Obtenir des informations sur vos connexions VPN

Vous pouvez obtenir des informations sur une ou plusieurs de vos connexions VPN.

Par défaut, cette action décrit toutes vos connexions VPN.

Obtenir des informations sur vos connexions VPN avec Cockpit v2

Voir le dashboard VPN Connections.

Obtenir des informations sur vos connexions VPN avec OSC CLI

À ce jour, cette section est disponible en anglais uniquement.

The ReadVpnConnections command lists one or more VPN connections.

Request sample

$ osc-cli api ReadVpnConnections --profile "default" \
    --Filters '{
        "VpnConnectionIds": ["vpn-12345678"]
      }'

Request sample

$ osc-cli api ReadVpnConnections --profile "default" \
    --Filters '{
        "ClientGatewayIds": ["cgw-12345678"],
        "VirtualGatewayIds": ["vgw-12345678", "vgw-87654321"]
      }'

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
Filters: (optional) One or more filters.
- BgpAsns: (optional) The Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs) of the connections.
- ClientGatewayIds: (optional) The IDs of the client gateways.
- ConnectionTypes: (optional) The types of the VPN connections (always ipsec.1).
- RouteDestinationIpRanges: (optional) The destination IP ranges.
- States: (optional) The states of the VPN connections (pending | available | deleting | deleted).
- StaticRoutesOnly: (optional) If false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If true, routing is controlled using static routes. For more information about how to create and delete static routes, see CreateVpnConnectionRoute and DeleteVpnConnectionRoute.
- TagKeys: (optional) The keys of the tags associated with the VPN connections.
- TagValues: (optional) The values of the tags associated with the VPN connections.
- Tags: (optional) The key/value combination of the tags associated with the VPN connections, in the following format: "Filters":{"Tags":["TAGKEY=TAGVALUE"]}.
- VirtualGatewayIds: (optional) The IDs of the virtual gateways.
- VpnConnectionIds: (optional) The IDs of the VPN connections.
NextPageToken: (optional) The token to request the next page of results. Each token refers to a specific page.
ResultsPerPage: (optional) The maximum number of logs returned in a single response (between 1 and 1000, both included).

The ReadVpnConnections command returns the following elements:

NextPageToken: The token to request the next page of results. Each token refers to a specific page.
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.
VpnConnections: Information about one or more VPN connections.
- ClientGatewayConfiguration: Example configuration for the client gateway.
- ClientGatewayId: The ID of the client gateway used on the client end of the connection.
- ConnectionType: The type of VPN connection (always ipsec.1).
- Routes: Information about one or more static routes associated with the VPN connection, if any.
  - DestinationIpRange: The IP range used for the destination match, in CIDR notation (for example, 10.0.0.0/24).
  - RouteType: The type of route (always static).
  - State: The current state of the static route (pending | available | deleting | deleted).
- State: The state of the VPN connection (pending | available | deleting | deleted).
- StaticRoutesOnly: If false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If true, routing is controlled using static routes. For more information about how to create and delete static routes, see CreateVpnConnectionRoute and DeleteVpnConnectionRoute.
- Tags: One or more tags associated with the VPN connection.
  - Key: The key of the tag, with a minimum of 1 character.
  - Value: The value of the tag, between 0 and 255 characters.
- VgwTelemetries: Information about the current state of one or more of the VPN tunnels.
  - AcceptedRouteCount: The number of routes accepted through BGP (Border Gateway Protocol) route exchanges.
  - LastStateChangeDate: The date and time (UTC) of the latest state update.
  - OutsideIpAddress: The IP on the OUTSCALE side of the tunnel.
  - State: The state of the IPSEC tunnel (UP | DOWN).
  - StateDescription: A description of the current state of the tunnel.
- VirtualGatewayId: The ID of the virtual gateway used on the OUTSCALE end of the connection.
- VpnConnectionId: The ID of the VPN connection.
- VpnOptions: Information about the VPN options.
  - Phase1Options: Information about Phase 1 of the Internet Key Exchange (IKE) negotiation. When Phase 1 finishes successfully, peers proceed to Phase 2 negotiations.
    
    DpdTimeoutAction: The action to carry out after a Dead Peer Detection (DPD) timeout occurs.
    
    DpdTimeoutSeconds: The maximum waiting time for a Dead Peer Detection (DPD) response before considering the peer as dead, in seconds.
    
    IkeVersions: The Internet Key Exchange (IKE) versions allowed for the VPN tunnel.
    
    Phase1DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 1.
    
    Phase1EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 1.
    
    Phase1IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 1.
    
    Phase1LifetimeSeconds: The lifetime for phase 1 of the IKE negotiation process, in seconds.
    
