Package software.amazon.awssdk.services.ec2.model

Class ModifyVpnTunnelOptionsSpecification

    • Method Detail

      • tunnelInsideCidr

        public final String tunnelInsideCidr()

        The range of inside IPv4 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway.

        Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:

        • 169.254.0.0/30

        • 169.254.1.0/30

        • 169.254.2.0/30

        • 169.254.3.0/30

        • 169.254.4.0/30

        • 169.254.5.0/30

        • 169.254.169.252/30

        Returns:
        The range of inside IPv4 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway.

        Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:

        • 169.254.0.0/30

        • 169.254.1.0/30

        • 169.254.2.0/30

        • 169.254.3.0/30

        • 169.254.4.0/30

        • 169.254.5.0/30

        • 169.254.169.252/30

      • tunnelInsideIpv6Cidr

        public final String tunnelInsideIpv6Cidr()

        The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway.

        Constraints: A size /126 CIDR block from the local fd00::/8 range.

        Returns:
        The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway.

        Constraints: A size /126 CIDR block from the local fd00::/8 range.

      • preSharedKey

        public final String preSharedKey()

        The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway.

        Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).

        Returns:
        The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway.

        Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).

      • phase1LifetimeSeconds

        public final Integer phase1LifetimeSeconds()

        The lifetime for phase 1 of the IKE negotiation, in seconds.

        Constraints: A value between 900 and 28,800.

        Default: 28800

        Returns:
        The lifetime for phase 1 of the IKE negotiation, in seconds.

        Constraints: A value between 900 and 28,800.

        Default: 28800

      • phase2LifetimeSeconds

        public final Integer phase2LifetimeSeconds()

        The lifetime for phase 2 of the IKE negotiation, in seconds.

        Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds.

        Default: 3600

        Returns:
        The lifetime for phase 2 of the IKE negotiation, in seconds.

        Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds.

        Default: 3600

      • rekeyMarginTimeSeconds

        public final Integer rekeyMarginTimeSeconds()

        The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage.

        Constraints: A value between 60 and half of Phase2LifetimeSeconds.

        Default: 270

        Returns:
        The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage.

        Constraints: A value between 60 and half of Phase2LifetimeSeconds.

        Default: 270

      • rekeyFuzzPercentage

        public final Integer rekeyFuzzPercentage()

        The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected.

        Constraints: A value between 0 and 100.

        Default: 100

        Returns:
        The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected.

        Constraints: A value between 0 and 100.

        Default: 100

      • replayWindowSize

        public final Integer replayWindowSize()

        The number of packets in an IKE replay window.

        Constraints: A value between 64 and 2048.

        Default: 1024

        Returns:
        The number of packets in an IKE replay window.

        Constraints: A value between 64 and 2048.

        Default: 1024

      • dpdTimeoutSeconds

        public final Integer dpdTimeoutSeconds()

        The number of seconds after which a DPD timeout occurs. A DPD timeout of 40 seconds means that the VPN endpoint will consider the peer dead 30 seconds after the first failed keep-alive.

        Constraints: A value greater than or equal to 30.

        Default: 40

        Returns:
        The number of seconds after which a DPD timeout occurs. A DPD timeout of 40 seconds means that the VPN endpoint will consider the peer dead 30 seconds after the first failed keep-alive.

        Constraints: A value greater than or equal to 30.

        Default: 40

      • dpdTimeoutAction

        public final String dpdTimeoutAction()

        The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session.

        Valid Values: clear | none | restart

        Default: clear

        Returns:
        The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session.

        Valid Values: clear | none | restart

        Default: clear

      • hasPhase1EncryptionAlgorithms

        public final boolean hasPhase1EncryptionAlgorithms()
        For responses, this returns true if the service returned a value for the Phase1EncryptionAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • phase1EncryptionAlgorithms

        public final List<Phase1EncryptionAlgorithmsRequestListValue> phase1EncryptionAlgorithms()

        One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

        Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasPhase1EncryptionAlgorithms() method.

        Returns:
        One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

        Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

      • hasPhase2EncryptionAlgorithms

        public final boolean hasPhase2EncryptionAlgorithms()
        For responses, this returns true if the service returned a value for the Phase2EncryptionAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • phase2EncryptionAlgorithms

        public final List<Phase2EncryptionAlgorithmsRequestListValue> phase2EncryptionAlgorithms()

        One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

        Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasPhase2EncryptionAlgorithms() method.

        Returns:
        One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

        Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

      • hasPhase1IntegrityAlgorithms

        public final boolean hasPhase1IntegrityAlgorithms()
        For responses, this returns true if the service returned a value for the Phase1IntegrityAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • phase1IntegrityAlgorithms

        public final List<Phase1IntegrityAlgorithmsRequestListValue> phase1IntegrityAlgorithms()

        One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

        Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasPhase1IntegrityAlgorithms() method.

        Returns:
        One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

        Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

      • hasPhase2IntegrityAlgorithms

        public final boolean hasPhase2IntegrityAlgorithms()
        For responses, this returns true if the service returned a value for the Phase2IntegrityAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • phase2IntegrityAlgorithms

        public final List<Phase2IntegrityAlgorithmsRequestListValue> phase2IntegrityAlgorithms()

        One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

        Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasPhase2IntegrityAlgorithms() method.

        Returns:
        One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

        Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

      • hasPhase1DHGroupNumbers

        public final boolean hasPhase1DHGroupNumbers()
        For responses, this returns true if the service returned a value for the Phase1DHGroupNumbers property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • phase1DHGroupNumbers

        public final List<Phase1DHGroupNumbersRequestListValue> phase1DHGroupNumbers()

        One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.

        Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasPhase1DHGroupNumbers() method.

        Returns:
        One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.

        Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

      • hasPhase2DHGroupNumbers

        public final boolean hasPhase2DHGroupNumbers()
        For responses, this returns true if the service returned a value for the Phase2DHGroupNumbers property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • phase2DHGroupNumbers

        public final List<Phase2DHGroupNumbersRequestListValue> phase2DHGroupNumbers()

        One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.

        Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasPhase2DHGroupNumbers() method.

        Returns:
        One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.

        Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

      • hasIkeVersions

        public final boolean hasIkeVersions()
        For responses, this returns true if the service returned a value for the IKEVersions property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • ikeVersions

        public final List<IKEVersionsRequestListValue> ikeVersions()

        The IKE versions that are permitted for the VPN tunnel.

        Valid values: ikev1 | ikev2

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasIkeVersions() method.

        Returns:
        The IKE versions that are permitted for the VPN tunnel.

        Valid values: ikev1 | ikev2

      • startupAction

        public final String startupAction()

        The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for Amazon Web Services to initiate the IKE negotiation.

        Valid Values: add | start

        Default: add

        Returns:
        The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for Amazon Web Services to initiate the IKE negotiation.

        Valid Values: add | start

        Default: add

      • logOptions

        public final VpnTunnelLogOptionsSpecification logOptions()

        Options for logging VPN tunnel activity.

        Returns:
        Options for logging VPN tunnel activity.

      • enableTunnelLifecycleControl

        public final Boolean enableTunnelLifecycleControl()

        Turn on or off tunnel endpoint lifecycle control feature.

        Returns:
        Turn on or off tunnel endpoint lifecycle control feature.

      • hashCode

        public final int hashCode()
        Overrides:
        hashCode in class Object

      • equals

        public final boolean equals​(Object obj)
        Overrides:
        equals in class Object

      • toString

        public final String toString()
        Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
        Overrides:
        toString in class Object

      • getValueForField

        public final <T> Optional<T> getValueForField​(String fieldName,
                                              Class<T> clazz)