Getting Information About Your VPN Connections

You can get information about one or more of your VPN connections.

By default, this action describes all your VPN connections.

Getting Information About Your VPN Connections Using Cockpit v2

See the VPN Connections dashboard.

Getting Information About Your VPN Connections Using OSC CLI

The ReadVpnConnections command lists one or more VPN connections.

Request sample

$ osc-cli api ReadVpnConnections --profile "default" \
    --Filters '{
        "VpnConnectionIds": ["vpn-12345678"]
      }'

Request sample

$ osc-cli api ReadVpnConnections --profile "default" \
    --Filters '{
        "ClientGatewayIds": ["cgw-12345678"],
        "VirtualGatewayIds": ["vgw-12345678", "vgw-87654321"]
      }'

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
Filters: (optional) One or more filters.
- BgpAsns: (optional) The Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs) of the connections.
- ClientGatewayIds: (optional) The IDs of the client gateways.
- ConnectionTypes: (optional) The types of the VPN connections (always ipsec.1).
- RouteDestinationIpRanges: (optional) The destination IP ranges.
- States: (optional) The states of the VPN connections (pending | available | deleting | deleted).
- StaticRoutesOnly: (optional) If false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If true, routing is controlled using static routes. For more information about how to create and delete static routes, see CreateVpnConnectionRoute and DeleteVpnConnectionRoute.
- TagKeys: (optional) The keys of the tags associated with the VPN connections.
- TagValues: (optional) The values of the tags associated with the VPN connections.
- Tags: (optional) The key/value combination of the tags associated with the VPN connections, in the following format: "Filters":{"Tags":["TAGKEY=TAGVALUE"]}.
- VirtualGatewayIds: (optional) The IDs of the virtual gateways.
- VpnConnectionIds: (optional) The IDs of the VPN connections.
NextPageToken: (optional) The token to request the next page of results. Each token refers to a specific page.
ResultsPerPage: (optional) The maximum number of logs returned in a single response (between 1 and 1000, both included). By default, 100.

The ReadVpnConnections command returns the following elements:

NextPageToken: The token to request the next page of results. Each token refers to a specific page.
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.
VpnConnections: Information about one or more VPN connections.
- ClientGatewayConfiguration: Example configuration for the client gateway.
- ClientGatewayId: The ID of the client gateway used on the client end of the connection.
- ConnectionType: The type of VPN connection (always ipsec.1).
- Routes: Information about one or more static routes associated with the VPN connection, if any.
  - DestinationIpRange: The IP range used for the destination match, in CIDR notation (for example, 10.0.0.0/24).
  - RouteType: The type of route (always static).
  - State: The current state of the static route (pending | available | deleting | deleted).
- State: The state of the VPN connection (pending | available | deleting | deleted).
- StaticRoutesOnly: If false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If true, routing is controlled using static routes. For more information about how to create and delete static routes, see CreateVpnConnectionRoute and DeleteVpnConnectionRoute.
- Tags: One or more tags associated with the VPN connection.
  - Key: The key of the tag, with a minimum of 1 character.
  - Value: The value of the tag, between 0 and 255 characters.
- VgwTelemetries: Information about the current state of one or more of the VPN tunnels.
  - AcceptedRouteCount: The number of routes accepted through BGP (Border Gateway Protocol) route exchanges.
  - LastStateChangeDate: The date and time (UTC) of the latest state update.
  - OutsideIpAddress: The IP on the OUTSCALE side of the tunnel.
  - State: The state of the IPSEC tunnel (UP | DOWN).
  - StateDescription: A description of the current state of the tunnel.
- VirtualGatewayId: The ID of the virtual gateway used on the OUTSCALE end of the connection.
- VpnConnectionId: The ID of the VPN connection.
- VpnOptions: Information about the VPN options.
  - Phase1Options: Information about Phase 1 of the Internet Key Exchange (IKE) negotiation. When Phase 1 finishes successfully, peers proceed to Phase 2 negotiations.
    
    DpdTimeoutAction: The action to carry out after a Dead Peer Detection (DPD) timeout occurs.
    
