# create ## Usage ``` ionosctl vpn ipsec tunnel create [flags] ``` ## Aliases For `tunnel` command: ``` [p] ``` For `create` command: ``` [c post] ``` ## Description Create IPSec tunnels ## Options ``` -u, --api-url string Override default host URL. If contains placeholder, location will be embedded. Preferred over the config file override 'vpn' and env var 'IONOS_API_URL' (default "https://vpn.%s.ionos.com") --auth-method string The authentication method for the IPSec tunnel. Valid values are PSK or RSA (required) --cloud-network-cidrs strings The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, i.e the CIDRs within your IONOS CLOUD LAN. Specify "0.0.0.0/0" or "::/0" for all addresses. --cols strings Set of columns to be printed on output Available columns: [ID Name Description RemoteHost AuthMethod PSKKey IKEDiffieHellmanGroup IKEEncryptionAlgorithm IKEIntegrityAlgorithm IKELifetime ESPDiffieHellmanGroup ESPEncryptionAlgorithm ESPIntegrityAlgorithm ESPLifetime CloudNetworkCIDRs PeerNetworkCIDRs Status StatusMessage] -c, --config string Configuration file used for authentication (default "$XDG_CONFIG_HOME/ionosctl/config.yaml") -D, --depth int Level of detail for response objects (default 1) --description string Description of the IPSec Tunnel --esp-diffie-hellman-group string The Diffie-Hellman Group to use for IPSec Encryption.. Can be one of: 15-MODP3072, 16-MODP4096, 19-ECP256, 20-ECP384, 21-ECP521, 28-ECP256BP, 29-ECP384BP, 30-ECP512BP --esp-encryption-algorithm string The encryption algorithm to use for IPSec Encryption.. Can be one of: AES128-CTR, AES256-CTR, AES128-GCM-16, AES256-GCM-16, AES128-GCM-12, AES256-GCM-12, AES128-CCM-12, AES256-CCM-12, AES128, AES256 --esp-integrity-algorithm string The integrity algorithm to use for IPSec Encryption.. Can be one of: SHA256, SHA384, SHA512, AES-XCBC --esp-lifetime int32 The phase lifetime in seconds -F, --filters strings Limit results to results containing the specified filter:KEY1=VALUE1,KEY2=VALUE2 -f, --force Force command to execute without user input -i, --gateway-id string The ID of the IPSec Gateway (required) -h, --help Print usage --host string The remote peer host fully qualified domain name or IPV4 IP to connect to. * __Note__: This should be the public IP of the remote peer. * Tunnels only support IPV4 or hostname (fully qualified DNS name). (required) --ike-diffie-hellman-group string The Diffie-Hellman Group to use for IPSec Encryption.. Can be one of: 15-MODP3072, 16-MODP4096, 19-ECP256, 20-ECP384, 21-ECP521, 28-ECP256BP, 29-ECP384BP, 30-ECP512BP --ike-encryption-algorithm string The encryption algorithm to use for IPSec Encryption.. Can be one of: AES128, AES256 --ike-integrity-algorithm string The integrity algorithm to use for IPSec Encryption.. Can be one of: SHA256, SHA384, SHA512, AES-XCBC --ike-lifetime int32 The phase lifetime in seconds --json-properties string Path to a JSON file containing the desired properties. Overrides any other properties set. --json-properties-example If set, prints a complete JSON which could be used for --json-properties and exits. Hint: Pipe me to a .json file --limit int Maximum number of items to return per request (default 50) -l, --location string Location of the resource to operate on. Can be one of: de/fra, de/txl, es/vit, fr/par, gb/lhr, gb/bhx, us/ewr, us/las, us/mci (default "de/fra") -n, --name string Name of the IPSec Tunnel (required) --no-headers Don't print table headers when table output is used --offset int Number of items to skip before starting to collect the results --order-by string Property to order the results by -o, --output string Desired output format [text|json|api-json] (default "text") --peer-network-cidrs strings The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel. Specify "0.0.0.0/0" or "::/0" for all addresses. --psk-key string The pre-shared key for the IPSec tunnel (required) --query string JMESPath query string to filter the output -q, --quiet Quiet output -t, --timeout int Timeout in seconds for --wait and other wait operations (default 600) -v, --verbose count Increase verbosity level [-v, -vv, -vvv] -w, --wait Wait for the resource to reach AVAILABLE state after the command completes. No-op for list commands ``` ## Examples ``` ionosctl vpn ipsec tunnel create --gateway-id GATEWAY_ID --name NAME --host HOST --auth-method AUTH_METHOD --psk-key PSK_KEY --ike-diffie-hellman-group IKE_DIFFIE_HELLMAN_GROUP --ike-encryption-algorithm IKE_ENCRYPTION_ALGORITHM --ike-integrity-algorithm IKE_INTEGRITY_ALGORITHM --ike-lifetime IKE_LIFETIME --esp-diffie-hellman-group ESP_DIFFIE_HELLMAN_GROUP --esp-encryption-algorithm ESP_ENCRYPTION_ALGORITHM --esp-integrity-algorithm ESP_INTEGRITY_ALGORITHM --esp-lifetime ESP_LIFETIME --cloud-network-cidrs CLOUD_NETWORK_CIDRS --peer-network-cidrs PEER_NETWORK_CIDRS ionosctl vpn ipsec tunnel create --json-properties JSON_PROPERTIES ionosctl vpn ipsec tunnel create --json-properties JSON_PROPERTIES json-properties-example ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ionos.com/cli-ionosctl/subcommands/vpn-gateway/ipsec/tunnel/create.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.