curl --location \
--request POST 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {
"key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"192.168.1.100/24"
],
"peerNetworkCIDRs": [
"1.2.3.4/32"
]
}
}'
You can update the gatewayId value to get a specific IPSecGateway:
Path Parameter
Type
Description
Example
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
Body Parameters
Required
Type
Description
Example
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
The human-readable name of your IPSec Gateway Tunnel.
Human-readable description of the IPSec Gateway Tunnel.
Tunnel connecting site A to site B.
The remote peer host fully qualified domain name or IPV4 IP to connect to.
Properties needed to define IPSec Authentication.
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel.
["10.0.0.0/24", "192.168.1.0/24"]
properties.peerNetworkCIDRs
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "192.168.2.0/24"]
{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"192.168.1.100/24"
],
"peerNetworkCIDRs": [
"1.2.3.4/32"
]
}
}
