Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
A VPN Gateway is a critical component in network infrastructure that facilitates secure, encrypted connections between different networks over the internet. It is commonly used to connect on-premises networks to cloud networks or connect between cloud networks. IONOS VPN Gateways support IPSec and WireGuard VPN protocols, ensuring secure and reliable communication across geographically dispersed networks.
IONOS VPN Gateway provides robust security features, including strong encryption, to protect data in transit. It supports multiple VPN tunnels, allowing for scalable and flexible network architectures. By using a VPN Gateway, organizations can ensure that their sensitive data is transmitted securely over the internet, meeting compliance and regulatory requirements.
When a user or device initiates a connection to a network through a VPN Gateway, the gateway establishes a secure, encrypted tunnel between the user and the target network. This process involves:
Authentication: The user or device is authenticated using methods such as certificates or pre-shared keys to ensure only authorized users can access the network.
Encryption: The VPN Gateway encrypts data packets using protocols like IPsec or WireGuard to ensure secure transmission over the internet.
Tunneling: The encrypted data packets are encapsulated within another packet, creating a secure tunnel through which the data travels. This tunnel protects the data from being intercepted or tampered with during transmission.
Routing: The VPN Gateway routes the encrypted data packets to the appropriate destination within the target network. Once the data reaches its destination, it is decrypted and delivered to the intended recipient.
Maintaining Connectivity: The VPN Gateway continuously monitors the connection to ensure stability and performance. It implements failover mechanisms to switch to backup connections if the primary connection is disrupted, ensuring continuous connectivity.
Hybrid Cloud Connectivity: Connects on-premises data centers or offices to Virtual datacenter (VDC) private LANs securely.
Cloud Migration: Facilitates transferring or copying data from on-premise networks to IONOS Cloud.
Multi-region Deployment: Facilitates communication between Virtual datacenter (VDC) private LANs deployed across different regions.
Traffic Encryption: Ensures confidentiality of data transmitted over public networks, safeguarding against eavesdropping and tampering.
LANs connected to a given VPN gateway must all belong to the same Virtual datacenter (VDC)
Only up to 10 LANs can be connected per VPN gateway
Only up to 20 tunnels or peers can be created per VPN gateway
Only static routing is currently supported. Dynamic or BGP routing is not.
Interface IP is not DHCP aware. Users must ensure that they use private LAN IPs already not assigned via DHCP or belong outside the DHCP range (.2-.10)
All PSK and keypairs must be provided by the customer and are not auto created by the product.
No HA support is available at the moment. But it will be made available soon.
Tunnel endpoint and Gateway IP addresses are IPv4 only.
Users must ensure that the VPN gateway must be deleted before deleting the connected VDC.
Once a VPN Gateway is successfully created, the gateway is listed on the VPN Gateway overview page.
To update the VPN Gateway details, follow these steps:
1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.
2. In the VPN Gateway overview, select the VPN Gateway to update.
3. Update the selected VPN Gateway details.
4. Click Save to update the VPN Gateway details with the changes made.
Result: The VPN Gateway is successfully updated.
1. For the selected VPN Gateway, you can choose Tunnels tab to view tunnels for selected VPN Gateway.
2. Click on Edit to update selected Tunnel.
3. Update the selected VPN Gateway Tunnel details.
4. Click Save to update the VPN Gateway Tunnel details with the changes made.
Result: The selected Tunnel for VPN IPSec Gateway is successfully updated.
1. For the selected VPN Gateway, you can choose Peers tab to view peers for selected VPN Gateway.
2. Click on Edit to update selected Peer.
3. Update the selected VPN Gateway Peer details.
4. Click Save to update the VPN Gateway Peer details with the changes made.
Result: The selected Peer for VPN WireGuard Gateway is successfully updated.
Users need appropriate privileges to create and manage VPN Gateways. The VPN Gateway has a specific group privilege called Access and manage VPN Gateways. This privilege must be enabled for a group so that the members of this group inherit this privilege through group privilege settings and can manage the VPN Gateways.
Prerequisite: Make sure you have one or more Groups in the User Manager. To create one, see Create a group.
To set user privileges to manage VPN Gateways, follow these steps:
In the DCD, go to Menu > Management > Users & Groups under Users.
Select the Groups tab in the User Manager window.
Select the appropriate group to assign relevant privileges.