    ReplayWindowSize: The number of packets in an IKE replay window.
    
    StartupAction: The action to carry out when establishing tunnels for a VPN connection.
  - Phase2Options: Information about Phase 2 of the Internet Key Exchange (IKE) negotiation.
    
    Phase2DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 2.
    
    Phase2EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 2.
    
    Phase2IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 2.
    
    Phase2LifetimeSeconds: The lifetime for phase 2 of the Internet Key Exchange (IKE) negotiation process, in seconds.
    
    PreSharedKey: The pre-shared key to establish the initial authentication between the client gateway and the virtual gateway. This key can contain any character except line breaks and double quotes (").
  - TunnelInsideIpRange: The range of inside IPs for the tunnel. This must be a /30 CIDR block from the 169.254.254.0/24 range.

Result sample

{
  "VpnConnections": [
    {
      "Routes": [],
      "Tags": [],
      "ClientGatewayConfiguration": "...",
      "StaticRoutesOnly": true,
      "VirtualGatewayId": "vgw-12345678",
      "ConnectionType": "ipsec.1",
      "ClientGatewayId": "cgw-12345678",
      "State": "pending",
      "VgwTelemetries": [
        {
          "StateDescription": "IPSEC IS DOWN",
          "AcceptedRouteCount": 0,
          "LastStateChangeDate": "2017-05-10T12:34:56.789Z",
          "OutsideIpAddress": "192.0.2.0"
        }
      ],
      "VpnConnectionId": "vpn-12345678"
    }
  ],
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Obtenir des informations sur vos connexions VPN avec oapi-cli

À ce jour, cette section est disponible en anglais uniquement.

The ReadVpnConnections command lists one or more VPN connections.

Request sample

$ oapi-cli --profile "default" ReadVpnConnections \
    --Filters '{
        "VpnConnectionIds": ["vpn-12345678"]
      }'

Request sample

$ oapi-cli --profile "default" ReadVpnConnections \
    --Filters '{
        "ClientGatewayIds": ["cgw-12345678"],
        "VirtualGatewayIds": ["vgw-12345678", "vgw-87654321"]
      }'

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
Filters: (optional) One or more filters.
- BgpAsns: (optional) The Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs) of the connections.
- ClientGatewayIds: (optional) The IDs of the client gateways.
- ConnectionTypes: (optional) The types of the VPN connections (always ipsec.1).
- RouteDestinationIpRanges: (optional) The destination IP ranges.
- States: (optional) The states of the VPN connections (pending | available | deleting | deleted).
- StaticRoutesOnly: (optional) If false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If true, routing is controlled using static routes. For more information about how to create and delete static routes, see CreateVpnConnectionRoute and DeleteVpnConnectionRoute.
- TagKeys: (optional) The keys of the tags associated with the VPN connections.
- TagValues: (optional) The values of the tags associated with the VPN connections.
- Tags: (optional) The key/value combination of the tags associated with the VPN connections, in the following format: "Filters":{"Tags":["TAGKEY=TAGVALUE"]}.
- VirtualGatewayIds: (optional) The IDs of the virtual gateways.
- VpnConnectionIds: (optional) The IDs of the VPN connections.
NextPageToken: (optional) The token to request the next page of results. Each token refers to a specific page.
ResultsPerPage: (optional) The maximum number of logs returned in a single response (between 1 and 1000, both included).

The ReadVpnConnections command returns the following elements:

NextPageToken: The token to request the next page of results. Each token refers to a specific page.
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.
VpnConnections: Information about one or more VPN connections.
- ClientGatewayConfiguration: Example configuration for the client gateway.
- ClientGatewayId: The ID of the client gateway used on the client end of the connection.
- ConnectionType: The type of VPN connection (always ipsec.1).
- Routes: Information about one or more static routes associated with the VPN connection, if any.
  - DestinationIpRange: The IP range used for the destination match, in CIDR notation (for example, 10.0.0.0/24).
  - RouteType: The type of route (always static).
  - State: The current state of the static route (pending | available | deleting | deleted).
- State: The state of the VPN connection (pending | available | deleting | deleted).
- StaticRoutesOnly: If false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If true, routing is controlled using static routes. For more information about how to create and delete static routes, see CreateVpnConnectionRoute and DeleteVpnConnectionRoute.
- Tags: One or more tags associated with the VPN connection.
  - Key: The key of the tag, with a minimum of 1 character.
  - Value: The value of the tag, between 0 and 255 characters.
- VgwTelemetries: Information about the current state of one or more of the VPN tunnels.
  - AcceptedRouteCount: The number of routes accepted through BGP (Border Gateway Protocol) route exchanges.
  - LastStateChangeDate: The date and time (UTC) of the latest state update.
  - OutsideIpAddress: The IP on the OUTSCALE side of the tunnel.
  - State: The state of the IPSEC tunnel (UP | DOWN).
  - StateDescription: A description of the current state of the tunnel.
- VirtualGatewayId: The ID of the virtual gateway used on the OUTSCALE end of the connection.
- VpnConnectionId: The ID of the VPN connection.
- VpnOptions: Information about the VPN options.
  - Phase1Options: Information about Phase 1 of the Internet Key Exchange (IKE) negotiation. When Phase 1 finishes successfully, peers proceed to Phase 2 negotiations.
    
