subnet)
+        pulumi.set(__self__, "internet_ip", internet_ip)
+        pulumi.set(__self__, "role", role)
+        pulumi.set(__self__, "state", state)
         pulumi.set(__self__, "status", status)
-        pulumi.set(__self__, "tunnel_options_specifications", tunnel_options_specifications)
-        pulumi.set(__self__, "vpn_gateway_id", vpn_gateway_id)
-        if ike_configs is not None:
-            pulumi.set(__self__, "ike_configs", ike_configs)
-        if ipsec_configs is not None:
-            pulumi.set(__self__, "ipsec_configs", ipsec_configs)
-        if vco_health_checks is not None:
-            pulumi.set(__self__, "vco_health_checks", vco_health_checks)
-        if vpn_bgp_configs is not None:
-            pulumi.set(__self__, "vpn_bgp_configs", vpn_bgp_configs)
-
-    @property
-    @pulumi.getter(name="createTime")
-    def create_time(self) -> str:
-        return pulumi.get(self, "create_time")
+        pulumi.set(__self__, "tunnel_bgp_config", tunnel_bgp_config)
+        pulumi.set(__self__, "tunnel_id", tunnel_id)
+        pulumi.set(__self__, "tunnel_ike_config", tunnel_ike_config)
+        pulumi.set(__self__, "tunnel_ipsec_config", tunnel_ipsec_config)
+        pulumi.set(__self__, "zone_no", zone_no)
 
     @property
     @pulumi.getter(name="customerGatewayId")
@@ -1563,11 +2402,6 @@ class GetConnectionsConnectionResult(dict):
         """
         return pulumi.get(self, "customer_gateway_id")
 
-    @property
-    @pulumi.getter(name="effectImmediately")
-    def effect_immediately(self) -> bool:
-        return pulumi.get(self, "effect_immediately")
-
     @property
     @pulumi.getter(name="enableDpd")
     def enable_dpd(self) -> bool:
@@ -1585,144 +2419,171 @@ class GetConnectionsConnectionResult(dict):
         return pulumi.get(self, "enable_nat_traversal")
 
     @property
-    @pulumi.getter(name="enableTunnelsBgp")
-    def enable_tunnels_bgp(self) -> bool:
-        """
-        Enable tunnel bgp.
-        """
-        return pulumi.get(self, "enable_tunnels_bgp")
+    @pulumi.getter(name="internetIp")
+    def internet_ip(self) -> str:
+        return pulumi.get(self, "internet_ip")
 
     @property
     @pulumi.getter
-    def id(self) -> str:
+    def role(self) -> str:
         """
-        ID of the VPN connection.
+        The role of Tunnel.
         """
-        return pulumi.get(self, "id")
+        return pulumi.get(self, "role")
 
     @property
-    @pulumi.getter(name="localSubnet")
-    def local_subnet(self) -> str:
+    @pulumi.getter
+    def state(self) -> str:
+        return pulumi.get(self, "state")
+
+    @property
+    @pulumi.getter
+    def status(self) -> str:
         """
-        The local subnet of the VPN connection.
+        The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
         """
-        return pulumi.get(self, "local_subnet")
+        return pulumi.get(self, "status")
 
     @property
-    @pulumi.getter
-    def name(self) -> str:
+    @pulumi.getter(name="tunnelBgpConfig")
+    def tunnel_bgp_config(self) -> 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelBgpConfigResult':
         """
-        The name of the VPN connection.
+        The bgp config of Tunnel.
         """
-        return pulumi.get(self, "name")
+        return pulumi.get(self, "tunnel_bgp_config")
 
     @property
-    @pulumi.getter(name="remoteSubnet")
-    def remote_subnet(self) -> str:
+    @pulumi.getter(name="tunnelId")
+    def tunnel_id(self) -> str:
+        return pulumi.get(self, "tunnel_id")
+
+    @property
+    @pulumi.getter(name="tunnelIkeConfig")
+    def tunnel_ike_config(self) -> 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelIkeConfigResult':
         """
-        The remote subnet of the VPN connection.
+        The configuration of Phase 1 negotiations in Tunnel.
         """
-        return pulumi.get(self, "remote_subnet")
+        return pulumi.get(self, "tunnel_ike_config")
 
     @property
-    @pulumi.getter
-    def status(self) -> str:
+    @pulumi.getter(name="tunnelIpsecConfig")
+    def tunnel_ipsec_config(self) -> 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelIpsecConfigResult':
         """
-        The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        IPsec configuration in Tunnel.
         """
-        return pulumi.get(self, "status")
+        return pulumi.get(self, "tunnel_ipsec_config")
 
     @property
-    @pulumi.getter(name="tunnelOptionsSpecifications")
-    def tunnel_options_specifications(self) -> Sequence['outputs.GetConnectionsConnectionTunnelOptionsSpecificationResult']:
+    @pulumi.getter(name="zoneNo")
+    def zone_no(self) -> str:
+        return pulumi.get(self, "zone_no")
+
+
+@pulumi.output_type
+class GetConnectionsConnectionTunnelOptionsSpecificationTunnelBgpConfigResult(dict):
+    def __init__(__self__, *,
+                 bgp_status: str,
+                 local_asn: str,
+                 local_bgp_ip: str,
+                 peer_asn: str,
+                 peer_bgp_ip: str,
+                 tunnel_cidr: str):
         """
-        The tunnel_options_specification supports the following:
+        :param str local_asn: Local asn.
+        :param str local_bgp_ip: Local bgp IP.
+        :param str peer_asn: The counterpart autonomous system number.
+        :param str peer_bgp_ip: The BGP address on the other side.
+        :param str tunnel_cidr: BGP Tunnel CIDR.
         """
-        return pulumi.get(self, "tunnel_options_specifications")
+        pulumi.set(__self__, "bgp_status", bgp_status)
+        pulumi.set(__self__, "local_asn", local_asn)
+        pulumi.set(__self__, "local_bgp_ip", local_bgp_ip)
+        pulumi.set(__self__, "peer_asn", peer_asn)
+        pulumi.set(__self__, "peer_bgp_ip", peer_bgp_ip)
+        pulumi.set(__self__, "tunnel_cidr", tunnel_cidr)
 
     @property
-    @pulumi.getter(name="vpnGatewayId")
-    def vpn_gateway_id(self) -> str:
+    @pulumi.getter(name="bgpStatus")
+    def bgp_status(self) -> str:
+        return pulumi.get(self, "bgp_status")
+
+    @property
+    @pulumi.getter(name="localAsn")
+    def local_asn(self) -> str:
         """
-        Use the VPN gateway ID as the search key.
+        Local asn.
         """
-        return pulumi.get(self, "vpn_gateway_id")
+        return pulumi.get(self, "local_asn")
 
     @property
-    @pulumi.getter(name="ikeConfigs")
-    def ike_configs(self) -> Optional[Sequence['outputs.GetConnectionsConnectionIkeConfigResult']]:
+    @pulumi.getter(name="localBgpIp")
+    def local_bgp_ip(self) -> str:
         """
-        The ike_config mapping supports the following:
+        Local bgp IP.
         """
-        return pulumi.get(self, "ike_configs")
+        return pulumi.get(self, "local_bgp_ip")
 
     @property
-    @pulumi.getter(name="ipsecConfigs")
-    def ipsec_configs(self) -> Optional[Sequence['outputs.GetConnectionsConnectionIpsecConfigResult']]:
+    @pulumi.getter(name="peerAsn")
+    def peer_asn(self) -> str:
         """
-        The ipsec_config mapping supports the following:
+        The counterpart autonomous system number.
         """
-        return pulumi.get(self, "ipsec_configs")
+        return pulumi.get(self, "peer_asn")
 
     @property
-    @pulumi.getter(name="vcoHealthChecks")
-    def vco_health_checks(self) -> Optional[Sequence['outputs.GetConnectionsConnectionVcoHealthCheckResult']]:
-        return pulumi.get(self, "vco_health_checks")
+    @pulumi.getter(name="peerBgpIp")
+    def peer_bgp_ip(self) -> str:
+        """
+        The BGP address on the other side.
+        """
+        return pulumi.get(self, "peer_bgp_ip")
 
     @property
-    @pulumi.getter(name="vpnBgpConfigs")
-    def vpn_bgp_configs(self) -> Optional[Sequence['outputs.GetConnectionsConnectionVpnBgpConfigResult']]:
+    @pulumi.getter(name="tunnelCidr")
+    def tunnel_cidr(self) -> str:
         """
-        The vpn_bgp_config mapping supports the following:
+        BGP Tunnel CIDR.
         """
-        return pulumi.get(self, "vpn_bgp_configs")
+        return pulumi.get(self, "tunnel_cidr")
 
 
 @pulumi.output_type
-class GetConnectionsConnectionIkeConfigResult(dict):
+class GetConnectionsConnectionTunnelOptionsSpecificationTunnelIkeConfigResult(dict):
     def __init__(__self__, *,
-                 ike_auth_alg: Optional[str] = None,
-                 ike_enc_alg: Optional[str] = None,
-                 ike_lifetime: Optional[int] = None,
-                 ike_local_id: Optional[str] = None,
-                 ike_mode: Optional[str] = None,
-                 ike_pfs: Optional[str] = None,
-                 ike_remote_id: Optional[str] = None,
-                 ike_version: Optional[str] = None,
-                 psk: Optional[str] = None):
+                 ike_auth_alg: str,
+                 ike_enc_alg: str,
+                 ike_lifetime: int,
+                 ike_mode: str,
+                 ike_pfs: str,
+                 ike_version: str,
+                 local_id: str,
+                 psk: str,
+                 remote_id: str):
         """
         :param str ike_auth_alg: IKE auth Algorithm.
         :param str ike_enc_alg: IKE encript algorithm.
         :param int ike_lifetime: IKE lifetime.
-        :param str ike_local_id: The identification of the VPN gateway.
         :param str ike_mode: IKE Mode.
         :param str ike_pfs: DH Group.
-        :param str ike_remote_id: The identification of the customer gateway.
         :param str ike_version: IKE Version.
+        :param str local_id: The local Id.
         :param str psk: Preshared secret key.
+        :param str remote_id: Remote ID.
         """
-        if ike_auth_alg is not None:
-            pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
-        if ike_enc_alg is not None:
-            pulumi.set(__self__, "ike_enc_alg", ike_enc_alg)
-        if ike_lifetime is not None:
-            pulumi.set(__self__, "ike_lifetime", ike_lifetime)
-        if ike_local_id is not None:
-            pulumi.set(__self__, "ike_local_id", ike_local_id)
-        if ike_mode is not None:
-            pulumi.set(__self__, "ike_mode", ike_mode)
-        if ike_pfs is not None:
-            pulumi.set(__self__, "ike_pfs", ike_pfs)
-        if ike_remote_id is not None:
-            pulumi.set(__self__, "ike_remote_id", ike_remote_id)
-        if ike_version is not None:
-            pulumi.set(__self__, "ike_version", ike_version)
-        if psk is not None:
-            pulumi.set(__self__, "psk", psk)
+        pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
+        pulumi.set(__self__, "ike_enc_alg", ike_enc_alg)
+        pulumi.set(__self__, "ike_lifetime", ike_lifetime)
+        pulumi.set(__self__, "ike_mode", ike_mode)
+        pulumi.set(__self__, "ike_pfs", ike_pfs)
+        pulumi.set(__self__, "ike_version", ike_version)
+        pulumi.set(__self__, "local_id", local_id)
+        pulumi.set(__self__, "psk", psk)
+        pulumi.set(__self__, "remote_id", remote_id)
 
     @property
     @pulumi.getter(name="ikeAuthAlg")
-    def ike_auth_alg(self) -> Optional[str]:
+    def ike_auth_alg(self) -> str:
         """
         IKE auth Algorithm.
         """
@@ -1730,7 +2591,7 @@ class GetConnectionsConnectionIkeConfigResult(dict):
 
     @property
     @pulumi.getter(name="ikeEncAlg")
-    def ike_enc_alg(self) -> Optional[str]:
+    def ike_enc_alg(self) -> str:
         """
         IKE encript algorithm.
         """
@@ -1738,23 +2599,15 @@ class GetConnectionsConnectionIkeConfigResult(dict):
 
     @property
     @pulumi.getter(name="ikeLifetime")
-    def ike_lifetime(self) -> Optional[int]:
+    def ike_lifetime(self) -> int:
         """
         IKE lifetime.
         """
         return pulumi.get(self, "ike_lifetime")
 
