虚拟专用网络 VPN-示例五:创建服务端:操作步骤

时间:2024-08-03 08:38:04

操作步骤

  1. 创建VPN服务端。
    1. 发送“POST https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers”,project_id为项目ID。{p2c_vgw_id}为已创建的终端入云VPN网关ID。
    2. 在Request Header中增加“X-Auth-Token”。
    3. 在Request Body中传入参数。

      证书认证方式传入参数如下:

      {
        "vpn_server": {
          "tunnel_protocol": "SSL",
          "client_cidr": "100.10.1.0/24",
          "local_subnets": [
            "192.168.0.0/24",
            "192.168.1.0/24"
          ],
          "client_auth_type": "CERT",
          "server_certificate": {
            "id": "scs1717051012106"
          },
          "client_ca_certificates": [
            {
              "content" : "-----BEGIN CERTIFICATE-----******-----END CERTIFICATE-----"
            }
          ],
          "ssl_options": {
            "protocol": "TCP",
            "port": 443,
            "encryption_algorithm": "AES-128-GCM",
            "is_compressed": false
          }
        }
      }

      口令认证方式传入参数如下:

      {
        "vpn_server": {
          "tunnel_protocol": "SSL",
          "client_cidr": "100.10.2.0/24",
          "local_subnets": [
            "192.168.0.0/24",
            "192.168.1.0/24"
          ],
          "client_auth_type": "LOCAL_PASSWORD",
          "server_certificate": {
            "id": "scs1717051012106"
          },
          "ssl_options": {
            "protocol": "TCP",
            "port": 443,
            "encryption_algorithm": "AES-128-GCM",
            "is_compressed": false
          }
        }
      }
    4. 查看请求响应结果。

      请求成功时,响应参数如下,id为创建的VPN服务端ID。

      {
          "vpn_server": {
              "id": "0e325fb6-83b9-4004-a343-8b6fc714a5d9"
          },
          "request_id": "bf23a5884def9be4576cff33e4dd78d5"
      }
  2. 查询VPN服务端
    1. 发送“GET https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers”,project_id为项目ID。{p2c_vgw_id}为已创建的终端入云VPN网关ID。
    2. 在Request Header中增加“X-Auth-Token”。
    3. 查看请求响应结果。

      服务端的status为“PENDING_CREATE”说明正在创建中,为"ACTIVE"说明创建完成。

      证书认证的服务端响应结果为:

      {
          "vpn_servers": [
              {
                  "id": "b26c9c74-5bb9-4df8-8b98-ecf2051e3482",
                  "p2c_vgw_id": "595210dc-7998-4ba3-aeb9-516fbcf7853c",
                  "client_cidr": "100.10.1.0/24",
                  "local_subnets": [
                      "192.168.0.0/24",
                      "192.168.1.0/24"
                  ],
                  "client_auth_type": "CERT",
                  "tunnel_protocol": "SSL",
                  "server_certificate": {
                      "id": "scs1717051012106",
                      "name": "test-05304",
                      "issuer": "C=CN,ST=beijing,L=haidian,O=lesaas,OU=root,CN=www.root.huawei.com",
                      "subject": "C=CN,ST=beijing,L=haidian,O=server,OU=server,CN=www.server.huawei.com",
                      "serial_number": "350612543125953290200975245211283057292471206725",
                      "expiration_time": "2024-06-29T06:39:46Z",
                      "signature_algorithm": "SHA256WITHRSA"
                  },
                  "client_ca_certificates": [
                      {
                          "id": "7e971612-f720-4d31-88b5-fc6280b88e36",
                          "name": "ca-cert-123e",
                          "issuer": "C=CN,ST=JS,L=NJ,O=NYS,OU=N10,CN=test.huawei.com",
                          "subject": "C=CN,ST=JS,L=NJ,O=NYS,OU=N10,CN=testCA.huawei.com",
                          "serial_number": "1591942200161",
                          "expiration_time": "2033-11-06T11:39:14Z",
                          "signature_algorithm": "SHA256WITHRSA",
                          "created_at": "2024-06-18T12:19:17.978Z",
                          "updated_at": "2024-06-18T12:19:17.978Z"
                      }
                  ],
                  "ssl_options": {
                      "protocol": "TCP",
                      "port": 443,
                      "encryption_algorithm": "AES-128-GCM",
                      "authentication_algorithm": "SHA256",
                      "is_compressed": false
                  },
                  "status": "ACTIVE",
                  "created_at": "2024-06-18T12:19:17.978Z",
                  "updated_at": "2024-06-18T12:19:17.978Z"
              }
          ],
          "request_id": "68188a14243b1b54d0b45a82d9123b98"
      }

      口令认证的服务端响应结果为:

      {
          "vpn_servers": [
              {
                  "id": "0e325fb6-83b9-4004-a343-8b6fc714a5d9",
                  "p2c_vgw_id": "dea8c4fb-be5c-4d50-be9a-f9a5f3a9afc6",
                  "client_cidr": "100.10.2.0/24",
                  "local_subnets": [
                      "192.168.0.0/24",
                      "192.168.1.0/24"
                  ],
                  "client_auth_type": "LOCAL_PASSWORD",
                  "tunnel_protocol": "SSL",
                  "server_certificate": {
                      "id": "scs1717051012106",
                      "name": "test-05304",
                      "issuer": "C=CN,ST=beijing,L=haidian,O=lesaas,OU=root,CN=www.root.huawei.com",
                      "subject": "C=CN,ST=beijing,L=haidian,O=server,OU=server,CN=www.server.huawei.com",
                      "serial_number": "350612543125953290200975245211283057292471206725",
                      "expiration_time": "2024-06-29T06:39:46Z",
                      "signature_algorithm": "SHA256WITHRSA"
                  },
                  "client_ca_certificates": [],
                  "ssl_options": {
                      "protocol": "TCP",
                      "port": 443,
                      "encryption_algorithm": "AES-128-GCM",
                      "authentication_algorithm": "SHA256",
                      "is_compressed": false
                  },
                  "status": "ACTIVE",
                  "created_at": "2024-06-18T12:21:54.889Z",
                  "updated_at": "2024-06-18T12:21:54.889Z"
              }
          ],
          "request_id": "f8e64d41466085f06383dc59ffb28230"
      }
support.huaweicloud.com/api-vpn/vpn_api_0111.html