ALIYUN::VPC::SslVpnServer

ALIYUN::VPC::SslVpnServer类型用于创建SSL-VPN服务端。

语法

{
  "Type": "ALIYUN::VPC::SslVpnServer",
  "Properties": {
    "Name": String,
    "Proto": String,
    "ClientIpPool": String,
    "Compress": Boolean,
    "LocalSubnet": String,
    "Cipher": String,
    "VpnGatewayId": String,
    "Port": Integer,
    "EnableMultiFactorAuth": Boolean,
    "IDaaSRegionId": String,
    "IDaaSInstanceId": String,
    "IDaaSApplicationId": String
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

Name

String

SSL-VPN服务端的名称。

长度为2~128个字符。必须以字母或中文开头,可包含数字、点号(.)、下划线(_)和短横线(-),但不能以http://或https://开头。

Proto

String

SSL-VPN服务端所使用的协议。

取值:UDP、TCP。默认值:UDP。

ClientIpPool

String

给客户端虚拟网卡分配访问地址的地址段(不是指客户端已有的内网网段)。

当客户端通过SSL-VPN连接访问本端时,VPN网关会从指定的客户端网段中分配一个IP地址给客户端使用。该网段不能与LocalSubnet地址段冲突。

Compress

Boolean

是否压缩。

无。

LocalSubnet

String

客户端通过SSL-VPN连接要访问的地址段。

本端网段可以是VPC的网段、交换机的网段、通过专线和VPC互连的IDC的网段,以及云服务如RDS、OSS等的网段。

Cipher

String

SSL-VPN使用的加密算法。

取值:AES-128-CBC、AES-192-CBC、AES-256-CBC、none。默认值:AES-128-CBC。

VpnGatewayId

String

VPN网关的ID。

无。

Port

Integer

SSL-VPN服务端所使用的端口。

默认值:1194。不能用使用以下端口:22、2222、22222、9000、9001、9002、7505、80、443、53、68、123、4510、4560、500、4500。

EnableMultiFactorAuth

Boolean

是否开启了双因子认证。

取值:

  • true:已开启。

  • false(默认值):未开启。

IDaaSRegionId

String

IDaaS EIAM 实例所属地域 ID。

IDaaSInstanceId

String

IDaaS EIAM 实例 ID。

IDaaSApplicationId

String

IDaaS 应用 ID。

返回值

Fn::GetAtt

SslVpnServerId:SSL-VPN服务端的ID。

示例

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "SslVpnServer": {
      "Type": "ALIYUN::VPC::SslVpnServer",
      "Properties": {
        "Name": {
          "Ref": "Name"
        },
        "Proto": {
          "Ref": "Proto"
        },
        "ClientIpPool": {
          "Ref": "ClientIpPool"
        },
        "Compress": {
          "Ref": "Compress"
        },
        "Port": {
          "Ref": "Port"
        },
        "Cipher": {
          "Ref": "Cipher"
        },
        "VpnGatewayId": {
          "Ref": "VpnGatewayId"
        },
        "LocalSubnet": {
          "Ref": "LocalSubnet"
        }
      }
    }
  },
  "Parameters": {
    "Name": {
      "MinLength": 2,
      "Type": "String",
      "Description": "The name of the SSL-VPN server. The length is 2-128 characters and must start with a letter or Chinese. It can contain numbers, periods (.), underscores (_), and dashes (-). But it can't start with http:// or https://.",
      "MaxLength": 128
    },
    "Proto": {
      "Default": "UDP",
      "Type": "String",
      "Description": "The protocol used by the SSL-VPN server. Allowed values: UDP (default) | TCP.",
      "AllowedValues": [
        "UDP",
        "TCP"
      ]
    },
    "ClientIpPool": {
      "Type": "String",
      "Description": "It is the address segment that assigns the access address to the client virtual NIC. It does not refer to the existing intranet segment of the client. When the client accesses the local end through an SSL-VPN connection, the VPN gateway allocates an IP address to the client from the specified client network segment. The network segment cannot conflict with the LocalSubnet address segment."
    },
    "Compress": {
      "Default": false,
      "Type": "Boolean",
      "Description": "Whether it is compressed.",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ]
    },
    "Port": {
      "Default": 1194,
      "Type": "Number",
      "Description": "The port used by the SSL-VPN server. The default value is 1194. Cannot use the following ports: 22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, 4500"
    },
    "Cipher": {
      "Default": "AES-128-CBC",
      "Type": "String",
      "Description": "The encryption algorithm used by SSL-VPN. Value: AES-128-CBC (default) | AES-192-CBC | AES-256-CBC | none",
      "AllowedValues": [
        "AES-128-CBC",
        "AES-192-CBC",
        "AES-256-CBC",
        "none"
      ]
    },
    "VpnGatewayId": {
      "Type": "String",
      "Description": "ID of the VPN gateway."
    },
    "LocalSubnet": {
      "Type": "String",
      "Description": "Is the address segment that the client wants to access through an SSL-VPN connection. The local network segment can be the network segment of the VPC, the network segment of the switch, the network segment of the IDC interconnected by the leased line and the VPC, and the network segment of the cloud service such as RDS/OSS."
    }
  },
  "Outputs": {
    "SslVpnServerId": {
      "Description": "ID of the SSL-VPN server.",
      "Value": {
        "Fn::GetAtt": [
          "SslVpnServer",
          "SslVpnServerId"
        ]
      }
    }
  }
}