-    @property
-    @pulumi.getter(name="ikeLocalId")
-    def ike_local_id(self) -> Optional[str]:
-        """
-        The identification of the VPN gateway.
-        """
-        return pulumi.get(self, "ike_local_id")
-
     @property
     @pulumi.getter(name="ikeMode")
-    def ike_mode(self) -> Optional[str]:
+    def ike_mode(self) -> str:
         """
         IKE Mode.
         """
@@ -1762,62 +2615,66 @@ class GetConnectionsConnectionIkeConfigResult(dict):
 
     @property
     @pulumi.getter(name="ikePfs")
-    def ike_pfs(self) -> Optional[str]:
+    def ike_pfs(self) -> str:
         """
         DH Group.
         """
         return pulumi.get(self, "ike_pfs")
 
     @property
-    @pulumi.getter(name="ikeRemoteId")
-    def ike_remote_id(self) -> Optional[str]:
+    @pulumi.getter(name="ikeVersion")
+    def ike_version(self) -> str:
         """
-        The identification of the customer gateway.
+        IKE Version.
         """
-        return pulumi.get(self, "ike_remote_id")
+        return pulumi.get(self, "ike_version")
 
     @property
-    @pulumi.getter(name="ikeVersion")
-    def ike_version(self) -> Optional[str]:
+    @pulumi.getter(name="localId")
+    def local_id(self) -> str:
         """
-        IKE Version.
+        The local Id.
         """
-        return pulumi.get(self, "ike_version")
+        return pulumi.get(self, "local_id")
 
     @property
     @pulumi.getter
-    def psk(self) -> Optional[str]:
+    def psk(self) -> str:
         """
         Preshared secret key.
         """
         return pulumi.get(self, "psk")
 
+    @property
+    @pulumi.getter(name="remoteId")
+    def remote_id(self) -> str:
+        """
+        Remote ID.
+        """
+        return pulumi.get(self, "remote_id")
+
 
 @pulumi.output_type
-class GetConnectionsConnectionIpsecConfigResult(dict):
+class GetConnectionsConnectionTunnelOptionsSpecificationTunnelIpsecConfigResult(dict):
     def __init__(__self__, *,
-                 ipsec_auth_alg: Optional[str] = None,
-                 ipsec_enc_alg: Optional[str] = None,
-                 ipsec_lifetime: Optional[int] = None,
-                 ipsec_pfs: Optional[str] = None):
+                 ipsec_auth_alg: str,
+                 ipsec_enc_alg: str,
+                 ipsec_lifetime: int,
+                 ipsec_pfs: str):
         """
         :param str ipsec_auth_alg: IPsec Auth algorithm.
         :param str ipsec_enc_alg: IPsec Encript algorithm.
         :param int ipsec_lifetime: IPsec lifetime.
         :param str ipsec_pfs: DH Group.
         """
-        if ipsec_auth_alg is not None:
-            pulumi.set(__self__, "ipsec_auth_alg", ipsec_auth_alg)
-        if ipsec_enc_alg is not None:
-            pulumi.set(__self__, "ipsec_enc_alg", ipsec_enc_alg)
-        if ipsec_lifetime is not None:
-            pulumi.set(__self__, "ipsec_lifetime", ipsec_lifetime)
-        if ipsec_pfs is not None:
-            pulumi.set(__self__, "ipsec_pfs", ipsec_pfs)
+        pulumi.set(__self__, "ipsec_auth_alg", ipsec_auth_alg)
+        pulumi.set(__self__, "ipsec_enc_alg", ipsec_enc_alg)
+        pulumi.set(__self__, "ipsec_lifetime", ipsec_lifetime)
+        pulumi.set(__self__, "ipsec_pfs", ipsec_pfs)
 
     @property
     @pulumi.getter(name="ipsecAuthAlg")
-    def ipsec_auth_alg(self) -> Optional[str]:
+    def ipsec_auth_alg(self) -> str:
         """
         IPsec Auth algorithm.
         """
@@ -1825,7 +2682,7 @@ class GetConnectionsConnectionIpsecConfigResult(dict):
 
     @property
     @pulumi.getter(name="ipsecEncAlg")
-    def ipsec_enc_alg(self) -> Optional[str]:
+    def ipsec_enc_alg(self) -> str:
         """
         IPsec Encript algorithm.
         """
@@ -1833,7 +2690,7 @@ class GetConnectionsConnectionIpsecConfigResult(dict):
 
     @property
     @pulumi.getter(name="ipsecLifetime")
-    def ipsec_lifetime(self) -> Optional[int]:
+    def ipsec_lifetime(self) -> int:
         """
         IPsec lifetime.
         """
@@ -1841,7 +2698,7 @@ class GetConnectionsConnectionIpsecConfigResult(dict):
 
     @property
     @pulumi.getter(name="ipsecPfs")
-    def ipsec_pfs(self) -> Optional[str]:
+    def ipsec_pfs(self) -> str:
         """
         DH Group.
         """
@@ -1849,860 +2706,998 @@ class GetConnectionsConnectionIpsecConfigResult(dict):
 
 
 @pulumi.output_type
-class GetConnectionsConnectionTunnelOptionsSpecificationResult(dict):
+class GetConnectionsConnectionVcoHealthCheckResult(dict):
     def __init__(__self__, *,
-                 customer_gateway_id: str,
-                 enable_dpd: bool,
-                 enable_nat_traversal: bool,
-                 internet_ip: str,
-                 role: str,
-                 state: str,
-                 status: str,
-                 tunnel_bgp_config: 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelBgpConfigResult',
-                 tunnel_id: str,
-                 tunnel_ike_config: 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelIkeConfigResult',
-                 tunnel_ipsec_config: 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelIpsecConfigResult',
-                 zone_no: str):
+                 dip: Optional[str] = None,
+                 enable: Optional[str] = None,
+                 interval: Optional[int] = None,
+                 retry: Optional[int] = None,
+                 sip: Optional[str] = None,
+                 status: Optional[str] = None):
         """
-        :param str customer_gateway_id: Use the VPN customer gateway ID as the search key.
-        :param bool enable_dpd: Wether enable Dpd detection.
-        :param bool enable_nat_traversal: enable nat traversal.
-        :param str role: The role of Tunnel.
+        :param str dip: The destination ip address.
+        :param str enable: The health check on status. Valid values: `true`, `false`.
+        :param int interval: The time interval between health checks.
+        :param int retry: The number of retries for health checks issued.
+        :param str sip: The source ip address.
         :param str status: The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
-        :param 'GetConnectionsConnectionTunnelOptionsSpecificationTunnelBgpConfigArgs' tunnel_bgp_config: The bgp config of Tunnel.
-        :param 'GetConnectionsConnectionTunnelOptionsSpecificationTunnelIkeConfigArgs' tunnel_ike_config: The configuration of Phase 1 negotiations in Tunnel.
-        :param 'GetConnectionsConnectionTunnelOptionsSpecificationTunnelIpsecConfigArgs' tunnel_ipsec_config: IPsec configuration in Tunnel.
         """
-        pulumi.set(__self__, "customer_gateway_id", customer_gateway_id)
-        pulumi.set(__self__, "enable_dpd", enable_dpd)
-        pulumi.set(__self__, "enable_nat_traversal", enable_nat_traversal)
-        pulumi.set(__self__, "internet_ip", internet_ip)
-        pulumi.set(__self__, "role", role)
-        pulumi.set(__self__, "state", state)
-        pulumi.set(__self__, "status", status)
-        pulumi.set(__self__, "tunnel_bgp_config", tunnel_bgp_config)
-        pulumi.set(__self__, "tunnel_id", tunnel_id)
-        pulumi.set(__self__, "tunnel_ike_config", tunnel_ike_config)
-        pulumi.set(__self__, "tunnel_ipsec_config", tunnel_ipsec_config)
-        pulumi.set(__self__, "zone_no", zone_no)
+        if dip is not None:
+            pulumi.set(__self__, "dip", dip)
+        if enable is not None:
+            pulumi.set(__self__, "enable", enable)
+        if interval is not None:
+            pulumi.set(__self__, "interval", interval)
+        if retry is not None:
+            pulumi.set(__self__, "retry", retry)
+        if sip is not None:
+            pulumi.set(__self__, "sip", sip)
+        if status is not None:
+            pulumi.set(__self__, "status", status)
 
     @property
-    @pulumi.getter(name="customerGatewayId")
-    def customer_gateway_id(self) -> str:
+    @pulumi.getter
+    def dip(self) -> Optional[str]:
+        """
+        The destination ip address.
+        """
+        return pulumi.get(self, "dip")
+
+    @property
+    @pulumi.getter
+    def enable(self) -> Optional[str]:
+        """
+        The health check on status. Valid values: `true`, `false`.
+        """
+        return pulumi.get(self, "enable")
+
+    @property
+    @pulumi.getter
+    def interval(self) -> Optional[int]:
+        """
+        The time interval between health checks.
+        """
+        return pulumi.get(self, "interval")
+
+    @property
+    @pulumi.getter
+    def retry(self) -> Optional[int]:
+        """
+        The number of retries for health checks issued.
+        """
+        return pulumi.get(self, "retry")
+
+    @property
+    @pulumi.getter
+    def sip(self) -> Optional[str]:
+        """
+        The source ip address.
+        """
+        return pulumi.get(self, "sip")
+
+    @property
+    @pulumi.getter
+    def status(self) -> Optional[str]:
+        """
+        The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        """
+        return pulumi.get(self, "status")
+
+
+@pulumi.output_type
+class GetConnectionsConnectionVpnBgpConfigResult(dict):
+    def __init__(__self__, *,
+                 auth_key: Optional[str] = None,
+                 local_asn: Optional[int] = None,
+                 local_bgp_ip: Optional[str] = None,
+                 peer_asn: Optional[int] = None,
+                 peer_bgp_ip: Optional[str] = None,
+                 status: Optional[str] = None,
+                 tunnel_cidr: Optional[str] = None):
+        """
+        :param str auth_key: The authentication keys for BGP routing protocols.
+        :param int local_asn: Local asn.
+        :param str local_bgp_ip: Local bgp IP.
+        :param int peer_asn: The counterpart autonomous system number.
+        :param str peer_bgp_ip: The BGP address on the other side.
+        :param str status: The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        :param str tunnel_cidr: BGP Tunnel CIDR.
+        """
+        if auth_key is not None:
+            pulumi.set(__self__, "auth_key", auth_key)
+        if local_asn is not None:
+            pulumi.set(__self__, "local_asn", local_asn)
+        if local_bgp_ip is not None:
+            pulumi.set(__self__, "local_bgp_ip", local_bgp_ip)
+        if peer_asn is not None:
+            pulumi.set(__self__, "peer_asn", peer_asn)
+        if peer_bgp_ip is not None:
+            pulumi.set(__self__, "peer_bgp_ip", peer_bgp_ip)
+        if status is not None:
+            pulumi.set(__self__, "status", status)
+        if tunnel_cidr is not None:
+            pulumi.set(__self__, "tunnel_cidr", tunnel_cidr)
+
+    @property
+    @pulumi.getter(name="authKey")
+    def auth_key(self) -> Optional[str]:
+        """
+        The authentication keys for BGP routing protocols.
+        """
+        return pulumi.get(self, "auth_key")
+
+    @property
+    @pulumi.getter(name="localAsn")
+    def local_asn(self) -> Optional[int]:
+        """
+        Local asn.
+        """
+        return pulumi.get(self, "local_asn")
+
+    @property
+    @pulumi.getter(name="localBgpIp")
+    def local_bgp_ip(self) -> Optional[str]:
+        """
+        Local bgp IP.
+        """
+        return pulumi.get(self, "local_bgp_ip")
+
+    @property
+    @pulumi.getter(name="peerAsn")
+    def peer_asn(self) -> Optional[int]:
+        """
+        The counterpart autonomous system number.
+        """
+        return pulumi.get(self, "peer_asn")
+
+    @property
+    @pulumi.getter(name="peerBgpIp")
+    def peer_bgp_ip(self) -> Optional[str]:
+        """
+        The BGP address on the other side.
+        """
+        return pulumi.get(self, "peer_bgp_ip")
+
+    @property
+    @pulumi.getter
+    def status(self) -> Optional[str]:
+        """
+        The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        """
+        return pulumi.get(self, "status")
+
+    @property
+    @pulumi.getter(name="tunnelCidr")
+    def tunnel_cidr(self) -> Optional[str]:
+        """
+        BGP Tunnel CIDR.
+        """
+        return pulumi.get(self, "tunnel_cidr")
+
+
+@pulumi.output_type
+class GetCustomerGatewaysGatewayResult(dict):
+    def __init__(__self__, *,
+                 asn: int,
+                 create_time: str,
+                 description: str,
+                 id: str,
+                 ip_address: str,
+                 name: str):
         """
-        Use the VPN customer gateway ID as the search key.
+        :param int asn: The autonomous system number of the local data center gateway device of the VPN customer gateway.
+        :param str create_time: The creation time of the VPN customer gateway.
+        :param str description: The description of the VPN customer gateway.
+        :param str id: ID of the VPN customer gateway .
+        :param str ip_address: The ip address of the VPN customer gateway.
+        :param str name: The name of the VPN customer gateway.
         """
-        return pulumi.get(self, "customer_gateway_id")
+        pulumi.set(__self__, "asn", asn)
+        pulumi.set(__self__, "create_time", create_time)
+        pulumi.set(__self__, "description", description)
+        pulumi.set(__self__, "id", id)
+        pulumi.set(__self__, "ip_address", ip_address)
+        pulumi.set(__self__, "name", name)
 