    DpdTimeoutSeconds: The maximum waiting time for a Dead Peer Detection (DPD) response before considering the peer as dead, in seconds.
    
    IkeVersions: The Internet Key Exchange (IKE) versions allowed for the VPN tunnel.
    
    Phase1DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 1.
    
    Phase1EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 1.
    
    Phase1IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 1.
    
    Phase1LifetimeSeconds: The lifetime for phase 1 of the IKE negotiation process, in seconds.
    
    ReplayWindowSize: The number of packets in an IKE replay window.
    
    StartupAction: The action to carry out when establishing tunnels for a VPN connection.
  - Phase2Options: Information about Phase 2 of the Internet Key Exchange (IKE) negotiation.
    
    Phase2DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 2.
    
    Phase2EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 2.
    
    Phase2IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 2.
    
    Phase2LifetimeSeconds: The lifetime for phase 2 of the Internet Key Exchange (IKE) negotiation process, in seconds.
    
    PreSharedKey: The pre-shared key to establish the initial authentication between the client gateway and the virtual gateway. This key can contain any character except line breaks and double quotes (").
  - TunnelInsideIpRange: The range of inside IPs for the tunnel. This must be a /30 CIDR block from the 169.254.254.0/24 range.

Result sample

{
  "VpnConnections": [
    {
      "Routes": [],
      "Tags": [],
      "ClientGatewayConfiguration": "...",
      "StaticRoutesOnly": true,
      "VirtualGatewayId": "vgw-12345678",
      "ConnectionType": "ipsec.1",
      "ClientGatewayId": "cgw-12345678",
      "State": "pending",
      "VgwTelemetries": [
        {
          "StateDescription": "IPSEC IS DOWN",
          "AcceptedRouteCount": 0,
          "LastStateChangeDate": "2017-05-10T12:34:56.789Z",
          "OutsideIpAddress": "192.0.2.0"
        }
      ],
      "VpnConnectionId": "vpn-12345678"
    }
  ],
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Getting Information About Your VPN Connections Using oapi-cli

The ReadVpnConnections command lists one or more VPN connections.

Request sample

$ oapi-cli --profile "default" ReadVpnConnections \
    --Filters '{
        "VpnConnectionIds": ["vpn-12345678"]
      }'

Request sample

$ oapi-cli --profile "default" ReadVpnConnections \
    --Filters '{
        "ClientGatewayIds": ["cgw-12345678"],
        "VirtualGatewayIds": ["vgw-12345678", "vgw-87654321"]
      }'

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
Filters: (optional) One or more filters.
- BgpAsns: (optional) The Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs) of the connections.
- ClientGatewayIds: (optional) The IDs of the client gateways.
- ConnectionTypes: (optional) The types of the VPN connections (always ipsec.1).
- RouteDestinationIpRanges: (optional) The destination IP ranges.
- States: (optional) The states of the VPN connections (pending | available | deleting | deleted).
- StaticRoutesOnly: (optional) If false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If true, routing is controlled using static routes. For more information about how to create and delete static routes, see CreateVpnConnectionRoute and DeleteVpnConnectionRoute.
- TagKeys: (optional) The keys of the tags associated with the VPN connections.
- TagValues: (optional) The values of the tags associated with the VPN connections.
- Tags: (optional) The key/value combination of the tags associated with the VPN connections, in the following format: "Filters":{"Tags":["TAGKEY=TAGVALUE"]}.
- VirtualGatewayIds: (optional) The IDs of the virtual gateways.
- VpnConnectionIds: (optional) The IDs of the VPN connections.
NextPageToken: (optional) The token to request the next page of results. Each token refers to a specific page.
ResultsPerPage: (optional) The maximum number of logs returned in a single response (between 1 and 1000, both included). By default, 100.