In the Privileges tab, select Access and manage VPN Gateways.
Note: You can remove the privileges from the group by clearing Access and manage VPN Gateways.
Result: The privilege to manage VPN Gateways is granted to all the members in the selected group.
You can revoke a user's Access and manage VPN Gateways privilege by removing the user from all the groups that have this privilege enabled.
Warning: You can revoke a user from this privilege by disabling Access and manage VPN Gateways for every group the user belongs to. In this case, all the members in the respective groups would also be revoked from this privilege.
To revoke this privilege from a contract administrator, disable the administrator option on the user account. On performing this action, the contract administrator gets the role of a contract user, and the privileges that were set up for the user before being an administrator will then be in effect.
Secure Connectivity: Establishes encrypted tunnels using industry-standard VPN protocols (IPsec and WireGuard) to ensure secure data transmission. Supports various authentication methods, including certificates and pre-shared keys, providing flexibility in securing connections. Utilizes strong encryption algorithms such as AES-256 to protect data in transit.
Connection Stability: Implements redundancy and failover mechanisms to maintain continuous connectivity. Supports dynamic scaling to adjust to varying network demands, allowing for seamless addition or removal of VPN connections without service interruption.
Scalability: Supports scalable VPN configurations to accommodate growing network demands and increasing traffic. Customizable bandwidth settings optimize performance for different applications and services.
Improved Security: Ensures all transmitted data is encrypted, protecting against unauthorized access and cyber threats. Helps meet regulatory compliance requirements by securing sensitive data in transit.
Cost Efficiency: Reduces the need for costly hardware investments by leveraging cloud-based VPN solutions and scalable pricing models. Minimizes operational costs associated with network maintenance and downtime.
Enhanced Connectivity: Facilitates seamless communication between multiple office locations, partners, and remote sites worldwide. Supports secure remote access for employees, enabling them to connect to corporate resources from any location securely.
Global Reach: Enables organizations to extend network connectivity across different regions without major reconfigurations. Enhances application performance by optimizing latency for cross-region connections.
Reliability: Implements failover mechanisms to ensure high availability and minimize downtime. Distributes traffic across multiple VPN connections to optimize performance and prevent bottlenecks.
Flexibility: Integrates with existing network infrastructure, providing a flexible and scalable solution for diverse connectivity needs. Simplifies management with centralized interfaces for configuration and monitoring of VPN connections.
A VPN Gateway provides a secure way to access your data center, protecting your network and sensitive information.
To create a VPN Gateway, follow these steps:
1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.
2. Click Create New VPN Gateway from the VPN Gateways page.
3. Configure the following details for a VPN Gateway:
Enter a Name and a Description.
Select Location.
Select the IP Address created in the chosen location.
Note: Ensure you reserve IP Addresses in advance, and make sure the IP Addresses and Data Centers are in the same location.
Prerequisite: You can create VPN Gateways using either the IPSec or WireGuard protocol. Each protocol offers different features and requires distinct configuration steps.
Select Protocol you want to use:
Select Protocol you want to use, you can choose WIREGUARD or IPSEC.
In WIREGUARD, you should input the following properties:
Private Key: Private Key.
Interface IPv4 IP: Mandatory if IPv6 is not provided.
Interface IPv6 IP: Mandatory if IPv4 is not provided.
Listen Port: Specifies the UDP port on which a WireGuard interface will listen for incoming encrypted VPN packets.
In IPSEC, you have the following options:
Version: Option to select IPSec version.
Note:
IPSec requires Tunnels before they can be used.
WireGuard requires Peers.
To create Tunnel or Peer, you can choose IPSec Tunnel or WireGuard Peer.
In Create IPSec Tunnel, you should enter the following properties:
Tunnel name
Description
Remote host: Public IPv4 address or FQDN.
Pre-shared key (PSK)
Choose the desired option from the available list.
Diffie-Hellman Group
Encryption Alghoritm
Integrity Alghoritm
Lifetime: Min 3600 sec. / max. 604800 sec.
Choose the desired option from the available list.
Diffie-Hellman Group
Encryption Alghoritm
Integrity Alghoritm
Lifetime: Min 600 sec. / max. 86400 sec.
Enter the following properties:
Cloud Network CIDRs: Up to 20 IPv4 or IPv6 addresses, Comma Separation.