     @property
-    @pulumi.getter(name="enableDpd")
-    def enable_dpd(self) -> bool:
+    @pulumi.getter
+    def asn(self) -> int:
         """
-        Wether enable Dpd detection.
+        The autonomous system number of the local data center gateway device of the VPN customer gateway.
         """
-        return pulumi.get(self, "enable_dpd")
+        return pulumi.get(self, "asn")
 
     @property
-    @pulumi.getter(name="enableNatTraversal")
-    def enable_nat_traversal(self) -> bool:
+    @pulumi.getter(name="createTime")
+    def create_time(self) -> str:
         """
-        enable nat traversal.
+        The creation time of the VPN customer gateway.
         """
-        return pulumi.get(self, "enable_nat_traversal")
-
-    @property
-    @pulumi.getter(name="internetIp")
-    def internet_ip(self) -> str:
-        return pulumi.get(self, "internet_ip")
+        return pulumi.get(self, "create_time")
 
     @property
     @pulumi.getter
-    def role(self) -> str:
+    def description(self) -> str:
         """
-        The role of Tunnel.
+        The description of the VPN customer gateway.
         """
-        return pulumi.get(self, "role")
+        return pulumi.get(self, "description")
 
     @property
     @pulumi.getter
-    def state(self) -> str:
-        return pulumi.get(self, "state")
+    def id(self) -> str:
+        """
+        ID of the VPN customer gateway .
+        """
+        return pulumi.get(self, "id")
 
     @property
-    @pulumi.getter
-    def status(self) -> str:
+    @pulumi.getter(name="ipAddress")
+    def ip_address(self) -> str:
         """
-        The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        The ip address of the VPN customer gateway.
         """
-        return pulumi.get(self, "status")
+        return pulumi.get(self, "ip_address")
 
     @property
-    @pulumi.getter(name="tunnelBgpConfig")
-    def tunnel_bgp_config(self) -> 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelBgpConfigResult':
+    @pulumi.getter
+    def name(self) -> str:
         """
-        The bgp config of Tunnel.
+        The name of the VPN customer gateway.
         """
-        return pulumi.get(self, "tunnel_bgp_config")
+        return pulumi.get(self, "name")
 
-    @property
-    @pulumi.getter(name="tunnelId")
-    def tunnel_id(self) -> str:
-        return pulumi.get(self, "tunnel_id")
 
-    @property
-    @pulumi.getter(name="tunnelIkeConfig")
-    def tunnel_ike_config(self) -> 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelIkeConfigResult':
+@pulumi.output_type
+class GetGatewayVcoRoutesRouteResult(dict):
+    def __init__(__self__, *,
+                 as_path: str,
+                 create_time: str,
+                 id: str,
+                 next_hop: str,
+                 route_dest: str,
+                 source: str,
+                 status: str,
+                 vpn_connection_id: str,
+                 weight: int):
         """
-        The configuration of Phase 1 negotiations in Tunnel.
+        :param str as_path: List of autonomous system numbers through which BGP routing entries pass.
+        :param str create_time: The creation time of the VPN destination route.
+        :param str id: The ID of the Vpn Gateway Vco Routes.
+        :param str next_hop: The next hop of the destination route.
+        :param str route_dest: The destination network segment of the destination route.
+        :param str source: The source CIDR block of the destination route.
+        :param str status: The status of the vpn route entry. Valid values: `normal`, `published`.
+        :param str vpn_connection_id: The id of the vpn connection.
+        :param int weight: The weight value of the destination route.
         """
-        return pulumi.get(self, "tunnel_ike_config")
+        pulumi.set(__self__, "as_path", as_path)
+        pulumi.set(__self__, "create_time", create_time)
+        pulumi.set(__self__, "id", id)
+        pulumi.set(__self__, "next_hop", next_hop)
+        pulumi.set(__self__, "route_dest", route_dest)
+        pulumi.set(__self__, "source", source)
+        pulumi.set(__self__, "status", status)
+        pulumi.set(__self__, "vpn_connection_id", vpn_connection_id)
+        pulumi.set(__self__, "weight", weight)
 
     @property
-    @pulumi.getter(name="tunnelIpsecConfig")
-    def tunnel_ipsec_config(self) -> 'outputs.GetConnectionsConnectionTunnelOptionsSpecificationTunnelIpsecConfigResult':
+    @pulumi.getter(name="asPath")
+    def as_path(self) -> str:
         """
-        IPsec configuration in Tunnel.
+        List of autonomous system numbers through which BGP routing entries pass.
         """
-        return pulumi.get(self, "tunnel_ipsec_config")
+        return pulumi.get(self, "as_path")
 
     @property
-    @pulumi.getter(name="zoneNo")
-    def zone_no(self) -> str:
-        return pulumi.get(self, "zone_no")
-
+    @pulumi.getter(name="createTime")
+    def create_time(self) -> str:
+        """
+        The creation time of the VPN destination route.
+        """
+        return pulumi.get(self, "create_time")
 
-@pulumi.output_type
-class GetConnectionsConnectionTunnelOptionsSpecificationTunnelBgpConfigResult(dict):
-    def __init__(__self__, *,
-                 bgp_status: str,
-                 local_asn: str,
-                 local_bgp_ip: str,
-                 peer_asn: str,
-                 peer_bgp_ip: str,
-                 tunnel_cidr: str):
+    @property
+    @pulumi.getter
+    def id(self) -> str:
         """
-        :param str local_asn: Local asn.
-        :param str local_bgp_ip: Local bgp IP.
-        :param str peer_asn: The counterpart autonomous system number.
-        :param str peer_bgp_ip: The BGP address on the other side.
-        :param str tunnel_cidr: BGP Tunnel CIDR.
+        The ID of the Vpn Gateway Vco Routes.
         """
-        pulumi.set(__self__, "bgp_status", bgp_status)
-        pulumi.set(__self__, "local_asn", local_asn)
-        pulumi.set(__self__, "local_bgp_ip", local_bgp_ip)
-        pulumi.set(__self__, "peer_asn", peer_asn)
-        pulumi.set(__self__, "peer_bgp_ip", peer_bgp_ip)
-        pulumi.set(__self__, "tunnel_cidr", tunnel_cidr)
+        return pulumi.get(self, "id")
 
     @property
-    @pulumi.getter(name="bgpStatus")
-    def bgp_status(self) -> str:
-        return pulumi.get(self, "bgp_status")
+    @pulumi.getter(name="nextHop")
+    def next_hop(self) -> str:
+        """
+        The next hop of the destination route.
+        """
+        return pulumi.get(self, "next_hop")
 
     @property
-    @pulumi.getter(name="localAsn")
-    def local_asn(self) -> str:
+    @pulumi.getter(name="routeDest")
+    def route_dest(self) -> str:
         """
-        Local asn.
+        The destination network segment of the destination route.
         """
-        return pulumi.get(self, "local_asn")
+        return pulumi.get(self, "route_dest")
 
     @property
-    @pulumi.getter(name="localBgpIp")
-    def local_bgp_ip(self) -> str:
+    @pulumi.getter
+    def source(self) -> str:
         """
-        Local bgp IP.
+        The source CIDR block of the destination route.
         """
-        return pulumi.get(self, "local_bgp_ip")
+        return pulumi.get(self, "source")
 
     @property
-    @pulumi.getter(name="peerAsn")
-    def peer_asn(self) -> str:
+    @pulumi.getter
+    def status(self) -> str:
         """
-        The counterpart autonomous system number.
+        The status of the vpn route entry. Valid values: `normal`, `published`.
         """
-        return pulumi.get(self, "peer_asn")
+        return pulumi.get(self, "status")
 
     @property
-    @pulumi.getter(name="peerBgpIp")
-    def peer_bgp_ip(self) -> str:
+    @pulumi.getter(name="vpnConnectionId")
+    def vpn_connection_id(self) -> str:
         """
-        The BGP address on the other side.
+        The id of the vpn connection.
         """
-        return pulumi.get(self, "peer_bgp_ip")
+        return pulumi.get(self, "vpn_connection_id")
 
     @property
-    @pulumi.getter(name="tunnelCidr")
-    def tunnel_cidr(self) -> str:
+    @pulumi.getter
+    def weight(self) -> int:
         """
-        BGP Tunnel CIDR.
+        The weight value of the destination route.
         """
-        return pulumi.get(self, "tunnel_cidr")
+        return pulumi.get(self, "weight")
 
