Ensures that the IPSec Tunnel with the provided ID is created or modified. The full IPSec Tunnel needs to be provided to ensure (either update or create) the IPSec Tunnel. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.s
To ensure that the IPSec Tunnel with the provided ID is created or modified, perform PUT
request.
Copy curl --location \
--request PUT 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {
"key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}'
Path Parameters Request Body Parameters
You can update the gatewayId
and tunnelId
values to specify the IPSec Gateway and Tunnel:
Path Parameter Type Description Example The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
The ID (UUID) of the IPSec Tunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
Body Parameters Required Type Description Example The ID (UUID) of the IPSec Tunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
The human-readable name of your IPSec Gateway Tunnel.
Human-readable description of the IPSec Gateway Tunnel.
Updated tunnel connecting site A to site B.
The remote peer host fully qualified domain name or IPV4 IP to connect to.
Properties with all data needed to define IPSec Authentication.
The Authentication Method to use for IPSec Authentication. Default: "PSK". Options: PSK
Properties needed to define IPSec Authentication PSK. This is required if the method is PSK
.
{ "secret": "your-psk-value" }
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, that is, the CIDRs within your IONOS Cloud LAN.
["10.0.0.0/24", "203.0.113.0/24"]
properties.peerNetworkCIDRs
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "198.51.100.0/24"]
Following is an example of when a IPSec Tunnel is successfully created.
Copy {
"id" : "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe" ,
"type" : "ipsectunnel" ,
"href" : "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe" ,
"metadata" : {
"createdDate" : "2020-12-10T13:37:50+01:00" ,
"createdBy" : "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3" ,
"createdByUserId" : "87f9a82e-b28d-49ed-9d04-fba2c0459cd3" ,
"lastModifiedDate" : "2020-12-11T13:37:50+01:00" ,
"lastModifiedBy" : "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3" ,
"lastModifiedByUserId" : "87f9a82e-b28d-49ed-9d04-fba2c0459cd3" ,
"resourceURN" : "ionos:<product>:<location>:<contract>:<resource-path>" ,
"status" : "AVAILABLE" ,
"statusMessage" : null
} ,
"properties" : {
"name" : "My Company Gateway Tunnel" ,
"description" : "Allows local subnet X to connect to virtual network Y." ,
"remoteHost" : "vpn.mycompany.com" ,
"auth" : {
"method" : "PSK" ,
"psk" : {}
} ,
"ike" : {
"diffieHellmanGroup" : "16-MODP4096" ,
"encryptionAlgorithm" : "AES256" ,
"integrityAlgorithm" : "SHA256" ,
"lifetime" : 86400
} ,
"esp" : {
"diffieHellmanGroup" : "16-MODP4096" ,
"encryptionAlgorithm" : "AES256" ,
"integrityAlgorithm" : "SHA256" ,
"lifetime" : 3600
} ,
"cloudNetworkCIDRs" : [
"203.0.113.0/24"
] ,
"peerNetworkCIDRs" : [
"198.51.100.0/24"
]
}
}