Peer Network CIDRs: Up to 20 IPv4 or IPv6 addresses, Comma Separation.
In PEER, you have the following options:
Peer name
Description
Endpoint host: Public IPv4 address or FQDN.
Endpoint port: Specifies the UDP port on which a WireGuard interface will listen for incoming encrypted VPN packets.
Allowed IPs: Up to 20 IPv4 or IPv6 addresses, Comma Separation.
Public Key
Note: These are the LANs you want to access. You can add new ones, delete, or edit existing ones.
1. Select Datacenter for the selected location.
2. Click + Add LAN Connections to add LAN Connections you want to access.
Result: You have successfully created the VPN gateway.
Once a VPN Gateway is successfully created, the gateway is listed on the VPN Gateway overview page.
To view the VPN Gateway details, follow these steps:
1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.
Result: A list of VPN Gateways created is displayed. For every VPN Gateway listed, you can view the following details:
GATEWAY NAME: Displays the name of the VPN Gateway.
GATEWAY PROTOCOL: Displays the protocol used by the VPN Gateway (IPSec or WireGuard).
STATE: Displays the state of the VPN Gateway. Possible values are as follows:
Available: The VPN Gateway is available and functioning properly.
Unavailable: The VPN Gateway is unavailable and not in use.
CREATION DATE: Displays the date of creation of the VPN Gateway.
LAST MODIFIED: Displays the date when the VPN Gateway details were last updated.
OPTIONS: Provides additional actions you can perform on the VPN Gateway, such as deleting the VPN Gateway.
CREATE TUNNELS (IPSEC): Create tunnels for the IPSec protocol.
CREATE PEERS (WIREGUARD): Create peers for the WireGuard protocol.
For the selected VPN Gateway, you can choose to view Setup & LAN connections or Tunnels.
In Setup & LAN connections, you can view the following properties:
Name: The name of the VPN Gateway.
Description: A description of the VPN Gateway.
Location: The location of the VPN Gateway.
IP Address: The IP address assigned to the VPN Gateway.
Protocol: The protocol version used by the VPN Gateway.
In Tunnels, you have the following options:
Add Tunnels: Option to add new tunnels.
Existing Tunnels: A list of existing tunnels with their names and options to edit or delete each tunnel.
To delete a VPN Gateway, follow these steps:
1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.
2. In the OPTIONS column for the selected distribution, click the three dots icon and select Delete.
4. Confirm the deletion.
Result: The selected VPN Gateway is successfully deleted and no longer displayed in the VPN Gateway overview.
1. For the selected VPN Gateway, you can choose Tunnels tab to view tunnels for selected VPN Gateway.
2. Click on Delete to delete selected Tunnel.
3. Confirm the deletion.
Result: The selected Tunnel for VPN IPSec Gateway is successfully deleted and no longer displayed in the VPN Gateway overview.
1. For the selected VPN Gateway, you can choose Peers tab to view peers for selected VPN Gateway.
2. Click on Delete to delete selected Peer.
3. Confirm the deletion.
Result: The selected Peer for VPN WireGuard Gateway is successfully deleted and no longer displayed in the VPN Gateway overview.
The Managed VPN Gateway service provides secure and scalable connectivity, enabling encrypted communication between your IONOS cloud resources in a VDC and remote networks (on-premises, multi-cloud, private LANs in other VDCs etc).
Note: VPN Gateway is currently available on a request basis. To access this product, please contact your sales representative or IONOS Cloud Support.
To get answers to the most commonly encountered questions about VPN Gateway, see FAQs.
Returns the Wireguard Gateway by ID.
To retrieve the Wireguard Gateway, perform a GET
request.
Use the following endpoint to retrieve Wireguard Gateway: https://vpn.de-fra.ionos.com/wireguardgateways/{gatewayId}
.
Note: The following request contains a sample gatewayId
. Replace them with the gatewayId
value, whose information you want to retrieve.
You can update the gatewayId
value to get a specific Wireguard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The Wireguard Gateway and its details for the specified gatewayId
are successfully obtained.
Deletes the specified Wireguard Gateway.
To delete a Wireguard Gateway, perform a DELETE
request with the gatewayId
of the Wireguard Gateway.
Use the following endpoint to delete Wireguard Gateway: https://vpn.de-fra.ionos.com/wireguardgateways/{gatewayId}
.
