CreateVpnConnection
In this article:
CreateVpnConnection#
Description#
Creates a VPN connection between a VPN gateway and a customer VPN gateway.
A VPN gateway is created automatically for each virtual private cloud, and its ID can be checked using DescribeVpnGateways. For convenience, the ID of the VPN gateway is the same as the ID of the VPC, to which it belongs (vpc-ABCD1234/vgw-ABCD1234).
There can be only one VPN connection between a customer gateway and a VPC (VPN gateway). If you try to create a VPN connection again, the operation will complete successfully, but the existing VPN connection object will be returned.
A high-availability VPN connection is created by default. To create a non-HA VPN connection (i.e. with a single tunnel), explicitly set options for one tunnel only.
For more information see VPN connections section.
Request Parameters#
Required parameters#
CustomerGatewayId — The ID of the customer gateway.
Required: Yes
Type: String
Type — The type of VPN connection.
Required: Yes
Type: String
Valid values:
ipsec.1|ipsec.legacy
VpnGatewayId — The ID of the virtual private gateway.
Required: Yes
Type: String
Optional parameters#
Options — Additional options for the VPN connection.
Required: No
Type: VpnConnectionOptionsSpecification object
TagSpecification.N — The tags assigned to the resource when it is created.
Type: List of TagSpecification objects
Required: No
Response Elements#
requestId — The request ID.
Type: String
vpnConnection — Information about the VPN connection.
Type: List of VpnConnection objects
Examples#
c2-ec2 CreateVpnConnection \
CustomerGatewayId <customer_gateway_id> \
Type <type> \
VpnGatewayId <vpn_gateway_id>
Tags
c2-ec2 CreateVpnConnection \
CustomerGatewayId <customer_gateway_id> \
Type <vpn_type> VpnGatewayId <vpn_gateway_id> \
TagSpecification.0.ResourceType vpn-connection \
TagSpecification.0.Tag.0.Key "tag_key" \
TagSpecification.0.Tag.0.Value "tag_value"
Options
c2-ec2 CreateVpnConnection \
CustomerGatewayId <customer_gateway_id> \
Type <vpn_type> \
VpnGatewayId <vpn_gateway_id> \
Options.LocalIpv4NetworkCidr "0.0.0.0/0" \
Options.RemoteIpv4NetworkCidr "0.0.0.0/0"
Tunnel options (using the c2-ec2 utility)
c2-ec2 CreateVpnConnection \
CustomerGatewayId <customer_gateway_id> \
Type <vpn_type> \
VpnGatewayId <vpn_gateway_id> \
Options.TunnelOptions.0.PreSharedKey <pre_shared_key> \
Options.TunnelOptions.0.TunnelInsideCidr <tunnel_inside_cidr>
Options.TunnelOptions.1.IKEVersion.0.Value <ike_version>
c2-ec2 CreateVpnConnection \
CustomerGatewayId <customer_gateway_id> \
Type <vpn_type> \
VpnGatewayId <vpn_gateway_id> \
Options.TunnelOptions.0.PreSharedKey <pre_shared_key> \
Options.TunnelOptions.0.TunnelInsideCidr <tunnel_inside_cidr>
Options.TunnelOptions.0.IKEVersion.0.Value <ike_version> \
Options.TunnelOptions.0.Phase1DHGroupNumber.0.Value <p1_dh_group_number> \
Options.TunnelOptions.0.Phase1DHGroupNumber.1.Value <p1_dh_group_number> \
Options.TunnelOptions.0.Phase1DHGroupNumber.2.Value <p1_dh_group_number> \
Options.TunnelOptions.0.Phase1EncryptionAlgorithm.0.Value <p1_encryption_algorithm> \
Options.TunnelOptions.0.Phase1EncryptionAlgorithm.1.Value <p1_encryption_algorithm> \
Options.TunnelOptions.0.Phase1EncryptionAlgorithm.2.Value <p1_encryption_algorithm> \
Options.TunnelOptions.0.Phase1EncryptionAlgorithm.3.Value <p1_encryption_algorithm> \
Options.TunnelOptions.0.Phase1IntegrityAlgorithm.0.Value <p1_integrity_algorithm> \
Options.TunnelOptions.0.Phase1IntegrityAlgorithm.1.Value <p1_integrity_algorithm> \
Options.TunnelOptions.0.Phase1LifetimeSeconds <p1_lifetime> \
Options.TunnelOptions.0.Phase2DHGroupNumber.0.Value <p2_dh_group_number> \
Options.TunnelOptions.0.Phase2EncryptionAlgorithm.0.Value <p2_encryption_algorithm> \
Options.TunnelOptions.0.Phase2EncryptionAlgorithm.1.Value <p2_encryption_algorithm> \
Options.TunnelOptions.0.Phase2EncryptionAlgorithm.2.Value <p2_encryption_algorithm> \