 
 @pulumi.output_type
-class GetConnectionsConnectionTunnelOptionsSpecificationTunnelIkeConfigResult(dict):
+class GetGatewayVpnAttachmentsAttachmentResult(dict):
     def __init__(__self__, *,
-                 ike_auth_alg: str,
-                 ike_enc_alg: str,
-                 ike_lifetime: int,
-                 ike_mode: str,
-                 ike_pfs: str,
-                 ike_version: str,
-                 local_id: str,
-                 psk: str,
-                 remote_id: str):
+                 attach_type: str,
+                 bgp_configs: Sequence['outputs.GetGatewayVpnAttachmentsAttachmentBgpConfigResult'],
+                 connection_status: str,
+                 create_time: str,
+                 customer_gateway_id: str,
+                 effect_immediately: bool,
+                 enable_dpd: bool,
+                 enable_nat_traversal: bool,
+                 enable_tunnels_bgp: bool,
+                 health_check_configs: Sequence['outputs.GetGatewayVpnAttachmentsAttachmentHealthCheckConfigResult'],
+                 id: str,
+                 ike_configs: Sequence['outputs.GetGatewayVpnAttachmentsAttachmentIkeConfigResult'],
+                 internet_ip: str,
+                 ipsec_configs: Sequence['outputs.GetGatewayVpnAttachmentsAttachmentIpsecConfigResult'],
+                 local_subnet: str,
+                 network_type: str,
+                 remote_subnet: str,
+                 resource_group_id: str,
+                 status: str,
+                 tags: Mapping[str, str],
+                 tunnel_options_specifications: Sequence['outputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationResult'],
+                 vpn_attachment_name: str,
+                 vpn_connection_id: str):
+        """
+        :param str attach_type: attach type- **CEN**: indicates that the IPsec-VPN connection is associated with a transit router of a Cloud Enterprise Network (CEN) instance.- **NO_ASSOCIATED**: indicates that the IPsec-VPN connection is not associated with any resource.
+        :param Sequence['GetGatewayVpnAttachmentsAttachmentBgpConfigArgs'] bgp_configs: Bgp configuration information.- This parameter is supported when you create an vpn attachment in single-tunnel mode.
+        :param str connection_status: IPsec connection status- **ike_sa_not_established**: Phase 1 negotiations failed.- **ike_sa_established**: Phase 1 negotiations succeeded.- **ipsec_sa_not_established**: Phase 2 negotiations failed.- **ipsec_sa_established**: Phase 2 negotiations succeeded.
+        :param str create_time: The creation time of the resource
+        :param str customer_gateway_id: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
+        :param bool effect_immediately: Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:- **true**: immediately starts IPsec negotiations after the configuration is complete.- **false** (default): starts IPsec negotiations when inbound traffic is received.
+        :param bool enable_dpd: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-**true** (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-**false**: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
+        :param bool enable_nat_traversal: Whether the NAT crossing function is enabled for the tunnel. Value:-**true** (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-**false**: does not enable the NAT Traversal function.
+        :param bool enable_tunnels_bgp: You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value: **true** or **false** (default).> before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
+        :param Sequence['GetGatewayVpnAttachmentsAttachmentHealthCheckConfigArgs'] health_check_configs: This parameter is supported if you create an vpn attachment in single-tunnel mode.Health check configuration information.
+        :param str id: The ID of the resource supplied above.
+        :param Sequence['GetGatewayVpnAttachmentsAttachmentIkeConfigArgs'] ike_configs: The configurations of Phase 1 negotiations. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
+        :param str internet_ip: The local internet IP in Tunnel.
+        :param Sequence['GetGatewayVpnAttachmentsAttachmentIpsecConfigArgs'] ipsec_configs: Configuration negotiated in the second stage. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
+        :param str local_subnet: The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
+        :param str network_type: network type- **public** (default)- **private**
+        :param str remote_subnet: The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
+        :param str resource_group_id: The ID of the resource group
+        :param str status: The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
+        :param Mapping[str, str] tags: Tags
+        :param Sequence['GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationArgs'] tunnel_options_specifications: Configure the tunnel.-You can configure parameters in the **tunnel_options_specification** array when you create a vpn attachment in dual-tunnel mode.-When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment.
+        :param str vpn_attachment_name: vpn attachment name
+        :param str vpn_connection_id: The first ID of the resource
+        """
+        pulumi.set(__self__, "attach_type", attach_type)
+        pulumi.set(__self__, "bgp_configs", bgp_configs)
+        pulumi.set(__self__, "connection_status", connection_status)
+        pulumi.set(__self__, "create_time", create_time)
+        pulumi.set(__self__, "customer_gateway_id", customer_gateway_id)
+        pulumi.set(__self__, "effect_immediately", effect_immediately)
+        pulumi.set(__self__, "enable_dpd", enable_dpd)
+        pulumi.set(__self__, "enable_nat_traversal", enable_nat_traversal)
+        pulumi.set(__self__, "enable_tunnels_bgp", enable_tunnels_bgp)
+        pulumi.set(__self__, "health_check_configs", health_check_configs)
+        pulumi.set(__self__, "id", id)
+        pulumi.set(__self__, "ike_configs", ike_configs)
+        pulumi.set(__self__, "internet_ip", internet_ip)
+        pulumi.set(__self__, "ipsec_configs", ipsec_configs)
+        pulumi.set(__self__, "local_subnet", local_subnet)
+        pulumi.set(__self__, "network_type", network_type)
+        pulumi.set(__self__, "remote_subnet", remote_subnet)
+        pulumi.set(__self__, "resource_group_id", resource_group_id)
+        pulumi.set(__self__, "status", status)
+        pulumi.set(__self__, "tags", tags)
+        pulumi.set(__self__, "tunnel_options_specifications", tunnel_options_specifications)
+        pulumi.set(__self__, "vpn_attachment_name", vpn_attachment_name)
+        pulumi.set(__self__, "vpn_connection_id", vpn_connection_id)
+
+    @property
+    @pulumi.getter(name="attachType")
+    def attach_type(self) -> str:
         """
-        :param str ike_auth_alg: IKE auth Algorithm.
-        :param str ike_enc_alg: IKE encript algorithm.
-        :param int ike_lifetime: IKE lifetime.
-        :param str ike_mode: IKE Mode.
-        :param str ike_pfs: DH Group.
-        :param str ike_version: IKE Version.
-        :param str local_id: The local Id.
-        :param str psk: Preshared secret key.
-        :param str remote_id: Remote ID.
+        attach type- **CEN**: indicates that the IPsec-VPN connection is associated with a transit router of a Cloud Enterprise Network (CEN) instance.- **NO_ASSOCIATED**: indicates that the IPsec-VPN connection is not associated with any resource.
         """
-        pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
-        pulumi.set(__self__, "ike_enc_alg", ike_enc_alg)
-        pulumi.set(__self__, "ike_lifetime", ike_lifetime)
-        pulumi.set(__self__, "ike_mode", ike_mode)
-        pulumi.set(__self__, "ike_pfs", ike_pfs)
-        pulumi.set(__self__, "ike_version", ike_version)
-        pulumi.set(__self__, "local_id", local_id)
-        pulumi.set(__self__, "psk", psk)
-        pulumi.set(__self__, "remote_id", remote_id)
+        return pulumi.get(self, "attach_type")
 
     @property
-    @pulumi.getter(name="ikeAuthAlg")
-    def ike_auth_alg(self) -> str:
+    @pulumi.getter(name="bgpConfigs")
+    def bgp_configs(self) -> Sequence['outputs.GetGatewayVpnAttachmentsAttachmentBgpConfigResult']:
         """
-        IKE auth Algorithm.
+        Bgp configuration information.- This parameter is supported when you create an vpn attachment in single-tunnel mode.
         """
-        return pulumi.get(self, "ike_auth_alg")
+        return pulumi.get(self, "bgp_configs")
 
     @property
-    @pulumi.getter(name="ikeEncAlg")
-    def ike_enc_alg(self) -> str:
+    @pulumi.getter(name="connectionStatus")
+    def connection_status(self) -> str:
         """
-        IKE encript algorithm.
+        IPsec connection status- **ike_sa_not_established**: Phase 1 negotiations failed.- **ike_sa_established**: Phase 1 negotiations succeeded.- **ipsec_sa_not_established**: Phase 2 negotiations failed.- **ipsec_sa_established**: Phase 2 negotiations succeeded.
         """
-        return pulumi.get(self, "ike_enc_alg")
+        return pulumi.get(self, "connection_status")
 
     @property
-    @pulumi.getter(name="ikeLifetime")
-    def ike_lifetime(self) -> int:
+    @pulumi.getter(name="createTime")
+    def create_time(self) -> str:
         """
-        IKE lifetime.
+        The creation time of the resource
         """
-        return pulumi.get(self, "ike_lifetime")
+        return pulumi.get(self, "create_time")
 
     @property
-    @pulumi.getter(name="ikeMode")
-    def ike_mode(self) -> str:
+    @pulumi.getter(name="customerGatewayId")
+    def customer_gateway_id(self) -> str:
         """
-        IKE Mode.
+        The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
         """
-        return pulumi.get(self, "ike_mode")
+        return pulumi.get(self, "customer_gateway_id")
 
     @property
-    @pulumi.getter(name="ikePfs")
-    def ike_pfs(self) -> str:
+    @pulumi.getter(name="effectImmediately")
+    def effect_immediately(self) -> bool:
         """
-        DH Group.
+        Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:- **true**: immediately starts IPsec negotiations after the configuration is complete.- **false** (default): starts IPsec negotiations when inbound traffic is received.
         """
-        return pulumi.get(self, "ike_pfs")
+        return pulumi.get(self, "effect_immediately")
 
     @property
-    @pulumi.getter(name="ikeVersion")
-    def ike_version(self) -> str:
+    @pulumi.getter(name="enableDpd")
+    def enable_dpd(self) -> bool:
         """
-        IKE Version.
+        Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-**true** (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-**false**: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
         """
-        return pulumi.get(self, "ike_version")
+        return pulumi.get(self, "enable_dpd")
 
     @property
-    @pulumi.getter(name="localId")
-    def local_id(self) -> str:
+    @pulumi.getter(name="enableNatTraversal")
+    def enable_nat_traversal(self) -> bool:
         """
-        The local Id.
+        Whether the NAT crossing function is enabled for the tunnel. Value:-**true** (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-**false**: does not enable the NAT Traversal function.
         """
-        return pulumi.get(self, "local_id")
+        return pulumi.get(self, "enable_nat_traversal")
 
     @property
-    @pulumi.getter
-    def psk(self) -> str:
+    @pulumi.getter(name="enableTunnelsBgp")
+    def enable_tunnels_bgp(self) -> bool:
         """
-        Preshared secret key.
+        You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value: **true** or **false** (default).> before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
         """
-        return pulumi.get(self, "psk")
+        return pulumi.get(self, "enable_tunnels_bgp")
 
     @property
-    @pulumi.getter(name="remoteId")
-    def remote_id(self) -> str:
+    @pulumi.getter(name="healthCheckConfigs")
+    def health_check_configs(self) -> Sequence['outputs.GetGatewayVpnAttachmentsAttachmentHealthCheckConfigResult']:
         """
-        Remote ID.
+        This parameter is supported if you create an vpn attachment in single-tunnel mode.Health check configuration information.
         """
-        return pulumi.get(self, "remote_id")
-
+        return pulumi.get(self, "health_check_configs")
 
-@pulumi.output_type
-class GetConnectionsConnectionTunnelOptionsSpecificationTunnelIpsecConfigResult(dict):
-    def __init__(__self__, *,
-                 ipsec_auth_alg: str,
-                 ipsec_enc_alg: str,
-                 ipsec_lifetime: int,
-                 ipsec_pfs: str):
+    @property
+    @pulumi.getter
+    def id(self) -> str:
         """
-        :param str ipsec_auth_alg: IPsec Auth algorithm.
-        :param str ipsec_enc_alg: IPsec Encript algorithm.
-        :param int ipsec_lifetime: IPsec lifetime.
-        :param str ipsec_pfs: DH Group.
+        The ID of the resource supplied above.
         """
-        pulumi.set(__self__, "ipsec_auth_alg", ipsec_auth_alg)
-        pulumi.set(__self__, "ipsec_enc_alg", ipsec_enc_alg)
-        pulumi.set(__self__, "ipsec_lifetime", ipsec_lifetime)
-        pulumi.set(__self__, "ipsec_pfs", ipsec_pfs)
+        return pulumi.get(self, "id")
 
     @property
-    @pulumi.getter(name="ipsecAuthAlg")
-    def ipsec_auth_alg(self) -> str:
+    @pulumi.getter(name="ikeConfigs")
+    def ike_configs(self) -> Sequence['outputs.GetGatewayVpnAttachmentsAttachmentIkeConfigResult']:
         """
-        IPsec Auth algorithm.
+        The configurations of Phase 1 negotiations. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
         """
-        return pulumi.get(self, "ipsec_auth_alg")
+        return pulumi.get(self, "ike_configs")
 
     @property
-    @pulumi.getter(name="ipsecEncAlg")
-    def ipsec_enc_alg(self) -> str:
+    @pulumi.getter(name="internetIp")
+    def internet_ip(self) -> str:
         """
-        IPsec Encript algorithm.
+        The local internet IP in Tunnel.
         """
-        return pulumi.get(self, "ipsec_enc_alg")
+        return pulumi.get(self, "internet_ip")
 
     @property
-    @pulumi.getter(name="ipsecLifetime")
-    def ipsec_lifetime(self) -> int:
+    @pulumi.getter(name="ipsecConfigs")
+    def ipsec_configs(self) -> Sequence['outputs.GetGatewayVpnAttachmentsAttachmentIpsecConfigResult']:
         """
-        IPsec lifetime.
+        Configuration negotiated in the second stage. - This parameter is supported if you create an vpn attachment in single-tunnel mode.
         """
-        return pulumi.get(self, "ipsec_lifetime")
+        return pulumi.get(self, "ipsec_configs")
 
     @property
-    @pulumi.getter(name="ipsecPfs")
-    def ipsec_pfs(self) -> str:
+    @pulumi.getter(name="localSubnet")
+    def local_subnet(self) -> str:
         """
-        DH Group.
+        The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
         """
-        return pulumi.get(self, "ipsec_pfs")
+        return pulumi.get(self, "local_subnet")
 
+    @property
+    @pulumi.getter(name="networkType")
+    def network_type(self) -> str:
+        """
+        network type- **public** (default)- **private**
+        """
+        return pulumi.get(self, "network_type")
 
-@pulumi.output_type
-class GetConnectionsConnectionVcoHealthCheckResult(dict):
-    def __init__(__self__, *,
-                 dip: Optional[str] = None,
-                 enable: Optional[str] = None,
-                 interval: Optional[int] = None,
-                 retry: Optional[int] = None,
-                 sip: Optional[str] = None,
-                 status: Optional[str] = None):
+    @property
+    @pulumi.getter(name="remoteSubnet")
+    def remote_subnet(self) -> str:
         """
-        :param str dip: The destination ip address.
-        :param str enable: The health check on status. Valid values: `true`, `false`.
-        :param int interval: The time interval between health checks.
-        :param int retry: The number of retries for health checks issued.
-        :param str sip: The source ip address.
-        :param str status: The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
         """
-        if dip is not None:
-            pulumi.set(__self__, "dip", dip)
-        if enable is not None:
-            pulumi.set(__self__, "enable", enable)
-        if interval is not None:
-            pulumi.set(__self__, "interval", interval)
-        if retry is not None:
-            pulumi.set(__self__, "retry", retry)
-        if sip is not None:
-            pulumi.set(__self__, "sip", sip)
-        if status is not None:
-            pulumi.set(__self__, "status", status)
+        return pulumi.get(self, "remote_subnet")
 