Note: The following request contains a sample gatewayId
. Replace them with the gatewayId
value, whose information you want to delete.
You can update the gatewayId
value to delete a specific Wireguard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
202 Successful operation
Result: The Wireguard Gateway with the specified gatewayId
is successfully deleted.
Ensures that the Wireguard Gateway with the provided ID is created or modified. The full Wireguard Gateway needs to be provided to ensure (either update or create) the Wireguard Gateway. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.
To ensure that the Wireguard Gateway with the provided ID is created or modified, perform PUT
request.
Note: If Wireguard Gateway for a given gatewayId
does not exist, a new one is created instead.
Use the following endpoint to ensure that Wireguard Gateway is created or modified: https://vpn.de-fra.ionos.com/wireguardgateways/{gatewayId}
.
Note: The following request contains a sample gatewayId
. Replace them with the gatewayId
value whose information you want to update.
Below is the list of mandatory path parameters:
Below is the list of mandatory body parameters for updating a Wireguard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Following is an example of when a Wireguard Gateway is successfully created.
Result: The Wireguard Gateway is successfully updated or created.
Creates a new Wireguard Gateway.
The full Wireguard Gateway needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a Wireguard Gateway, perform a POST
request.
Use the following endpoint to create Wireguard Gateway: https://vpn.de-fra.ionos.com/wireguardgateways
.
Below is the list of mandatory body parameters for creating a Wireguard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
201 Successful operation
Result: The Wireguard Gateway is successfully created. the id
and other details of the created Wireguard Gateway are provided in the response.
This endpoint enables retrieving all Wireguard Peers using pagination and optional filters.
To retrieve all the Wireguard Peers, perform a GET
request.
Use the following endpoint to retrieve all wireguard peers: https://vpn.de-fra.ionos.com/wireguardgateways/{gatewayId}/peers
.
Below is the list of optional Path Parameters:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: All existing Wireguard Peers and their details are successfully obtained.
This endpoint enables retrieving all Wireguard Gateways using pagination and optional filters.
To retrieve all the Wireguard Gateways, perform a GET
request.
Use the following endpoint to retrieve all Wireguard Gateways: https://vpn.de-fra.ionos.com/wireguardgateways
.
Below is the list of optional Path Parameters:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: All existing Wireguard Gateways and their details are successfully obtained.
WireGuard is a modern VPN protocol known for its simplicity and efficiency. It aims to provide a faster and more secure VPN solution compared to traditional protocols like IPSec. Key features include:
Primary Function: Establishes secure point-to-point connections over the internet, using state-of-the-art cryptography.
Importance for VPN Solutions: WireGuard is important due to its simplicity, high performance, and strong security features. It offers fast connection times and efficient use of network resources.
IPSec is a suite of protocols used to secure internet communications by authenticating and encrypting each IP packet of a communication session. It includes protocols like Authentication Header (AH) and Encapsulating Security Payload (ESP). Key features include:
Primary Function: Provides secure communication channels between devices over the internet, ensuring data confidentiality, integrity, and authentication.
Importance for VPN Solutions: IPSec is widely used in enterprise environments for its robust security capabilities, scalability, and compatibility across different platforms.
Security: Both protocols offer strong security features, but WireGuard is praised for its simplicity and modern cryptographic approach.
Performance: WireGuard typically outperforms IPSec in terms of connection speed and resource efficiency.
Ease of Use: WireGuard is easier to set up and manage due to its minimalist design and straightforward configuration.
Suitability for Large Organizations: IPSec is well-suited for large enterprises requiring extensive scalability, compliance, and robust security measures.
Choose WireGuard if you prioritize simplicity, speed, and efficient resource usage. Opt for IPSec if you need extensive scalability, compatibility with existing infrastructure, and adherence to industry standards.
Ensures that the Wireguard Peer with the provided ID is created or modified. The full Wireguard Peer needs to be provided to ensure (either update or create) the Wireguard Peer. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.
To ensure that the Wireguard Peer with the provided ID is created or modified, perform PUT
request.
Note: If Wireguard Peer for a given peerId
does not exist, a new one is created instead.
Use the following endpoint to ensure that Wireguard Peer is created or modified: https://vpn.de-fra.ionos.com/wireguardgateways/{gatewayId}/peers/{peerId}
.