The ReadVpnConnections command returns the following elements:

NextPageToken: The token to request the next page of results. Each token refers to a specific page.
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.
VpnConnections: Information about one or more VPN connections.
- ClientGatewayConfiguration: Example configuration for the client gateway.
- ClientGatewayId: The ID of the client gateway used on the client end of the connection.
- ConnectionType: The type of VPN connection (always ipsec.1).
- Routes: Information about one or more static routes associated with the VPN connection, if any.
  - DestinationIpRange: The IP range used for the destination match, in CIDR notation (for example, 10.0.0.0/24).
  - RouteType: The type of route (always static).
  - State: The current state of the static route (pending | available | deleting | deleted).
- State: The state of the VPN connection (pending | available | deleting | deleted).
- StaticRoutesOnly: If false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If true, routing is controlled using static routes. For more information about how to create and delete static routes, see CreateVpnConnectionRoute and DeleteVpnConnectionRoute.
- Tags: One or more tags associated with the VPN connection.
  - Key: The key of the tag, with a minimum of 1 character.
  - Value: The value of the tag, between 0 and 255 characters.
- VgwTelemetries: Information about the current state of one or more of the VPN tunnels.
  - AcceptedRouteCount: The number of routes accepted through BGP (Border Gateway Protocol) route exchanges.
  - LastStateChangeDate: The date and time (UTC) of the latest state update.
  - OutsideIpAddress: The IP on the OUTSCALE side of the tunnel.
  - State: The state of the IPSEC tunnel (UP | DOWN).
  - StateDescription: A description of the current state of the tunnel.
- VirtualGatewayId: The ID of the virtual gateway used on the OUTSCALE end of the connection.
- VpnConnectionId: The ID of the VPN connection.
- VpnOptions: Information about the VPN options.
  - Phase1Options: Information about Phase 1 of the Internet Key Exchange (IKE) negotiation. When Phase 1 finishes successfully, peers proceed to Phase 2 negotiations.
    
    DpdTimeoutAction: The action to carry out after a Dead Peer Detection (DPD) timeout occurs.
    
    DpdTimeoutSeconds: The maximum waiting time for a Dead Peer Detection (DPD) response before considering the peer as dead, in seconds.
    
    IkeVersions: The Internet Key Exchange (IKE) versions allowed for the VPN tunnel.
    
    Phase1DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 1.
    
    Phase1EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 1.
    
    Phase1IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 1.
    
    Phase1LifetimeSeconds: The lifetime for phase 1 of the IKE negotiation process, in seconds.
    
    ReplayWindowSize: The number of packets in an IKE replay window.
    
    StartupAction: The action to carry out when establishing tunnels for a VPN connection.
  - Phase2Options: Information about Phase 2 of the Internet Key Exchange (IKE) negotiation.
    
    Phase2DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 2.
    
    Phase2EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 2.
    
    Phase2IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 2.
    
    Phase2LifetimeSeconds: The lifetime for phase 2 of the Internet Key Exchange (IKE) negotiation process, in seconds.
    
    PreSharedKey: The pre-shared key to establish the initial authentication between the client gateway and the virtual gateway. This key can contain any character except line breaks and double quotes (").
  - TunnelInsideIpRange: The range of inside IPs for the tunnel. This must be a /30 CIDR block from the 169.254.254.0/24 range.

Result sample

{
  "VpnConnections": [
    {
      "Routes": [],
      "Tags": [],
      "ClientGatewayConfiguration": "...",
      "StaticRoutesOnly": true,
      "VirtualGatewayId": "vgw-12345678",
      "ConnectionType": "ipsec.1",
      "ClientGatewayId": "cgw-12345678",
      "State": "pending",
      "VgwTelemetries": [
        {
          "StateDescription": "IPSEC IS DOWN",
          "AcceptedRouteCount": 0,
          "LastStateChangeDate": "2017-05-10T12:34:56.789Z",
          "OutsideIpAddress": "192.0.2.0"
        }
      ],
      "VpnConnectionId": "vpn-12345678"
    }
  ],
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Getting Information About Your VPN Connections Using AWS CLI

Before you begin: Install and configure AWS CLI. For more information, see Installing and Configuring AWS CLI.

To get information about one or more VPN connections, use the describe-vpn-connections command following this syntax:

Request sample

$ aws ec2 describe-vpn-connections \
    --profile YOUR_PROFILE \
    --filters Name=X,Values=Y \
    --endpoint https://fcu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

(optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
(optional) vpn-connection-ids: The ID of one or more VPN connections you want to get information about.

