Ensure IPSec Tunnel

Ensures that the IPSec Tunnel with the provided ID is created or modified. The full IPSec Tunnel needs to be provided to ensure (either update or create) the IPSec Tunnel. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.s

To ensure that the IPSec Tunnel with the provided ID is created or modified, perform PUT request.

Note: If IPSec Tunnel for a given tunnelId does not exist, a new one is created instead.

Endpoint

Use the following endpoint to ensure that IPSec Tunnel is created or modified: https://vpn.de-fra.ionos.com/ipsecgateways/{gatewayId}/tunnels/{tunnelId}.

Request

Note: The following request contains a sample gatewayId and tunnelId. Replace them with the gatewayId and tunnelId values whose information you want to update.

curl --location \
--request PUT 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
  "id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "metadata": {},
  "properties": {
    "name": "My Company Gateway Tunnel",
    "description": "Allows local subnet X to connect to virtual network Y.",
    "remoteHost": "vpn.mycompany.com",
    "auth": {
      "method": "PSK",
      "psk": {
        "key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
      }
    },
    "ike": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 86400
    },
    "esp": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 3600
    },
    "cloudNetworkCIDRs": [
      "192.168.1.100/24"
    ],
    "peerNetworkCIDRs": [
      "1.2.3.4/32"
    ]
  }
}'

You can update the gatewayId and tunnelId values to specify the IPSec Gateway and Tunnel:

Path Parameter Type Description Example

Path Parameter	Type	Description	Example
`gatewayId`	string	The ID (UUID) of the IPSec Gateway.	`66a114c7-2ddd-5119-9ddf-5a789f5a5a44`
`tunnelId`	string	The ID (UUID) of the IPSec Tunnel.	`c28b2d3e-7b15-53ca-ae88-6ae9378d6efe`

gatewayId

string

The ID (UUID) of the IPSec Gateway.

66a114c7-2ddd-5119-9ddf-5a789f5a5a44

tunnelId

string

The ID (UUID) of the IPSec Tunnel.

c28b2d3e-7b15-53ca-ae88-6ae9378d6efe

Below is the list of mandatory body parameters for updating an IPSec Tunnel:

Body Parameters Required Type Description Example

Body Parameters	Required	Type	Description	Example
`id`	yes	string	The ID (UUID) of the IPSec Tunnel.	`c28b2d3e-7b15-53ca-ae88-6ae9378d6efe`
`metadata`	no	object	Metadata	`{}`
`properties`	yes	object	Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
`properties.name`	yes	string	The human-readable name of your IPSec Gateway Tunnel.	`My Updated Tunnel`
`properties.description`	no	string	Human-readable description of the IPSec Gateway Tunnel.	`Updated tunnel connecting site A to site B.`
`properties.remoteHost`	yes	string	The remote peer host fully qualified domain name or IPV4 IP to connect to.	`203.0.113.1`
`properties.auth`	yes	object	Properties with all data needed to define IPSec Authentication.
`properties.auth.method`	yes	string	The Authentication Method to use for IPSec Authentication. Default: "PSK". Options: `PSK`	`PSK`
`properties.auth.psk`	yes	object	Properties needed to define IPSec Authentication PSK. This is required if the method is `PSK`.	`{ "secret": "your-psk-value" }`
`properties.ike`	no	object	Settings for the initial security exchange phase.	`{ "encryption": "AES-256", "hash": "SHA256" }`
`properties.esp`	no	object	Settings for the IPSec SA (ESP) phase.	`{ "encryption": "AES-256", "auth": "SHA256" }`
`properties.cloudNetworkCIDRs`	yes	array	The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, i.e., the CIDRs within your IONOS Cloud LAN.	`["10.0.0.0/24", "192.168.1.0/24"]`
`properties.peerNetworkCIDRs`	yes	array	The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.	`["10.0.1.0/24", "192.168.2.0/24"]`

id

yes

string

The ID (UUID) of the IPSec Tunnel.

c28b2d3e-7b15-53ca-ae88-6ae9378d6efe

metadata

object

Metadata

{}

properties

yes

object

Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.

properties.name

yes

string

The human-readable name of your IPSec Gateway Tunnel.

My Updated Tunnel

properties.description

string

Human-readable description of the IPSec Gateway Tunnel.

Updated tunnel connecting site A to site B.

properties.remoteHost

yes

string

The remote peer host fully qualified domain name or IPV4 IP to connect to.

203.0.113.1

properties.auth

yes

object

Properties with all data needed to define IPSec Authentication.

properties.auth.method

yes

string

The Authentication Method to use for IPSec Authentication. Default: "PSK". Options: PSK

PSK

properties.auth.psk

yes

object

Properties needed to define IPSec Authentication PSK. This is required if the method is PSK.

{ "secret": "your-psk-value" }

properties.ike

object

Settings for the initial security exchange phase.

{ "encryption": "AES-256", "hash": "SHA256" }

properties.esp

object

Settings for the IPSec SA (ESP) phase.

{ "encryption": "AES-256", "auth": "SHA256" }

properties.cloudNetworkCIDRs

yes

array

The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, i.e., the CIDRs within your IONOS Cloud LAN.

["10.0.0.0/24", "192.168.1.0/24"]

properties.peerNetworkCIDRs

yes

array

The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.

["10.0.1.0/24", "192.168.2.0/24"]

To make authenticated requests to the API, the following fields are mandatory in the request header:

Header Parameters Required Type Description

Header Parameters	Required	Type	Description
`Authorization`	yes	string	The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
`Content-Type`	yes	string	Set this to `application/json`.

Authorization

yes

string

The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).

Content-Type

yes

string

Set this to application/json.

Response

200 Successful operation

Following is an example of when a IPSec Tunnel is successfully created.

{
  "id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "type": "ipsectunnel",
  "href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "metadata": {
    "createdDate": "2020-12-10T13:37:50+01:00",
    "createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedDate": "2020-12-11T13:37:50+01:00",
    "lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
    "status": "AVAILABLE",
    "statusMessage": null
  },
  "properties": {
    "name": "My Company Gateway Tunnel",
    "description": "Allows local subnet X to connect to virtual network Y.",
    "remoteHost": "vpn.mycompany.com",
    "auth": {
      "method": "PSK",
      "psk": {}
    },
    "ike": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 86400
    },
    "esp": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 3600
    },
    "cloudNetworkCIDRs": [
      "192.168.1.100/24"
    ],
    "peerNetworkCIDRs": [
      "1.2.3.4/32"
    ]
  }
}

Result: The IPSec Tunnel is successfully updated or created.

PreviousRetrieve IPSec Tunnel NextDelete IPSec Tunnel

Last updated 1 month ago