     @property
-    @pulumi.getter
-    def dip(self) -> Optional[str]:
+    @pulumi.getter(name="resourceGroupId")
+    def resource_group_id(self) -> str:
         """
-        The destination ip address.
+        The ID of the resource group
         """
-        return pulumi.get(self, "dip")
+        return pulumi.get(self, "resource_group_id")
 
     @property
     @pulumi.getter
-    def enable(self) -> Optional[str]:
+    def status(self) -> str:
         """
-        The health check on status. Valid values: `true`, `false`.
+        The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
         """
-        return pulumi.get(self, "enable")
+        return pulumi.get(self, "status")
 
     @property
     @pulumi.getter
-    def interval(self) -> Optional[int]:
+    def tags(self) -> Mapping[str, str]:
         """
-        The time interval between health checks.
+        Tags
         """
-        return pulumi.get(self, "interval")
+        return pulumi.get(self, "tags")
 
     @property
-    @pulumi.getter
-    def retry(self) -> Optional[int]:
+    @pulumi.getter(name="tunnelOptionsSpecifications")
+    def tunnel_options_specifications(self) -> Sequence['outputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationResult']:
         """
-        The number of retries for health checks issued.
+        Configure the tunnel.-You can configure parameters in the **tunnel_options_specification** array when you create a vpn attachment in dual-tunnel mode.-When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment.
         """
-        return pulumi.get(self, "retry")
+        return pulumi.get(self, "tunnel_options_specifications")
 
     @property
-    @pulumi.getter
-    def sip(self) -> Optional[str]:
+    @pulumi.getter(name="vpnAttachmentName")
+    def vpn_attachment_name(self) -> str:
         """
-        The source ip address.
+        vpn attachment name
         """
-        return pulumi.get(self, "sip")
+        return pulumi.get(self, "vpn_attachment_name")
 
     @property
-    @pulumi.getter
-    def status(self) -> Optional[str]:
+    @pulumi.getter(name="vpnConnectionId")
+    def vpn_connection_id(self) -> str:
         """
-        The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        The first ID of the resource
         """
-        return pulumi.get(self, "status")
+        return pulumi.get(self, "vpn_connection_id")
 
 
 @pulumi.output_type
-class GetConnectionsConnectionVpnBgpConfigResult(dict):
+class GetGatewayVpnAttachmentsAttachmentBgpConfigResult(dict):
     def __init__(__self__, *,
-                 auth_key: Optional[str] = None,
-                 local_asn: Optional[int] = None,
-                 local_bgp_ip: Optional[str] = None,
-                 peer_asn: Optional[int] = None,
-                 peer_bgp_ip: Optional[str] = None,
-                 status: Optional[str] = None,
-                 tunnel_cidr: Optional[str] = None):
-        """
-        :param str auth_key: The authentication keys for BGP routing protocols.
-        :param int local_asn: Local asn.
-        :param str local_bgp_ip: Local bgp IP.
-        :param int peer_asn: The counterpart autonomous system number.
-        :param str peer_bgp_ip: The BGP address on the other side.
-        :param str status: The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
-        :param str tunnel_cidr: BGP Tunnel CIDR.
-        """
-        if auth_key is not None:
-            pulumi.set(__self__, "auth_key", auth_key)
-        if local_asn is not None:
-            pulumi.set(__self__, "local_asn", local_asn)
-        if local_bgp_ip is not None:
-            pulumi.set(__self__, "local_bgp_ip", local_bgp_ip)
-        if peer_asn is not None:
-            pulumi.set(__self__, "peer_asn", peer_asn)
-        if peer_bgp_ip is not None:
-            pulumi.set(__self__, "peer_bgp_ip", peer_bgp_ip)
-        if status is not None:
-            pulumi.set(__self__, "status", status)
-        if tunnel_cidr is not None:
-            pulumi.set(__self__, "tunnel_cidr", tunnel_cidr)
-
-    @property
-    @pulumi.getter(name="authKey")
-    def auth_key(self) -> Optional[str]:
+                 local_asn: int,
+                 local_bgp_ip: str,
+                 status: str,
+                 tunnel_cidr: str):
         """
-        The authentication keys for BGP routing protocols.
+        :param int local_asn: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is **1** to **4294967295**. Default value: **45104**.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
+        :param str local_bgp_ip: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
+        :param str status: The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
+        :param str tunnel_cidr: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.
         """
-        return pulumi.get(self, "auth_key")
+        pulumi.set(__self__, "local_asn", local_asn)
+        pulumi.set(__self__, "local_bgp_ip", local_bgp_ip)
+        pulumi.set(__self__, "status", status)
+        pulumi.set(__self__, "tunnel_cidr", tunnel_cidr)
 
     @property
     @pulumi.getter(name="localAsn")
-    def local_asn(self) -> Optional[int]:
+    def local_asn(self) -> int:
         """
-        Local asn.
+        The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is **1** to **4294967295**. Default value: **45104**.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
         """
         return pulumi.get(self, "local_asn")
 
     @property
     @pulumi.getter(name="localBgpIp")
-    def local_bgp_ip(self) -> Optional[str]:
+    def local_bgp_ip(self) -> str:
         """
-        Local bgp IP.
+        The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
         """
         return pulumi.get(self, "local_bgp_ip")
 
-    @property
-    @pulumi.getter(name="peerAsn")
-    def peer_asn(self) -> Optional[int]:
-        """
-        The counterpart autonomous system number.
-        """
-        return pulumi.get(self, "peer_asn")
-
-    @property
-    @pulumi.getter(name="peerBgpIp")
-    def peer_bgp_ip(self) -> Optional[str]:
-        """
-        The BGP address on the other side.
-        """
-        return pulumi.get(self, "peer_bgp_ip")
-
     @property
     @pulumi.getter
-    def status(self) -> Optional[str]:
+    def status(self) -> str:
         """
-        The negotiation status of the BGP routing protocol. Valid values: `success`, `false`.
+        The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
         """
         return pulumi.get(self, "status")
 
     @property
     @pulumi.getter(name="tunnelCidr")
-    def tunnel_cidr(self) -> Optional[str]:
+    def tunnel_cidr(self) -> str:
         """
-        BGP Tunnel CIDR.
+        The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.
         """
         return pulumi.get(self, "tunnel_cidr")
 
 
 @pulumi.output_type
-class GetCustomerGatewaysGatewayResult(dict):
+class GetGatewayVpnAttachmentsAttachmentHealthCheckConfigResult(dict):
     def __init__(__self__, *,
-                 asn: int,
-                 create_time: str,
-                 description: str,
-                 id: str,
-                 ip_address: str,
-                 name: str):
+                 dip: str,
+                 enable: bool,
+                 interval: int,
+                 policy: str,
+                 retry: int,
+                 sip: str,
+                 status: str):
         """
-        :param int asn: The autonomous system number of the local data center gateway device of the VPN customer gateway.
-        :param str create_time: The creation time of the VPN customer gateway.
-        :param str description: The description of the VPN customer gateway.
-        :param str id: ID of the VPN customer gateway .
-        :param str ip_address: The ip address of the VPN customer gateway.
-        :param str name: The name of the VPN customer gateway.
+        :param str dip: Target IP.
+        :param bool enable: Whether health check is enabled:-**false**: not enabled. -**true**: enabled.
+        :param int interval: The health check retry interval, in seconds.
+        :param str policy: Whether to revoke the published route when the health check fails- **revoke_route**(default): withdraws published routes.- **reserve_route**: does not withdraw published routes.
+        :param int retry: Number of retries for health check.
+        :param str sip: SOURCE IP.
+        :param str status: The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
         """
-        pulumi.set(__self__, "asn", asn)
-        pulumi.set(__self__, "create_time", create_time)
-        pulumi.set(__self__, "description", description)
-        pulumi.set(__self__, "id", id)
-        pulumi.set(__self__, "ip_address", ip_address)
-        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "dip", dip)
+        pulumi.set(__self__, "enable", enable)
+        pulumi.set(__self__, "interval", interval)
+        pulumi.set(__self__, "policy", policy)
+        pulumi.set(__self__, "retry", retry)
+        pulumi.set(__self__, "sip", sip)
+        pulumi.set(__self__, "status", status)
 
     @property
     @pulumi.getter
-    def asn(self) -> int:
+    def dip(self) -> str:
         """
-        The autonomous system number of the local data center gateway device of the VPN customer gateway.
+        Target IP.
         """
-        return pulumi.get(self, "asn")
+        return pulumi.get(self, "dip")
 
     @property
-    @pulumi.getter(name="createTime")
-    def create_time(self) -> str:
+    @pulumi.getter
+    def enable(self) -> bool:
         """
-        The creation time of the VPN customer gateway.
+        Whether health check is enabled:-**false**: not enabled. -**true**: enabled.
         """
-        return pulumi.get(self, "create_time")
+        return pulumi.get(self, "enable")
 
     @property
     @pulumi.getter
-    def description(self) -> str:
+    def interval(self) -> int:
         """
-        The description of the VPN customer gateway.
+        The health check retry interval, in seconds.
         """
-        return pulumi.get(self, "description")
+        return pulumi.get(self, "interval")
 
     @property
     @pulumi.getter
-    def id(self) -> str:
+    def policy(self) -> str:
         """
-        ID of the VPN customer gateway .
+        Whether to revoke the published route when the health check fails- **revoke_route**(default): withdraws published routes.- **reserve_route**: does not withdraw published routes.
         """
-        return pulumi.get(self, "id")
+        return pulumi.get(self, "policy")
 
     @property
-    @pulumi.getter(name="ipAddress")
-    def ip_address(self) -> str:
+    @pulumi.getter
+    def retry(self) -> int:
         """
-        The ip address of the VPN customer gateway.
+        Number of retries for health check.
         """
-        return pulumi.get(self, "ip_address")
+        return pulumi.get(self, "retry")
 
     @property
     @pulumi.getter
-    def name(self) -> str:
-        """
-        The name of the VPN customer gateway.
-        """
-        return pulumi.get(self, "name")
-
-
-@pulumi.output_type
-class GetGatewayVcoRoutesRouteResult(dict):
-    def __init__(__self__, *,
-                 as_path: str,
-                 create_time: str,
-                 id: str,
-                 next_hop: str,
-                 route_dest: str,
-                 source: str,
-                 status: str,
-                 vpn_connection_id: str,
-                 weight: int):
+    def sip(self) -> str:
         """
-        :param str as_path: List of autonomous system numbers through which BGP routing entries pass.
-        :param str create_time: The creation time of the VPN destination route.
-        :param str id: The ID of the Vpn Gateway Vco Routes.
-        :param str next_hop: The next hop of the destination route.
-        :param str route_dest: The destination network segment of the destination route.
-        :param str source: The source CIDR block of the destination route.
-        :param str status: The status of the vpn route entry. Valid values: `normal`, `published`.
-        :param str vpn_connection_id: The id of the vpn connection.
-        :param int weight: The weight value of the destination route.
+        SOURCE IP.
         """
-        pulumi.set(__self__, "as_path", as_path)
-        pulumi.set(__self__, "create_time", create_time)
-        pulumi.set(__self__, "id", id)
-        pulumi.set(__self__, "next_hop", next_hop)
-        pulumi.set(__self__, "route_dest", route_dest)
-        pulumi.set(__self__, "source", source)
-        pulumi.set(__self__, "status", status)
-        pulumi.set(__self__, "vpn_connection_id", vpn_connection_id)
-        pulumi.set(__self__, "weight", weight)
+        return pulumi.get(self, "sip")
 
     @property
-    @pulumi.getter(name="asPath")
-    def as_path(self) -> str:
+    @pulumi.getter
+    def status(self) -> str:
         """
-        List of autonomous system numbers through which BGP routing entries pass.
+        The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
         """
-        return pulumi.get(self, "as_path")
+        return pulumi.get(self, "status")
 
-    @property
-    @pulumi.getter(name="createTime")
-    def create_time(self) -> str:
-        """
-        The creation time of the VPN destination route.
-        """
-        return pulumi.get(self, "create_time")
 