(optional) filters: One or more filters, in the "Name=X,Values=Y" format.

You can specify several values for a same filter using the "Name=X,Values=Y, Z" format.

The following filters are available:

customer-gateway-configuration: Example configuration for the customer gateway, in XML format. For more information, see Tutorial: Setting Up a VPN Connection.
customer-gateway-id: The ID of the Customer Gateway used in the VPN connection.
state: The state of the VPN connection (pending| available | deleting | deleted). For more information, see About VPN Connections.
option.static-routes-only: If true, the VPN connection uses static routes only. If false, it uses static and dynamic routes. For more information, see About VPN Connections.
route.destination-cidr-block: The destination range of the IPs of the route, in CIDR notation.
bgp-asn: The Border Gateway Protocol (BGP) Autonomous System Number (ASN) associated with the VPN connection.

tag-key: The key of a tag associated with the resource.
tag-value: The value of a tag associated with the resource.

tag:XXXX: The value of a tag associated with the resource, where XXXX is the key of the tag.

To filter a tag whose key is XXXX and value is YYYY, you can therefore use either of the following two formats:

--filters Name=tag-key,Values=XXXX Name=tag-value,Values=YYYY
--filters Name=tag:XXXX,Values=YYYY

type: The type of VPN connection (always Ipsec.1).
vpn-connection-id: The ID of the VPN connection.
vpn-gateway-id: The ID of the virtual private gateway used in the VPN connection.

endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The describe-vpn-connections command returns the following elements:

VpnConnections: Information about one or more VPN connections. This element contains the following information:
- VpnConnectionId: The ID of the VPN connection.
- Tags: One or more tags associated with the VPN connection. This element contains the following information:
  - Key: The key of the tag.
  - Value: The value of the tag.
- CustomerGatewayConfiguration: Example configuration for the customer gateway, in XML format. For more information, see Tutorial: Setting Up a VPN Connection.
- Routes: Information about the static routes of the VPN connection, if any. This element contains the following information:
  - DestinationCidrBlock: The destination range of the IPs of the route, in CIDR notation.
  - Source: The type of route (always static).
  - State: The state of the static route (pending | available | deleting | deleted).
- VgwTelemetry: Information about the state of the VPN tunnel. This element contains the following information:
  - Status: The state of the IPSEC tunnel (UP | DOWN). For more information, see About VPN Connections.
  - AcceptedRouteCount: The number of accepted routes through the Border Gateway Protocol (BGP) route exchanges.
  - OutsideIpAddress: The IP on the external interface of the virtual private gateway.
  - LastStatusChange: The date and time of the last state change of the IPSEC tunnel.
  - StatusMessage: A description of the current state of the tunnel.
- State: The state of the VPN connection (pending | available | deleting | deleted). For more information, see About VPN Connections.
- VpnGatewayId: The ID of the virtual private gateway.
- CustomerGatewayId: The ID of the customer gateway.
- Type: The type of VPN connection (always Ipsec.1).
- Options: Information about the routing options of the VPN connection. This element contains the following information:
  - StaticRoutesOnly: By default or if set to false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If set to true, it uses static routing. For more information, see About VPN Connections and Creating a VPN Connection Route.

Result sample

{
    "VpnConnections": [
        {
            "VpnConnectionId": "vpn-c750ea06",
            "Tags": [],
            "CustomerGatewayConfiguration": "...configuration information...",
            "Routes": [],
            "VgwTelemetry": [
                {
                    "Status": "DOWN",
                    "AcceptedRouteCount": 0,
                    "OutsideIpAddress": "171.33.67.245",
                    "LastStatusChange": "2017-02-01T14:08:51.649Z",
                    "StatusMessage": "IPSEC IS DOWN"
                }
            ],
            "State": "available",
            "VpnGatewayId": "vgw-00ac2c82",
            "CustomerGatewayId": "cgw-f491f6d9",
            "Type": "ipsec.1",
            "Options": {
                "StaticRoutesOnly": false
            }
        }
    ]
}

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.