curl --location \
--request POST 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {
"key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"192.168.1.100/24"
],
"peerNetworkCIDRs": [
"1.2.3.4/32"
]
}
}'
You can update the gatewayId value to get a specific IPSecGateway:
| Path Parameter | Type | Description | Example |
|---|
| | The ID (UUID) of the IPSec Gateway. | 66a114c7-2ddd-5119-9ddf-5a789f5a5a44
|
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
| Body Parameters | Required | Type | Description | Example |
|---|
| | | | |
| | | Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway. | |
| | | The human-readable name of your IPSec Gateway Tunnel. | |
| | | Human-readable description of the IPSec Gateway Tunnel. | Tunnel connecting site A to site B.
|
| | | The remote peer host fully qualified domain name or IPV4 IP to connect to. | |
| | | Properties needed to define IPSec Authentication. | |
| | | Settings for the initial security exchange phase. | { "encryption": "AES-256", "hash": "SHA256" }
|
| | | Settings for the IPSec SA (ESP) phase. | { "encryption": "AES-256", "auth": "SHA256" }
|
properties.cloudNetworkCIDRs
| | | The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel. | ["10.0.0.0/24", "192.168.1.0/24"]
|
properties.peerNetworkCIDRs
| | | The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel. | ["10.0.1.0/24", "192.168.2.0/24"]
|
To make authenticated requests to the API, the following fields are mandatory in the request header:
| Header Parameters | Required | Type | Description |
|---|
| | | The Bearer token to enable requests to authenticate using a JSON Web Token (JWT). |
| | | Set this to application/json. |
{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"192.168.1.100/24"
],
"peerNetworkCIDRs": [
"1.2.3.4/32"
]
}
}