-    @property
-    @pulumi.getter
-    def id(self) -> str:
+@pulumi.output_type
+class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
+    def __init__(__self__, *,
+                 ike_auth_alg: str,
+                 ike_enc_alg: str,
+                 ike_lifetime: int,
+                 ike_mode: str,
+                 ike_pfs: str,
+                 ike_version: str,
+                 local_id: str,
+                 psk: str,
+                 remote_id: str):
         """
-        The ID of the Vpn Gateway Vco Routes.
+        :param str ike_auth_alg: The authentication algorithm negotiated in the first stage. Values: **md5**, **sha1**, **sha256**, **sha384**, **sha512**. Default value: **sha1**.
+        :param str ike_enc_alg: The encryption algorithm negotiated in the first stage. Value: **aes**, **aes192**, **aes256**, **des**, or **3des**. Default value: **aes**.
+        :param int ike_lifetime: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: **0** to **86400**. Default value: **86400**.
+        :param str ike_mode: IKE version of the negotiation mode. Value: **main** or **aggressive**. Default value: **main**.-**main**: main mode, high security during negotiation.-**aggressive**: Savage mode, fast negotiation and high negotiation success rate.
+        :param str ike_pfs: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: **group2**.Values: **group1**, **group2**, **group5**, **group14**.
+        :param str ike_version: Version of the IKE protocol. Value: **ikev1** or **ikev2**. Default value: **ikev2**.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
+        :param str local_id: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.**LocalId** supports the FQDN format. If you use the FQDN format, we recommend that you select **aggressive** (barbaric mode) as the negotiation mode.
+        :param str psk: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! \\'@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
+        :param str remote_id: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- **RemoteId** supports the FQDN format. If you use the FQDN format, we recommend that you select **aggressive** (barbaric mode) as the negotiation mode.
         """
-        return pulumi.get(self, "id")
+        pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
+        pulumi.set(__self__, "ike_enc_alg", ike_enc_alg)
+        pulumi.set(__self__, "ike_lifetime", ike_lifetime)
+        pulumi.set(__self__, "ike_mode", ike_mode)
+        pulumi.set(__self__, "ike_pfs", ike_pfs)
+        pulumi.set(__self__, "ike_version", ike_version)
+        pulumi.set(__self__, "local_id", local_id)
+        pulumi.set(__self__, "psk", psk)
+        pulumi.set(__self__, "remote_id", remote_id)
 
     @property
-    @pulumi.getter(name="nextHop")
-    def next_hop(self) -> str:
+    @pulumi.getter(name="ikeAuthAlg")
+    def ike_auth_alg(self) -> str:
         """
-        The next hop of the destination route.
+        The authentication algorithm negotiated in the first stage. Values: **md5**, **sha1**, **sha256**, **sha384**, **sha512**. Default value: **sha1**.
         """
-        return pulumi.get(self, "next_hop")
+        return pulumi.get(self, "ike_auth_alg")
 
     @property
-    @pulumi.getter(name="routeDest")
-    def route_dest(self) -> str:
+    @pulumi.getter(name="ikeEncAlg")
+    def ike_enc_alg(self) -> str:
         """
-        The destination network segment of the destination route.
+        The encryption algorithm negotiated in the first stage. Value: **aes**, **aes192**, **aes256**, **des**, or **3des**. Default value: **aes**.
         """
-        return pulumi.get(self, "route_dest")
+        return pulumi.get(self, "ike_enc_alg")
 
     @property
-    @pulumi.getter
-    def source(self) -> str:
+    @pulumi.getter(name="ikeLifetime")
+    def ike_lifetime(self) -> int:
         """
-        The source CIDR block of the destination route.
+        The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: **0** to **86400**. Default value: **86400**.
         """
-        return pulumi.get(self, "source")
+        return pulumi.get(self, "ike_lifetime")
 
     @property
-    @pulumi.getter
-    def status(self) -> str:
+    @pulumi.getter(name="ikeMode")
+    def ike_mode(self) -> str:
         """
-        The status of the vpn route entry. Valid values: `normal`, `published`.
+        IKE version of the negotiation mode. Value: **main** or **aggressive**. Default value: **main**.-**main**: main mode, high security during negotiation.-**aggressive**: Savage mode, fast negotiation and high negotiation success rate.
         """
-        return pulumi.get(self, "status")
+        return pulumi.get(self, "ike_mode")
 
     @property
-    @pulumi.getter(name="vpnConnectionId")
-    def vpn_connection_id(self) -> str:
+    @pulumi.getter(name="ikePfs")
+    def ike_pfs(self) -> str:
         """
-        The id of the vpn connection.
+        The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: **group2**.Values: **group1**, **group2**, **group5**, **group14**.
         """
-        return pulumi.get(self, "vpn_connection_id")
+        return pulumi.get(self, "ike_pfs")
 
     @property
-    @pulumi.getter
-    def weight(self) -> int:
+    @pulumi.getter(name="ikeVersion")
+    def ike_version(self) -> str:
         """
-        The weight value of the destination route.
+        Version of the IKE protocol. Value: **ikev1** or **ikev2**. Default value: **ikev2**.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
         """
-        return pulumi.get(self, "weight")
-
+        return pulumi.get(self, "ike_version")
 
-@pulumi.output_type
-class GetGatewayVpnAttachmentsAttachmentResult(dict):
-    def __init__(__self__, *,
-                 bgp_configs: Sequence['outputs.GetGatewayVpnAttachmentsAttachmentBgpConfigResult'],
-                 connection_status: str,
-                 create_time: str,
-                 customer_gateway_id: str,
-                 effect_immediately: bool,
-                 health_check_configs: Sequence['outputs.GetGatewayVpnAttachmentsAttachmentHealthCheckConfigResult'],
-                 id: str,
-                 ike_configs: Sequence['outputs.GetGatewayVpnAttachmentsAttachmentIkeConfigResult'],
-                 internet_ip: str,
-                 ipsec_configs: Sequence['outputs.GetGatewayVpnAttachmentsAttachmentIpsecConfigResult'],
-                 local_subnet: str,
-                 network_type: str,
-                 remote_subnet: str,
-                 status: str,
-                 vpn_attachment_name: str,
-                 vpn_connection_id: str):
-        """
-        :param Sequence['GetGatewayVpnAttachmentsAttachmentBgpConfigArgs'] bgp_configs: The configurations of the BGP routing protocol.
-        :param str connection_status: The status of the IPsec-VPN connection.
-        :param str create_time: The creation time of the resource.
-        :param str customer_gateway_id: The ID of the customer gateway.
-        :param bool effect_immediately: Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
-        :param Sequence['GetGatewayVpnAttachmentsAttachmentHealthCheckConfigArgs'] health_check_configs: The health check configurations.
-        :param str id: The ID of the Vpn Attachment.
-        :param Sequence['GetGatewayVpnAttachmentsAttachmentIkeConfigArgs'] ike_configs: Configuration negotiated in the second stage.
-        :param str internet_ip: The internet ip of the resource. The cen.TransitRouterVpnAttachment resource will not have a value until after it is created.
-        :param Sequence['GetGatewayVpnAttachmentsAttachmentIpsecConfigArgs'] ipsec_configs: The configuration of Phase 2 negotiations.
-        :param str local_subnet: The CIDR block of the virtual private cloud (VPC).
-        :param str network_type: The network type.
-        :param str remote_subnet: The CIDR block of the on-premises data center.
-        :param str status: The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
-        :param str vpn_attachment_name: The name of the IPsec-VPN connection.
-        :param str vpn_connection_id: The first ID of the resource.
-        """
-        pulumi.set(__self__, "bgp_configs", bgp_configs)
-        pulumi.set(__self__, "connection_status", connection_status)
-        pulumi.set(__self__, "create_time", create_time)
-        pulumi.set(__self__, "customer_gateway_id", customer_gateway_id)
-        pulumi.set(__self__, "effect_immediately", effect_immediately)
-        pulumi.set(__self__, "health_check_configs", health_check_configs)
-        pulumi.set(__self__, "id", id)
-        pulumi.set(__self__, "ike_configs", ike_configs)
-        pulumi.set(__self__, "internet_ip", internet_ip)
-        pulumi.set(__self__, "ipsec_configs", ipsec_configs)
-        pulumi.set(__self__, "local_subnet", local_subnet)
-        pulumi.set(__self__, "network_type", network_type)
-        pulumi.set(__self__, "remote_subnet", remote_subnet)
-        pulumi.set(__self__, "status", status)
-        pulumi.set(__self__, "vpn_attachment_name", vpn_attachment_name)
-        pulumi.set(__self__, "vpn_connection_id", vpn_connection_id)
+    @property
+    @pulumi.getter(name="localId")
+    def local_id(self) -> str:
+        """
+        The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.**LocalId** supports the FQDN format. If you use the FQDN format, we recommend that you select **aggressive** (barbaric mode) as the negotiation mode.
+        """
+        return pulumi.get(self, "local_id")
 
     @property
-    @pulumi.getter(name="bgpConfigs")
-    def bgp_configs(self) -> Sequence['outputs.GetGatewayVpnAttachmentsAttachmentBgpConfigResult']:
+    @pulumi.getter
+    def psk(self) -> str:
         """
-        The configurations of the BGP routing protocol.
+        The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! \\'@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
         """
-        return pulumi.get(self, "bgp_configs")
+        return pulumi.get(self, "psk")
 
     @property
-    @pulumi.getter(name="connectionStatus")
-    def connection_status(self) -> str:
+    @pulumi.getter(name="remoteId")
+    def remote_id(self) -> str:
         """
-        The status of the IPsec-VPN connection.
+        Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- **RemoteId** supports the FQDN format. If you use the FQDN format, we recommend that you select **aggressive** (barbaric mode) as the negotiation mode.
         """
-        return pulumi.get(self, "connection_status")
+        return pulumi.get(self, "remote_id")
 
-    @property
-    @pulumi.getter(name="createTime")
-    def create_time(self) -> str:
+
+@pulumi.output_type
+class GetGatewayVpnAttachmentsAttachmentIpsecConfigResult(dict):
+    def __init__(__self__, *,
+                 ipsec_auth_alg: str,
+                 ipsec_enc_alg: str,
+                 ipsec_lifetime: int,
+                 ipsec_pfs: str):
         """
-        The creation time of the resource.
+        :param str ipsec_auth_alg: The second stage negotiated authentication algorithm.Values: **md5**, **sha1**, **sha256**, **sha384**, **sha512**. Default value: **sha1**.
+        :param str ipsec_enc_alg: The encryption algorithm negotiated in the second stage. Value: **aes**, **aes192**, **aes256**, **des**, or **3des**. Default value: **aes**.
+        :param int ipsec_lifetime: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: **0** to **86400**. Default value: **86400**.
+        :param str ipsec_pfs: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: **group2**.Values: **disabled**, **group1**, **group2**, **group5**, **group14**.
         """
-        return pulumi.get(self, "create_time")
+        pulumi.set(__self__, "ipsec_auth_alg", ipsec_auth_alg)
+        pulumi.set(__self__, "ipsec_enc_alg", ipsec_enc_alg)
+        pulumi.set(__self__, "ipsec_lifetime", ipsec_lifetime)
+        pulumi.set(__self__, "ipsec_pfs", ipsec_pfs)
 
     @property
-    @pulumi.getter(name="customerGatewayId")
-    def customer_gateway_id(self) -> str:
+    @pulumi.getter(name="ipsecAuthAlg")
+    def ipsec_auth_alg(self) -> str:
         """
-        The ID of the customer gateway.
+        The second stage negotiated authentication algorithm.Values: **md5**, **sha1**, **sha256**, **sha384**, **sha512**. Default value: **sha1**.
         """
-        return pulumi.get(self, "customer_gateway_id")
+        return pulumi.get(self, "ipsec_auth_alg")
 
     @property
-    @pulumi.getter(name="effectImmediately")
-    def effect_immediately(self) -> bool:
+    @pulumi.getter(name="ipsecEncAlg")
+    def ipsec_enc_alg(self) -> str:
         """
-        Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
+        The encryption algorithm negotiated in the second stage. Value: **aes**, **aes192**, **aes256**, **des**, or **3des**. Default value: **aes**.
         """
-        return pulumi.get(self, "effect_immediately")
+        return pulumi.get(self, "ipsec_enc_alg")
 
     @property
-    @pulumi.getter(name="healthCheckConfigs")
-    def health_check_configs(self) -> Sequence['outputs.GetGatewayVpnAttachmentsAttachmentHealthCheckConfigResult']:
+    @pulumi.getter(name="ipsecLifetime")
+    def ipsec_lifetime(self) -> int:
         """
-        The health check configurations.
+        The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: **0** to **86400**. Default value: **86400**.
         """
-        return pulumi.get(self, "health_check_configs")
+        return pulumi.get(self, "ipsec_lifetime")
 