    DpdTimeoutAction: The action to carry out after a Dead Peer Detection (DPD) timeout occurs.
    
    DpdTimeoutSeconds: The maximum waiting time for a Dead Peer Detection (DPD) response before considering the peer as dead, in seconds.
    
    IkeVersions: The Internet Key Exchange (IKE) versions allowed for the VPN tunnel.
    
    Phase1DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 1.
    
    Phase1EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 1.
    
    Phase1IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 1.
    
    Phase1LifetimeSeconds: The lifetime for phase 1 of the IKE negotiation process, in seconds.
    
    ReplayWindowSize: The number of packets in an IKE replay window.
    
    StartupAction: The action to carry out when establishing tunnels for a VPN connection.
  - Phase2Options: Information about Phase 2 of the Internet Key Exchange (IKE) negotiation.
    
    Phase2DhGroupNumbers: The Diffie-Hellman (DH) group numbers allowed for the VPN tunnel for phase 2.
    
    Phase2EncryptionAlgorithms: The encryption algorithms allowed for the VPN tunnel for phase 2.
    
    Phase2IntegrityAlgorithms: The integrity algorithms allowed for the VPN tunnel for phase 2.
    
    Phase2LifetimeSeconds: The lifetime for phase 2 of the Internet Key Exchange (IKE) negotiation process, in seconds.
    
    PreSharedKey: The pre-shared key to establish the initial authentication between the client gateway and the virtual gateway. This key can contain any character except line breaks and double quotes (").
  - TunnelInsideIpRange: The range of inside IPs for the tunnel. This must be a /30 CIDR block from the 169.254.254.0/24 range.

Result sample

{
  "VpnConnections": [
    {
      "Routes": [],
      "Tags": [],
      "ClientGatewayConfiguration": "...",
      "StaticRoutesOnly": true,
      "VirtualGatewayId": "vgw-12345678",
      "ConnectionType": "ipsec.1",
      "ClientGatewayId": "cgw-12345678",
      "State": "pending",
      "VgwTelemetries": [
        {
          "StateDescription": "IPSEC IS DOWN",
          "AcceptedRouteCount": 0,
          "LastStateChangeDate": "2017-05-10T12:34:56.789Z",
          "OutsideIpAddress": "192.0.2.0"
        }
      ],
      "VpnConnectionId": "vpn-12345678"
    }
  ],
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Obtenir des informations sur vos connexions VPN avec AWS CLI

Avant de commencer : Installez et configurez AWS CLI. Pour en savoir plus, voir Installer et configurer AWS CLI.

Pour obtenir des informations sur une ou plusieurs connexions VPN, utilisez la méthode describe-vpn-connections en suivant cette syntaxe :

Exemple de requête

$ aws ec2 describe-vpn-connections \
    --profile YOUR_PROFILE \
    --filters Name=X,Values=Y \
    --endpoint https://fcu.eu-west-2.outscale.com

Cette commande contient les options suivantes que vous devez spécifier :

(optionnel) profile : Le profil nommé que vous voulez utiliser, créé pendant la configuration d’AWS CLI. Pour en savoir plus, voir Installer et configurer AWS CLI.
(optionnel) vpn-connection-ids : L’ID d’une ou plusieurs connexion VPN sur lesquelles vous voulez obtenir des informations.

(optionnel) filters : Un ou plusieurs filtres, au format "Name=X,Values=Y".

Vous pouvez spécifier plusieurs valeurs pour un même filtre en utilisant le format "Name=X,Values=Y, Z".