Note: The following request contains a sample gatewayId
and peerId
. Replace them with the gatewayId
and peerId
values whose information you want to update.
Below is the list of mandatory path parameters:
Below is the list of fields returned in the response for a WireGuard Peer:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Following is an example of when a Wireguard Peer is successfully created.
Result: The Wireguard Peer is successfully updated or created.
Returns the Wireguard Peer by ID.
To retrieve the Wireguard Peer, perform a GET
request.
Use the following endpoint to retrieve Wireguard Peer: https://vpn.de-fra.ionos.com/wireguardgateways/{gatewayId}/peers/{peerId}
.
You can update the gatewayId
and peerId
values to get a specific Wireguard Peer for a given gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The Wireguard Peer and its details for the specified gatewayId
and peerId
are successfully obtained.
Deletes the specified Wireguard Peer.
To delete a Wireguard Peer, perform a DELETE
request with the gatewayId
of the WireguardGateway and peerId
of the Wireguard Peer.
Use the following endpoint to delete Wireguard Peer: https://vpn.de-fra.ionos.com/wireguardgateways/{gatewayid}/peers/{peerId}
.
Note: The following request contains a sample gatewayId
and peerId
. Replace them with the gatewayId
and peerId
value, whose information you want to delete.
You can update the gatewayId
and peerId
values to delete a specific Wireguard Peer for a given gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
202 Successful operation
Result: The Wireguard Peer with the specified gatewayId
and peerId
is successfully deleted.
Returns the IPSec Gateway by ID.
To retrieve the IPSec Gateway, perform a GET
request.
Use the following endpoint to retrieve IPSec Gateway: https://vpn.de-fra.ionos.com/ipsecgateways/{gatewayId}
.
Note: The following request contains a sample gatewayId
. Replace them with the gatewayId
value, whose information you want to retrieve.
You can update the gatewayId
value to get a specific IPSec Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The IPSec Gateway and its details for the specified gatewayId
are successfully obtained.
-Operations to create and manage IPSec VPN Gateways. -This tag groups all operations for ipsecgateways.
To retrieve all the IPSec Gateways, perform a GET
request.
Use the following endpoint to retrieve all IPSec Gateways: https://vpn.de-fra.ionos.com/ipsecgateways
.
Below is the list of optional Path Parameters:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: All existing IPSec Gateways and their details are successfully obtained.
Path Parameter | Type | Description | Example |
---|
Header Parameter | Required | Type | Description |
---|
Path Parameters | Type | Description | Example |
---|
Header Parameters | Required | Type | Description |
---|
Path Parameters | Type | Description | Example |
---|
Body Parameters | Required | Type | Description | Example |
---|
Header Parameters | Required | Type | Description |
---|
Body Parameters | Required | Type | Description | Example |
---|
Header Parameters | Required | Type | Description |
---|
Query Parameters | Type | Description | Example |
---|
Header Parameters | Required | Type | Description |
---|
Query Parameters | Type | Description | Example |
---|
Header Parameters | Required | Type | Description |
---|
Feature | WireGuard | IPSec |
---|
Path Parameters | Type | Description | Example |
---|
Response Parameters | Type | Description | Example |
---|
Header Parameters | Required | Type | Description |
---|
Path Parameter | Type | Description | Example |
---|
Header Parameter | Required | Type | Description |
---|
Path Parameter | Type | Description | Example |
---|
Header Parameter | Required | Type | Description |
---|
Path Parameter | Type | Description | Example |
---|
Header Parameter | Required | Type | Description |
---|
Query Parameters | Type | Description | Example |
---|
Header Parameters | Required | Type | Description |
---|
Learn how to configure and manage Wireguard and IPSec VPN Gateways via API, including creating, retrieving, ensuring, and deleting gateways and peers for secure network connectivity.
Learn how to set up VPN Gateway and manage VPN connections via the DCD.
Explore the key use cases to implement using VPN Gateway.
Learn how to assign and manage user privileges for VPN Gateway operations, ensuring that users have the appropriate access to perform their tasks.
Learn how to create VPN Gateway.
Learn how to view VPN Gateways, including details on their configuration and status.
Learn how to update the settings and configurations of existing VPN Gateway to meet evolving needs.