     @property
-    @pulumi.getter
-    def id(self) -> str:
+    @pulumi.getter(name="ipsecPfs")
+    def ipsec_pfs(self) -> str:
         """
-        The ID of the Vpn Attachment.
+        The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: **group2**.Values: **disabled**, **group1**, **group2**, **group5**, **group14**.
         """
-        return pulumi.get(self, "id")
+        return pulumi.get(self, "ipsec_pfs")
+
+
+@pulumi.output_type
+class GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationResult(dict):
+    def __init__(__self__, *,
+                 customer_gateway_id: str,
+                 enable_dpd: bool,
+                 enable_nat_traversal: bool,
+                 internet_ip: str,
+                 role: str,
+                 state: str,
+                 status: str,
+                 tunnel_bgp_config: 'outputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfigResult',
+                 tunnel_id: str,
+                 tunnel_ike_config: 'outputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfigResult',
+                 tunnel_index: int,
+                 tunnel_ipsec_config: 'outputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfigResult',
+                 zone_no: str):
+        """
+        :param str customer_gateway_id: The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
+        :param bool enable_dpd: Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-**true** (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-**false**: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
+        :param bool enable_nat_traversal: Whether the NAT crossing function is enabled for the tunnel. Value:-**true** (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-**false**: does not enable the NAT Traversal function.
+        :param str internet_ip: The local internet IP in Tunnel.
+        :param str role: The role of Tunnel.
+        :param str state: The state of Tunnel.
+        :param str status: The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
+        :param 'GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs' tunnel_bgp_config: Add the BGP configuration for the tunnel.> After you enable the BGP function for IPsec connections (that is, specify **EnableTunnelsBgp** as **true**), you must configure this parameter.
+        :param str tunnel_id: The tunnel ID of IPsec-VPN connection.
+        :param 'GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs' tunnel_ike_config: Configuration information for the first phase negotiation.
+        :param int tunnel_index: The order in which the tunnel was created.-**1**: First tunnel.-**2**: The second tunnel.
+        :param 'GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs' tunnel_ipsec_config: Configuration information for the second-stage negotiation.
+        :param str zone_no: The zoneNo of tunnel.
+        """
+        pulumi.set(__self__, "customer_gateway_id", customer_gateway_id)
+        pulumi.set(__self__, "enable_dpd", enable_dpd)
+        pulumi.set(__self__, "enable_nat_traversal", enable_nat_traversal)
+        pulumi.set(__self__, "internet_ip", internet_ip)
+        pulumi.set(__self__, "role", role)
+        pulumi.set(__self__, "state", state)
+        pulumi.set(__self__, "status", status)
+        pulumi.set(__self__, "tunnel_bgp_config", tunnel_bgp_config)
+        pulumi.set(__self__, "tunnel_id", tunnel_id)
+        pulumi.set(__self__, "tunnel_ike_config", tunnel_ike_config)
+        pulumi.set(__self__, "tunnel_index", tunnel_index)
+        pulumi.set(__self__, "tunnel_ipsec_config", tunnel_ipsec_config)
+        pulumi.set(__self__, "zone_no", zone_no)
 
     @property
-    @pulumi.getter(name="ikeConfigs")
-    def ike_configs(self) -> Sequence['outputs.GetGatewayVpnAttachmentsAttachmentIkeConfigResult']:
+    @pulumi.getter(name="customerGatewayId")
+    def customer_gateway_id(self) -> str:
         """
-        Configuration negotiated in the second stage.
+        The ID of the user gateway associated with the tunnel.> This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
         """
-        return pulumi.get(self, "ike_configs")
+        return pulumi.get(self, "customer_gateway_id")
 
     @property
-    @pulumi.getter(name="internetIp")
-    def internet_ip(self) -> str:
+    @pulumi.getter(name="enableDpd")
+    def enable_dpd(self) -> bool:
         """
-        The internet ip of the resource. The cen.TransitRouterVpnAttachment resource will not have a value until after it is created.
+        Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:-**true** (default): enable the DPD function. IPsec initiator will send DPD message to check whether the peer device is alive. If the peer device does not receive a correct response within the set time, it is considered that the peer has been disconnected. IPsec will delete ISAKMP SA and the corresponding IPsec SA, and the security tunnel will also be deleted.-**false**: If the DPD function is disabled, the IPsec initiator does not send DPD detection packets.
         """
-        return pulumi.get(self, "internet_ip")
+        return pulumi.get(self, "enable_dpd")
 
     @property
-    @pulumi.getter(name="ipsecConfigs")
-    def ipsec_configs(self) -> Sequence['outputs.GetGatewayVpnAttachmentsAttachmentIpsecConfigResult']:
+    @pulumi.getter(name="enableNatTraversal")
+    def enable_nat_traversal(self) -> bool:
         """
-        The configuration of Phase 2 negotiations.
+        Whether the NAT crossing function is enabled for the tunnel. Value:-**true** (default): Enables the NAT Traversal function. When enabled, the IKE negotiation process deletes the verification process of the UDP port number and realizes the discovery function of the NAT gateway device in the tunnel.-**false**: does not enable the NAT Traversal function.
         """
-        return pulumi.get(self, "ipsec_configs")
+        return pulumi.get(self, "enable_nat_traversal")
 
     @property
-    @pulumi.getter(name="localSubnet")
-    def local_subnet(self) -> str:
+    @pulumi.getter(name="internetIp")
+    def internet_ip(self) -> str:
         """
-        The CIDR block of the virtual private cloud (VPC).
+        The local internet IP in Tunnel.
         """
-        return pulumi.get(self, "local_subnet")
+        return pulumi.get(self, "internet_ip")
 
     @property
-    @pulumi.getter(name="networkType")
-    def network_type(self) -> str:
+    @pulumi.getter
+    def role(self) -> str:
         """
-        The network type.
+        The role of Tunnel.
         """
-        return pulumi.get(self, "network_type")
+        return pulumi.get(self, "role")
 
     @property
-    @pulumi.getter(name="remoteSubnet")
-    def remote_subnet(self) -> str:
+    @pulumi.getter
+    def state(self) -> str:
         """
-        The CIDR block of the on-premises data center.
+        The state of Tunnel.
         """
-        return pulumi.get(self, "remote_subnet")
+        return pulumi.get(self, "state")
 
     @property
     @pulumi.getter
@@ -2713,163 +3708,133 @@ class GetGatewayVpnAttachmentsAttachmentResult(dict):
         return pulumi.get(self, "status")
 
     @property
-    @pulumi.getter(name="vpnAttachmentName")
-    def vpn_attachment_name(self) -> str:
+    @pulumi.getter(name="tunnelBgpConfig")
+    def tunnel_bgp_config(self) -> 'outputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfigResult':
         """
-        The name of the IPsec-VPN connection.
+        Add the BGP configuration for the tunnel.> After you enable the BGP function for IPsec connections (that is, specify **EnableTunnelsBgp** as **true**), you must configure this parameter.
         """
-        return pulumi.get(self, "vpn_attachment_name")
+        return pulumi.get(self, "tunnel_bgp_config")
 
     @property
-    @pulumi.getter(name="vpnConnectionId")
-    def vpn_connection_id(self) -> str:
-        """
-        The first ID of the resource.
-        """
-        return pulumi.get(self, "vpn_connection_id")
-
-
-@pulumi.output_type
-class GetGatewayVpnAttachmentsAttachmentBgpConfigResult(dict):
-    def __init__(__self__, *,
-                 local_asn: str,
-                 local_bgp_ip: str,
-                 status: str,
-                 tunnel_cidr: str):
+    @pulumi.getter(name="tunnelId")
+    def tunnel_id(self) -> str:
         """
-        :param str local_asn: The ASN on the Alibaba Cloud side.
-        :param str local_bgp_ip: The BGP IP address on the Alibaba Cloud side.
-        :param str status: The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
-        :param str tunnel_cidr: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
+        The tunnel ID of IPsec-VPN connection.
         """
-        pulumi.set(__self__, "local_asn", local_asn)
-        pulumi.set(__self__, "local_bgp_ip", local_bgp_ip)
-        pulumi.set(__self__, "status", status)
-        pulumi.set(__self__, "tunnel_cidr", tunnel_cidr)
+        return pulumi.get(self, "tunnel_id")
 
     @property
-    @pulumi.getter(name="localAsn")
-    def local_asn(self) -> str:
+    @pulumi.getter(name="tunnelIkeConfig")
+    def tunnel_ike_config(self) -> 'outputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfigResult':
         """
-        The ASN on the Alibaba Cloud side.
+        Configuration information for the first phase negotiation.
         """
-        return pulumi.get(self, "local_asn")
+        return pulumi.get(self, "tunnel_ike_config")
 
     @property
-    @pulumi.getter(name="localBgpIp")
-    def local_bgp_ip(self) -> str:
+    @pulumi.getter(name="tunnelIndex")
+    def tunnel_index(self) -> int:
         """
-        The BGP IP address on the Alibaba Cloud side.
+        The order in which the tunnel was created.-**1**: First tunnel.-**2**: The second tunnel.
         """
-        return pulumi.get(self, "local_bgp_ip")
+        return pulumi.get(self, "tunnel_index")
 
     @property
-    @pulumi.getter
-    def status(self) -> str:
+    @pulumi.getter(name="tunnelIpsecConfig")
+    def tunnel_ipsec_config(self) -> 'outputs.GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfigResult':
         """
-        The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
+        Configuration information for the second-stage negotiation.
         """
-        return pulumi.get(self, "status")
+        return pulumi.get(self, "tunnel_ipsec_config")
 
     @property
-    @pulumi.getter(name="tunnelCidr")
-    def tunnel_cidr(self) -> str:
+    @pulumi.getter(name="zoneNo")
+    def zone_no(self) -> str:
         """
-        The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
+        The zoneNo of tunnel.
         """
-        return pulumi.get(self, "tunnel_cidr")
+        return pulumi.get(self, "zone_no")
 
 
 @pulumi.output_type
-class GetGatewayVpnAttachmentsAttachmentHealthCheckConfigResult(dict):
+class GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelBgpConfigResult(dict):
     def __init__(__self__, *,
-                 dip: str,
-                 enable: bool,
-                 interval: int,
-                 policy: str,
-                 retry: int,
-                 sip: str,
-                 status: str):
-        """
-        :param str dip: The destination IP address.
-        :param bool enable: Specifies whether to enable health checks.
-        :param int interval: The interval between two consecutive health checks. Unit: seconds.
-        :param str policy: (Optional) Whether to revoke the published route when the health check fails.
-        :param int retry: The maximum number of health check retries.
-        :param str sip: The source IP address.
-        :param str status: The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
-        """
-        pulumi.set(__self__, "dip", dip)
-        pulumi.set(__self__, "enable", enable)
-        pulumi.set(__self__, "interval", interval)
-        pulumi.set(__self__, "policy", policy)
-        pulumi.set(__self__, "retry", retry)
-        pulumi.set(__self__, "sip", sip)
-        pulumi.set(__self__, "status", status)
-
-    @property
-    @pulumi.getter
-    def dip(self) -> str:
+                 bgp_status: str,
+                 local_asn: int,
+                 local_bgp_ip: str,
+                 peer_asn: str,
+                 peer_bgp_ip: str,
+                 tunnel_cidr: str):
         """
-        The destination IP address.
+        :param str bgp_status: BGP status.
+        :param int local_asn: The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is **1** to **4294967295**. Default value: **45104**.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
+        :param str local_bgp_ip: The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
+        :param str peer_asn: Peer asn.
+        :param str peer_bgp_ip: Peer bgp ip.
+        :param str tunnel_cidr: The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.
         """
-        return pulumi.get(self, "dip")
+        pulumi.set(__self__, "bgp_status", bgp_status)
+        pulumi.set(__self__, "local_asn", local_asn)
+        pulumi.set(__self__, "local_bgp_ip", local_bgp_ip)
+        pulumi.set(__self__, "peer_asn", peer_asn)
+        pulumi.set(__self__, "peer_bgp_ip", peer_bgp_ip)
+        pulumi.set(__self__, "tunnel_cidr", tunnel_cidr)
 
     @property
-    @pulumi.getter
-    def enable(self) -> bool:
+    @pulumi.getter(name="bgpStatus")
+    def bgp_status(self) -> str:
         """
-        Specifies whether to enable health checks.
+        BGP status.
         """
-        return pulumi.get(self, "enable")
+        return pulumi.get(self, "bgp_status")
 
     @property
-    @pulumi.getter
-    def interval(self) -> int:
+    @pulumi.getter(name="localAsn")
+    def local_asn(self) -> int:
         """
-        The interval between two consecutive health checks. Unit: seconds.
+        The number of the local (Alibaba Cloud) autonomous system of the tunnel. The value range of the autonomous system number is **1** to **4294967295**. Default value: **45104**.> We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. The private number range of the autonomous system number please consult the document yourself.
         """
-        return pulumi.get(self, "interval")
+        return pulumi.get(self, "local_asn")
 