Options.TunnelOptions.0.Phase2IntegrityAlgorithm.0.Value <p2_integrity_algorithm> \
Options.TunnelOptions.0.Phase2IntegrityAlgorithm.1.Value <p2_integrity_algorithm> \
Options.TunnelOptions.0.Phase2IntegrityAlgorithm.2.Value <p2_integrity_algorithm> \
Options.TunnelOptions.0.Phase2IntegrityAlgorithm.3.Value <p2_integrity_algorithm> \
Options.TunnelOptions.0.Phase2LifetimeSeconds <p2_lifetime>
Options.TunnelOptions.0.ReplayWindowSize <ike_replay_window_size>
Options.TunnelOptions.1.PreSharedKey <pre_shared_key> \
Options.TunnelOptions.1.TunnelInsideCidr <tunnel_inside_cidr>
Options.TunnelOptions.1.IKEVersion.0.Value <ike_version> \
Options.TunnelOptions.1.Phase1DHGroupNumber.0.Value <p1_dh_group_number> \
Options.TunnelOptions.1.Phase1DHGroupNumber.1.Value <p1_dh_group_number> \
Options.TunnelOptions.1.Phase1DHGroupNumber.2.Value <p1_dh_group_number> \
Options.TunnelOptions.1.Phase1EncryptionAlgorithm.0.Value <p1_encryption_algorithm> \
Options.TunnelOptions.1.Phase1EncryptionAlgorithm.1.Value <p1_encryption_algorithm> \
Options.TunnelOptions.1.Phase1EncryptionAlgorithm.2.Value <p1_encryption_algorithm> \
Options.TunnelOptions.1.Phase1EncryptionAlgorithm.3.Value <p1_encryption_algorithm> \
Options.TunnelOptions.1.Phase1IntegrityAlgorithm.0.Value <p1_integrity_algorithm> \
Options.TunnelOptions.1.Phase1IntegrityAlgorithm.1.Value <p1_integrity_algorithm> \
Options.TunnelOptions.1.Phase1LifetimeSeconds <p1_lifetime> \
Options.TunnelOptions.1.Phase2DHGroupNumber.0.Value <p2_dh_group_number> \
Options.TunnelOptions.1.Phase2EncryptionAlgorithm.0.Value <p2_encryption_algorithm> \
Options.TunnelOptions.1.Phase2EncryptionAlgorithm.1.Value <p2_encryption_algorithm> \
Options.TunnelOptions.1.Phase2EncryptionAlgorithm.2.Value <p2_encryption_algorithm> \
Options.TunnelOptions.1.Phase2IntegrityAlgorithm.0.Value <p2_integrity_algorithm> \
Options.TunnelOptions.1.Phase2IntegrityAlgorithm.1.Value <p2_integrity_algorithm> \
Options.TunnelOptions.1.Phase2IntegrityAlgorithm.2.Value <p2_integrity_algorithm> \
Options.TunnelOptions.1.Phase2IntegrityAlgorithm.3.Value <p2_integrity_algorithm> \
Options.TunnelOptions.1.Phase2LifetimeSeconds <p2_lifetime>
Options.TunnelOptions.1.ReplayWindowSize <ike_replay_window_size>
Tunnel options (using awscli)
aws <...> create-vpn-connection
--type <vpn_type>
--customer-gateway-id <cgw_id>
--vpn-gateway-id <vgw_id>
--options TunnelOptions='
[
{
PreSharedKey=<pre_shared_key>,
TunnelInsideCidr=<tunnel_inside_cidr>,
IKEVersions=[
{Value=<ike_version>}
],
ReplayWindowSize=<ike_replay_window_size>,
Phase1DHGroupNumbers=[
{Value=<p1_dh_group_num>},
{Value=<p1_dh_group_num>},
<...>
],
Phase1EncryptionAlgorithms=[
{Value=<p1_encryption_alg>},
{Value=<p1_encryption_alg>},
<...>
],
Phase1IntegrityAlgorithms=[
{Value=<p1_integrity_alg>},
{Value=<p1_integrity_alg>},
<...>
],
Phase1LifetimeSeconds=<p1_lifetime>,
Phase2DHGroupNumbers=[
{Value=<p2_dh_group_num>}
],
Phase2EncryptionAlgorithms=[
{Value=<p2_encryption_alg>},
{Value=<p2_encryption_alg>},
<...>
],
Phase2IntegrityAlgorithms=[
{Value=<p2_integrity_alg>},
{Value=<p2_integrity_alg>},
<...>
],
Phase2LifetimeSeconds=<p2_lifetime>
},
{
PreSharedKey=<pre_shared_key>,
TunnelInsideCidr=<tunnel_inside_cidr>,
IKEVersions=[
{Value=<ike_version>}
],
ReplayWindowSize=<ike_replay_window_size>,
Phase1DHGroupNumbers=[
{Value=<p1_dh_group_num>},
{Value=<p1_dh_group_num>},
<...>
],
Phase1EncryptionAlgorithms=[
{Value=<p1_encryption_alg>},
{Value=<p1_encryption_alg>},
<...>
],
Phase1IntegrityAlgorithms=[
{Value=<p1_integrity_alg>},
{Value=<p1_integrity_alg>},
<...>
],
Phase1LifetimeSeconds=<p1_lifetime>,
Phase2DHGroupNumbers=[
{Value=<p2_dh_group_num>}
],
Phase2EncryptionAlgorithms=[
{Value=<p2_encryption_alg>},
{Value=<p2_encryption_alg>},
<...>
],
Phase2IntegrityAlgorithms=[
{Value=<p2_integrity_alg>},
{Value=<p2_integrity_alg>},
<...>
],
Phase2LifetimeSeconds=<p2_lifetime>
}
]'