Learn how to safely remove VPN Gateway when it is no longer needed.
gatewayId | string | The ID (UUID) of the Wireguard Gateway. |
|
| yes | string | The Bearer token to enable requests to authenticate using a JSON Web Token (JWT). |
| no | string | Set this to |
| string | The ID (UUID) of the Wireguard Gateway. |
|
| yes | string | The Bearer token enable requests to authenticate using an JSON Web Token (JWT). |
| string | The ID (UUID) of the WireGuard Gateway. |
|
| yes | string | The ID (UUID) of the WireGuard Gateway to update. |
|
| no | object | Metadata |
|
| yes | object | Properties with all data needed to update the WireGuard Gateway. |
| yes | string | The human readable name of your WireGuard Gateway. |
|
| no | string | Human readable description of the WireGuard Gateway. |
|
| yes | string | Public IP address to be assigned to the gateway. |
|
| no | string | The IPV4 address (with CIDR mask) to be assigned to the WireGuard interface. |
|
| no | string | The IPV6 address (with CIDR mask) to be assigned to the WireGuard interface. |
|
| yes | array | The network connection for your gateway. |
|
| yes | string | PrivateKey used for WireGuard Server. |
|
| no | integer | Port that WireGuard Server will listen on. | 51820 |
| yes | string | The Bearer token enables requests to authenticate using a JSON Web Token (JWT). |
| yes | string | Set this to |
| no | object | Metadata |
|
| yes | object | Properties with all data needed to create a new WireGuard Gateway. |
| yes | string | The human readable name of your WireGuard Gateway. |
|
| no | string | Human readable description of the WireGuard Gateway. |
|
| yes | string | Public IP address to be assigned to the gateway. |
|
| no | string | The IPV4 address (with CIDR mask) to be assigned to the WireGuard interface. |
|
| no | string | The IPV6 address (with CIDR mask) to be assigned to the WireGuard interface. |
|
| yes | array | The network connection for your gateway. |
|
| yes | string | PrivateKey used for WireGuard Server. |
|
| no | integer | Port that WireGuard Server will listen on. | 51820 |
| yes | string | The Bearer token enables requests to authenticate using a JSON Web Token (JWT). |
| yes | string | Set this to |
| integer | The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0 | 0 |
| integer | The maximum number of elements to return. Use together with offset for pagination. Default: 100 | 100 |
| yes | string | The Bearer token enables requests to authenticate using a JSON Web Token (JWT). |
| no | string | Set this to |
| integer | The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0 | 0 |
| integer | The maximum number of elements to return. Use together with offset for pagination. Default: 100 | 100 |
| yes | string | The Bearer token enables requests to authenticate using a JSON Web Token (JWT). |
| no | string | Set this to |
Security | Uses modern cryptographic techniques like ChaCha20 for encryption and Curve25519 for key exchange. | Offers strong encryption standards (AES, DES) and authentication methods (SHA-256). |
Performance | Lightweight design results in faster connection times and lower overhead. | May have higher overhead due to encapsulation and additional protocol layers. |
Ease of Use | Simple configuration and fewer lines of code make setup and management easier. | Configuration can be complex, especially for setting up tunnels and policies. |
Suitability | Ideal for environments prioritizing speed, simplicity, and efficient resource usage. | Suitable for large organizations needing robust security, scalability, and compliance with standards. |
Scalability | Handles dynamic IP addresses and changing networks more effectively. | Offers scalable solutions with support for complex network topologies and large-scale deployments. |
| string | The ID (UUID) of the WireGuard Gateway. |
|
| string | The ID (UUID) of the WireGuard Peer. |
|
| string | The unique identifier (UUID) for the WireGuard Peer. |
|
| object | Metadata related to the WireGuard Peer. |
|
| object | Properties of the WireGuard Peer. |
| string | The human-readable name of the WireGuard Peer. |
|
| string | Human-readable description of the WireGuard Peer. |
|
| object | Endpoint details for the WireGuard Peer. |
| string | The host IP address or domain for the WireGuard Peer. |
|
| integer | The port number for the WireGuard Peer. |
|
| array | The subnet CIDRs that are allowed to connect to the WireGuard Gateway. |
|
| string | The public key for the WireGuard Peer. |
|
| yes | string | The Bearer token enables requests to authenticate using a JSON Web Token (JWT). |
| yes | string | Set this to |
gatewayId | string | The ID (UUID) of the WireGuard Gateway. |
|
peerId | string | The ID (UUID) of the WireGuard Peer. |
|
| yes | string | The Bearer token to enable requests to authenticate using a JSON Web Token (JWT). |
| no | string | Set this to |
gatewayId | string | The ID (UUID) of the Wireguard Gateway. |
|
peerId | string | The ID (UUID) of the Wireguard Peer. |
|
| yes | string | The Bearer token to enable requests to authenticate using a JSON Web Token (JWT). |
gatewayId | string | The ID (UUID) of the IPSec Gateway. |
|
| yes | string | The Bearer token to enable requests to authenticate using a JSON Web Token (JWT). |
| no | string | Set this to |
| integer | The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0 | 0 |
| integer | The maximum number of elements to return. Use together with offset for pagination. Default: 100 | 100 |
| yes | string | The Bearer token enables requests to authenticate using a JSON Web Token (JWT). |
| no | string | Set this to |
A Site-to-Site VPN Gateway is a network solution that establishes a secure, encrypted connection between two or more networks over the internet. This setup allows an on-premises network to connect securely with cloud resources, enabling seamless data transfer while ensuring data privacy and integrity. For example, IONOS VPN Gateway is a fully managed service that connects your data center or branch office to your IONOS Cloud resources using IPSec tunnels or WireGuard peers.