     @property
-    @pulumi.getter
-    def policy(self) -> str:
+    @pulumi.getter(name="localBgpIp")
+    def local_bgp_ip(self) -> str:
         """
-        (Optional) Whether to revoke the published route when the health check fails.
+        The local BGP address of the tunnel (on the Alibaba Cloud side). This address is an IP address in the BGP network segment.
         """
-        return pulumi.get(self, "policy")
+        return pulumi.get(self, "local_bgp_ip")
 
     @property
-    @pulumi.getter
-    def retry(self) -> int:
+    @pulumi.getter(name="peerAsn")
+    def peer_asn(self) -> str:
         """
-        The maximum number of health check retries.
+        Peer asn.
         """
-        return pulumi.get(self, "retry")
+        return pulumi.get(self, "peer_asn")
 
     @property
-    @pulumi.getter
-    def sip(self) -> str:
+    @pulumi.getter(name="peerBgpIp")
+    def peer_bgp_ip(self) -> str:
         """
-        The source IP address.
+        Peer bgp ip.
         """
-        return pulumi.get(self, "sip")
+        return pulumi.get(self, "peer_bgp_ip")
 
     @property
-    @pulumi.getter
-    def status(self) -> str:
+    @pulumi.getter(name="tunnelCidr")
+    def tunnel_cidr(self) -> str:
         """
-        The status of the resource. Valid values: `init`, `active`, `attaching`, `attached`, `detaching`, `financialLocked`, `provisioning`, `updating`, `upgrading`, `deleted`.
+        The BGP network segment of the tunnel. The network segment must be a network segment with a mask length of 30 in 169.254.0.0/16, and cannot be 169.254.0.0/30, 169.254.1.0/30, 169.254.2.0/30, 169.254.3.0/30, 169.254.4.0/30, 169.254.5.0/30, 169.254.6.0/30, and 169.254.169.252/30.> the network segments of two tunnels under an IPsec connection cannot be the same.
         """
-        return pulumi.get(self, "status")
+        return pulumi.get(self, "tunnel_cidr")
 
 
 @pulumi.output_type
-class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
+class GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIkeConfigResult(dict):
     def __init__(__self__, *,
                  ike_auth_alg: str,
                  ike_enc_alg: str,
-                 ike_lifetime: str,
+                 ike_lifetime: int,
                  ike_mode: str,
                  ike_pfs: str,
                  ike_version: str,
@@ -2877,15 +3842,15 @@ class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
                  psk: str,
                  remote_id: str):
         """
-        :param str ike_auth_alg: The IKE authentication algorithm.
-        :param str ike_enc_alg: The IKE encryption algorithm.
-        :param str ike_lifetime: The IKE lifetime. Unit: seconds.
-        :param str ike_mode: The IKE negotiation mode.
-        :param str ike_pfs: The DH group.
-        :param str ike_version: The version of the IKE protocol.
-        :param str local_id: The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default. The cen.TransitRouterVpnAttachment resource will not have a value until after it is created.
-        :param str psk: The pre-shared key.
-        :param str remote_id: The identifier of the peer. The default value is the IP address of the VPN gateway. The value can be a fully qualified domain name (FQDN) or an IP address.
+        :param str ike_auth_alg: The authentication algorithm negotiated in the first stage. Values: **md5**, **sha1**, **sha256**, **sha384**, **sha512**. Default value: **sha1**.
+        :param str ike_enc_alg: The encryption algorithm negotiated in the first stage. Value: **aes**, **aes192**, **aes256**, **des**, or **3des**. Default value: **aes**.
+        :param int ike_lifetime: The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: **0** to **86400**. Default value: **86400**.
+        :param str ike_mode: IKE version of the negotiation mode. Value: **main** or **aggressive**. Default value: **main**.-**main**: main mode, high security during negotiation.-**aggressive**: Savage mode, fast negotiation and high negotiation success rate.
+        :param str ike_pfs: The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: **group2**.Values: **group1**, **group2**, **group5**, **group14**.
+        :param str ike_version: Version of the IKE protocol. Value: **ikev1** or **ikev2**. Default value: **ikev2**.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
+        :param str local_id: The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.**LocalId** supports the FQDN format. If you use the FQDN format, we recommend that you select **aggressive** (barbaric mode) as the negotiation mode.
+        :param str psk: The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! \\'@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
+        :param str remote_id: Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- **RemoteId** supports the FQDN format. If you use the FQDN format, we recommend that you select **aggressive** (barbaric mode) as the negotiation mode.
         """
         pulumi.set(__self__, "ike_auth_alg", ike_auth_alg)
         pulumi.set(__self__, "ike_enc_alg", ike_enc_alg)
@@ -2901,7 +3866,7 @@ class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
     @pulumi.getter(name="ikeAuthAlg")
     def ike_auth_alg(self) -> str:
         """
-        The IKE authentication algorithm.
+        The authentication algorithm negotiated in the first stage. Values: **md5**, **sha1**, **sha256**, **sha384**, **sha512**. Default value: **sha1**.
         """
         return pulumi.get(self, "ike_auth_alg")
 
@@ -2909,15 +3874,15 @@ class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
     @pulumi.getter(name="ikeEncAlg")
     def ike_enc_alg(self) -> str:
         """
-        The IKE encryption algorithm.
+        The encryption algorithm negotiated in the first stage. Value: **aes**, **aes192**, **aes256**, **des**, or **3des**. Default value: **aes**.
         """
         return pulumi.get(self, "ike_enc_alg")
 
     @property
     @pulumi.getter(name="ikeLifetime")
-    def ike_lifetime(self) -> str:
+    def ike_lifetime(self) -> int:
         """
-        The IKE lifetime. Unit: seconds.
+        The life cycle of SA negotiated in the first stage. Unit: seconds.Value range: **0** to **86400**. Default value: **86400**.
         """
         return pulumi.get(self, "ike_lifetime")
 
@@ -2925,7 +3890,7 @@ class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
     @pulumi.getter(name="ikeMode")
     def ike_mode(self) -> str:
         """
-        The IKE negotiation mode.
+        IKE version of the negotiation mode. Value: **main** or **aggressive**. Default value: **main**.-**main**: main mode, high security during negotiation.-**aggressive**: Savage mode, fast negotiation and high negotiation success rate.
         """
         return pulumi.get(self, "ike_mode")
 
@@ -2933,7 +3898,7 @@ class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
     @pulumi.getter(name="ikePfs")
     def ike_pfs(self) -> str:
         """
-        The DH group.
+        The first stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: **group2**.Values: **group1**, **group2**, **group5**, **group14**.
         """
         return pulumi.get(self, "ike_pfs")
 
@@ -2941,7 +3906,7 @@ class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
     @pulumi.getter(name="ikeVersion")
     def ike_version(self) -> str:
         """
-        The version of the IKE protocol.
+        Version of the IKE protocol. Value: **ikev1** or **ikev2**. Default value: **ikev2**.Compared with IKEv1, IKEv2 simplifies the SA negotiation process and provides better support for multiple network segments.
         """
         return pulumi.get(self, "ike_version")
 
@@ -2949,7 +3914,7 @@ class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
     @pulumi.getter(name="localId")
     def local_id(self) -> str:
         """
-        The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default. The cen.TransitRouterVpnAttachment resource will not have a value until after it is created.
+        The identifier of the local end of the tunnel (Alibaba Cloud side), which is used for the first phase of negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the tunnel.**LocalId** supports the FQDN format. If you use the FQDN format, we recommend that you select **aggressive** (barbaric mode) as the negotiation mode.
         """
         return pulumi.get(self, "local_id")
 
@@ -2957,7 +3922,7 @@ class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
     @pulumi.getter
     def psk(self) -> str:
         """
-        The pre-shared key.
+        The pre-shared key is used for identity authentication between the tunnel and the tunnel peer.-The key can be 1 to 100 characters in length. It supports numbers, upper and lower case English letters, and characters on the right. It cannot contain spaces. '''~! \\'@#$%^& *()_-+ ={}[]|;:',./? '''-If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key. > The pre-shared key of the tunnel and the tunnel peer must be the same, otherwise the system cannot establish the tunnel normally.
         """
         return pulumi.get(self, "psk")
 
@@ -2965,23 +3930,23 @@ class GetGatewayVpnAttachmentsAttachmentIkeConfigResult(dict):
     @pulumi.getter(name="remoteId")
     def remote_id(self) -> str:
         """
-        The identifier of the peer. The default value is the IP address of the VPN gateway. The value can be a fully qualified domain name (FQDN) or an IP address.
+        Identifier of the tunnel peer, which is used for the first-stage negotiation. The length is limited to 100 characters and cannot contain spaces. The default value is the IP address of the user gateway associated with the tunnel.- **RemoteId** supports the FQDN format. If you use the FQDN format, we recommend that you select **aggressive** (barbaric mode) as the negotiation mode.
         """
         return pulumi.get(self, "remote_id")
 
 
 @pulumi.output_type
-class GetGatewayVpnAttachmentsAttachmentIpsecConfigResult(dict):
+class GetGatewayVpnAttachmentsAttachmentTunnelOptionsSpecificationTunnelIpsecConfigResult(dict):
     def __init__(__self__, *,
                  ipsec_auth_alg: str,
                  ipsec_enc_alg: str,
-                 ipsec_lifetime: str,
+                 ipsec_lifetime: int,
                  ipsec_pfs: str):
         """
-        :param str ipsec_auth_alg: The IPsec authentication algorithm.
-        :param str ipsec_enc_alg: The IPsec encryption algorithm.
-        :param str ipsec_lifetime: The IPsec lifetime. Unit: seconds.
-        :param str ipsec_pfs: The DH group.
+        :param str ipsec_auth_alg: The second stage negotiated authentication algorithm.Values: **md5**, **sha1**, **sha256**, **sha384**, **sha512**. Default value: **sha1**.
+        :param str ipsec_enc_alg: The encryption algorithm negotiated in the second stage. Value: **aes**, **aes192**, **aes256**, **des**, or **3des**. Default value: **aes**.
+        :param int ipsec_lifetime: The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: **0** to **86400**. Default value: **86400**.
+        :param str ipsec_pfs: The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: **group2**.Values: **disabled**, **group1**, **group2**, **group5**, **group14**.
         """
         pulumi.set(__self__, "ipsec_auth_alg", ipsec_auth_alg)
         pulumi.set(__self__, "ipsec_enc_alg", ipsec_enc_alg)
@@ -2992,7 +3957,7 @@ class GetGatewayVpnAttachmentsAttachmentIpsecConfigResult(dict):
     @pulumi.getter(name="ipsecAuthAlg")
     def ipsec_auth_alg(self) -> str:
         """
-        The IPsec authentication algorithm.
+        The second stage negotiated authentication algorithm.Values: **md5**, **sha1**, **sha256**, **sha384**, **sha512**. Default value: **sha1**.
         """
         return pulumi.get(self, "ipsec_auth_alg")
 
@@ -3000,15 +3965,15 @@ class GetGatewayVpnAttachmentsAttachmentIpsecConfigResult(dict):
     @pulumi.getter(name="ipsecEncAlg")
     def ipsec_enc_alg(self) -> str:
         """
-        The IPsec encryption algorithm.
+        The encryption algorithm negotiated in the second stage. Value: **aes**, **aes192**, **aes256**, **des**, or **3des**. Default value: **aes**.
         """
         return pulumi.get(self, "ipsec_enc_alg")
 
     @property
     @pulumi.getter(name="ipsecLifetime")
-    def ipsec_lifetime(self) -> str:
+    def ipsec_lifetime(self) -> int:
         """
-        The IPsec lifetime. Unit: seconds.
+        The life cycle of SA negotiated in the second stage. Unit: seconds.Value range: **0** to **86400**. Default value: **86400**.
         """
         return pulumi.get(self, "ipsec_lifetime")
 
@@ -3016,7 +3981,7 @@ class GetGatewayVpnAttachmentsAttachmentIpsecConfigResult(dict):
     @pulumi.getter(name="ipsecPfs")
     def ipsec_pfs(self) -> str:
         """
-        The DH group.
+        The second stage negotiates the Diffie-Hellman key exchange algorithm used. Default value: **group2**.Values: **disabled**, **group1**, **group2**, **group5**, **group14**.
         """
         return pulumi.get(self, "ipsec_pfs")