| cgw_description | The description of the VPN customer gateway instance。 | string | false | |
| cgw_id | The customer gateway id used to connect with vpn gateway。 | string | false | |
| cgw_ip_address | The IP address of the customer gateway。 | string | false | |
| cgw_name | The name of the VPN customer gateway. Defaults to null。 | string | false | |
| ike_auth_alg | The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1. Default value: sha1。 | string | false |
| ike_enc_alg | The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des |
| ike_lifetime | The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400。 | number | false | |
| ike_local_id | The identification of the VPN gateway。 | string | false | |
| ike_mode | The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main。 | string | false |
| ike_pfs | The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 |
| ike_remote_id | The identification of the customer gateway。 | string | false | |
| ike_version | The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1。 | string | false |
| ipsec_auth_alg | The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1. Default value: sha1。 | string | false |
| ipsec_connection_name | The name of the IPsec connection。 | string | false | |
| ipsec_effect_immediately | Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false。 | bool | false | |
| ipsec_enc_alg | The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des |
| ipsec_lifetime | The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400。 | number | false | |
| ipsec_local_subnet | The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation。 | list(string) | false | |
| ipsec_pfs | The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 |
| ipsec_remote_subnet | The CIDR block of the local data center. This parameter is used for phase-two negotiation。 | list(string) | false | |
| psk | Used for authentication between the IPsec VPN gateway and the customer gateway。 | string | false | |
| region | (Deprecated from version 1.2.0) The region used to launch this module resources。 | string | false | |
| ssl_cipher | The encryption algorithm used by the SSL-VPN server. Valid value: AES-128-CBC (default) | AES-192-CBC | AES-256-CBC | none。 |
| ssl_client_cert_names | The names of the client certificates。 | list(string) | false | |
| ssl_client_ip_pool | The CIDR block from which access addresses are allocated to the virtual network interface card of the client。 | string | false | |
| ssl_compress | Specify whether to compress the communication. Valid value: true (default) | false。 | bool | false |
| ssl_local_subnet | The CIDR block to be accessed by the client through the SSL-VPN connection。 | string | false | |
| ssl_port | The port used by the SSL-VPN server. The default value is 1194.The following ports cannot be used: [22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, 4500]。 | number | false | |
| ssl_protocol | The protocol used by the SSL-VPN server. Valid value: UDP(default) | TCP。 | string | false |
| ssl_vpn_server_name | The name of the SSL-VPN server。 | string | false | |
| vpc_id | The VPN belongs the vpc_id, the field can't be changed。 | string | false | |
| vpn_bandwidth | The value should be 10, 100, 200, 500, 1000 if the user is postpaid, otherwise it can be 5, 10, 20, 50, 100, 200, 500, 1000。 | number | false | |
| vpn_charge_type | The charge type for instance. Valid value: PostPaid, PrePaid. Default to PostPaid。 | string | false | |
| vpn_description | The description of the VPN instance。 | string | false | |
| vpn_enable_ipsec | Enable or Disable IPSec VPN. At least one type of VPN should be enabled。 | bool | false | |
| vpn_enable_ssl | Enable or Disable SSL VPN. At least one type of VPN should be enabled。 | bool | false | |
| vpn_name | Name of the VPN gateway。 | string | false | |
| vpn_period | The filed is only required while the InstanceChargeType is prepaid。 | number | false | |
| vpn_ssl_connections | The max connections of SSL VPN. Default to 5. This field is ignored when enable_ssl is false。 | number | false | |
| writeConnectionSecretToRef | The secret which the cloud resource connection will be written to。 | writeConnectionSecretToRef | false | |