Our VPN Gateway supports both IPSec and WireGuard protocols. IPSec is widely used for its robust security features and flexibility, while WireGuard is known for its simplicity and high performance. These options allow you to choose the protocol that best suits your network's security and performance needs.
A Site-to-Site VPN enhances network security by encrypting data traffic between your on-premises network and your cloud resources. This encryption protects data from interception and tampering during transit, ensuring that sensitive information remains confidential and secure. It also provides a secure connection for applications and services that require a high level of security.
Setting up a Site-to-Site VPN Gateway with IPSec involves several key steps:
Reserve a public IPv4 address via our Data Center Designer (DCD) or Cloud API.
Create an IPSec VPN gateway, configuring it with the IP address, virtual data center, and LANs that will use the gateway.
Configure the IPSec tunnels by specifying parameters such as the pre-shared key (PSK), IKE version, encryption, and integrity algorithms.
Set up your on-premises VPN device to match these parameters.
Establish the connection and verify that the tunnel is active by checking the tunnel status and logs.
Setting up a Site-to-Site VPN Gateway with WireGuard involves these steps:
Reserve a public IPv4 address via our DCD or Cloud API.
Create a WireGuard VPN gateway, configuring it with the IP address, virtual data center, and LANs that will use the gateway.
Generate public and private keys for your WireGuard peers.
Configure the WireGuard interface by adding peers, allowed IPs, and endpoints.
Sync the configuration with your on-premises WireGuard devices.
Establish the connection and verify its status by checking the tunnel status and logs.
Yes, you can use both IPSec and WireGuard tunnels simultaneously to connect resources between the same virtual data center networks and remote networks. This setup requires creating and configuring separate VPN gateway instances for each protocol, allowing you to take advantage of the unique benefits of each protocol.
The cost of a VPN Gateway is determined by the lifetime of the instance and the amount of egress traffic. For detailed pricing information, please refer to our Price List.
Yes, you can connect up to 10 LANs to a single VPN gateway. All LANs must belong to the same virtual data center, ensuring streamlined management and configuration.
You can create up to 20 IPSec tunnels or WireGuard peers per gateway. This allows for extensive connectivity options while maintaining manageable configurations.
Yes, we provide a comprehensive VPN Gateway API, along with a GO SDK and Terraform tooling. These tools enable automation of various gateway-related tasks, ensuring seamless integration with your DevOps workflow and simplifying the management of VPN gateways.
Yes, our VPN Gateway supports both IPv4 and IPv6, allowing your traffic to be sent across both network types. This capability helps future-proof your services and ensures broad accessibility. Note that tunnel endpoint and Gateway IP addresses are IPv4 only.
Currently, only static routing is available for the VPN gateway. Dynamic routing protocols like BGP are not supported at this time.
Yes, you can connect virtual data centers (VDCs) across different IONOS locations or regions. There are no region constraints, allowing one VDC to connect to another, regardless of their geographical location.