Les filtres suivants sont disponibles :

customer-gateway-configuration : Exemple de configuration pour la customer gateway, au format XML. Pour en savoir plus, voir Tutoriel : Mettre en place une connexion VPN.
customer-gateway-id : L’ID de la customer gateway utilisée pour la connexion VPN.
state : L’état de la connexion VPN (pending| available | deleting | deleted). Pour en savoir plus, voir À propos des connexions VPN.
option.static-routes-only : Si true, la connexion VPN utilise des routes statiques uniquement. Si false, elle utilise des routes statiques et dynamiques. Pour en savoir plus, voir À propos des connexions VPN.
route.destination-cidr-block : La plage d’IP de destination de la route, en notation CIDR.
bgp-asn : Le Border Gateway Protocol (BGP) Autonomous System Number (ASN) associé à la connexion VPN.

tag-key : La clé d’un tag associé à la ressource.
tag-value : La valeur d’un tag associé à la ressource.

tag:XXXX : La valeur d’un tag associé à la ressource, où XXXX est la clé du tag.

Pour filtrer un tag dont la clé est XXXX et la valeur est YYYY, vous pouvez donc utiliser un des deux formats suivants :

--filters Name=tag-key,Values=XXXX Name=tag-value,Values=YYYY
--filters Name=tag:XXXX,Values=YYYY

type : Le type de connexion VPN (toujours Ipsec.1).
vpn-connection-id : L’ID de la connexion VPN.
vpn-gateway-id : L’ID de la virtual private gateway utilisée pour la connexion VPN.

endpoint : Le endpoint correspondant à la Région à laquelle vous voulez envoyer la requête. Pour en savoir plus, voir Installer et configurer AWS CLI.

La commande describe-vpn-connections renvoie les éléments suivants :

VpnConnections : Informations à propos d’une ou plusieurs connexions VPN. Cet élément contient les informations suivantes :
- VpnConnectionId : L’ID de la connexion VPN.
- Tags : Un ou plusieurs tags associés à la connexion VPN. Cet élément contient les informations suivantes :
  - Key : La clé du tag.
  - Value : La valeur du tag.
- CustomerGatewayConfiguration : Exemple de configuration pour la customer gateway, au format XML. Pour en savoir plus, voir Tutoriel : Mettre en place une connexion VPN.
- Routes : Informations à propos des routes statiques de la connexion VPN, le cas échéant. Cet élément contient les informations suivantes :
  - DestinationCidrBlock : La plage d’IP de destination de la route, en notation CIDR.
  - Source : Le type de route (toujours static).
  - State : L’état de la route statique (pending | available | deleting | deleted).
- VgwTelemetry : Informations à propos de l’état du tunnel VPN. Cet élément contient les informations suivantes :
  - Status : L’état du tunnel VPN (UP | DOWN). Pour en savoir plus, voir À propos des connexions VPN.
  - AcceptedRouteCount : Le nombre de routes acceptées dans les échanges par le Border Gateway Protocol (BGP).
  - OutsideIpAddress : L’IP de la face externe de la virtual private gateway.
  - LastStatusChange : la date et l’heure du dernier changement d’état du tunnel VPN.
  - StatusMessage : Une description de l’état actuel du tunnel.
- State : L’état de la connexion VPN (pending | available | deleting | deleted). Pour en savoir plus, voir À propos des connexions VPN.
- VpnGatewayId : L’ID de la virtual private gateway.
- CustomerGatewayId : L’ID de la customer gateway.
- Type : Le type de connexion VPN (toujours Ipsec.1).
- Options : Informations à propos du routage de la connexion VPN. Cet élément contient les informations suivantes :
  - StaticRoutesOnly : Par défaut ou si paramétré sur false, la connexion VPN utilise le routage dynamique avec Border Gateway Protocol (BGP). Si paramétré sur true, elle utilise le routage statique. Pour en savoir plus, voir À propos des connexions VPN et Créer une route pour une connexion VPN.

Exemple de résultat

 {
    "VpnConnections": [
        {
            "VpnConnectionId": "vpn-c750ea06",
            "Tags": [],
            "CustomerGatewayConfiguration": "...configuration information...",
            "Routes": [],
            "VgwTelemetry": [
                {
                    "Status": "DOWN",
                    "AcceptedRouteCount": 0,
                    "OutsideIpAddress": "171.33.67.245",
                    "LastStatusChange": "2017-02-01T14:08:51.649Z",
                    "StatusMessage": "IPSEC IS DOWN"
                }
            ],
            "State": "available",
            "VpnGatewayId": "vgw-00ac2c82",
            "CustomerGatewayId": "cgw-f491f6d9",
            "Type": "ipsec.1",
            "Options": {
                "StaticRoutesOnly": false
            }
        }
    ]
}

Pages connexes

Méthodes API correspondantes

AWS™ et Amazon Web Services™ sont des marques de commerce d'Amazon Technologies, Inc. ou de ses affiliées aux États-Unis et/ou dans les autres pays.