Our VPN Gateway employs industry-standard encryption techniques to ensure data security. IPSec uses strong encryption algorithms such as AES-256, while WireGuard leverages modern cryptographic primitives like ChaCha20 and Poly1305. These methods provide high levels of data security, protecting your information during transit.
Yes, you can customize the encryption and integrity algorithms used in IPSec tunnels. Supported algorithms include AES-128, AES-256, SHA-256, SHA-384, and SHA-512. These settings can be configured in the DCD or through the Cloud API, allowing you to tailor security to your specific requirements.
The VPN Gateway ensures data integrity through cryptographic hashing algorithms like SHA-256, SHA-384, and SHA-512. These algorithms verify that data has not been altered during transit, providing a secure communication channel and maintaining data integrity.
Our VPN gateway uses PSK (Pre-Shared Key) authentication. To authenticate your IPSec VPN tunnel, you must generate a pre-shared key (PSK) and provide it during the creation of the tunnel. For security, it is recommended to use a strong 32-character pre-shared key.
Our IPSec VPN gateway supports IKEv2, a modern and secure version of the Internet Key Exchange protocol.
Yes, access management is possible. Contract owners and administrators can enable access for sub-users by providing the “Access and Manage VPN” group privilege. Detailed information on setting up access management can be found in our guide. Additionally, you can view audit logs for VPN operations via the Activity log functionality, ensuring transparency and accountability.
No, our VPN service does not store or process customer data. It is designed to provide secure and private connections without handling or retaining user data.
WireGuard is known for its high performance and simplicity, offering lower overhead and faster connection setup times. IPSec, while more established, provides robust security and broader configurability but may have higher processing overhead. The choice between IPSec and WireGuard depends on your specific use cases and performance requirements.
During the limited access phase, our VPN Gateway does not support automatic failover. However, this feature will be available during general availability, ensuring high availability by automatically rerouting traffic through a backup tunnel if one tunnel goes down.
For optimal VPN Gateway performance, consider the following:
Ensure appropriate bandwidth on both ends of the connection.
Select the right encryption and integrity algorithms based on your performance needs.
Regularly monitor your VPN connections and adjust configurations as needed to handle traffic load.
Each tunnel supports a maximum throughput of up to 1 Gbps, providing high-speed connectivity for data-intensive applications.
Several factors can influence VPN connection throughput, including the capability of your remote gateway, the bandwidth capacity of your connection, the average packet size, the protocol in use (TCP vs. UDP), and the network latency between the VPN Gateway and the remote network.
If the VPN connection is down, follow these troubleshooting steps:
Verify that the configuration settings on both sides of the tunnel match.
Check network connectivity, static routes, and firewall rules.
Ensure that the pre-shared keys and encryption algorithms are correctly configured.
Review logs for any error messages and diagnostic information.
If issues persist, contact our support team for further assistance.
Action | Description |
Endpoint to retrieve all WireGuard VPN Gateways using pagination and optional filters. |
Creates a new WireGuard VPN Gateway. The full configuration needs to be provided. |
Retrieves details of a specific WireGuard VPN Gateway. |
Ensures that a WireGuard VPN Gateway with the provided ID is created or modified. |
Deletes the specified Wireguard Gateway. |
Action | Description |
Endpoint to retrieve all WireGuard Peers associated with a VPN Gateway using pagination and optional filters. |
Creates a new WireGuard Peer. The full configuration needs to be provided. |
Retrieves details of a specific WireGuard Peer. |
Ensures that a WireGuard Peer with the provided ID is created or modified. |
Deletes the specified Wireguard Peer. |
Action | Description |
Endpoint to retrieve all IPSec VPN Gateways using pagination and optional filters. |
Creates a new IPSec VPN Gateway. The full configuration needs to be provided. |
Retrieves details of a specific IPSec VPN Gateway. |
Ensures that an IPSec VPN Gateway with the provided ID is created or modified. |
Deletes the specified IPSec Gateway. |
Action | Description |
Endpoint to retrieve all IPSec VPN Tunnels associated with an IPSec VPN Gateway using pagination and optional filters. |
Creates a new IPSec VPN Tunnel associated with an IPSec VPN Gateway. The full configuration needs to be provided. |
Retrieves details of a specific IPSec VPN Tunnel. |
Ensures that an IPSec VPN Tunnel with the provided ID is created or modified. |
Deletes the specified IPSec Tunnel. |
Ensures that the IPSecGateway with the provided ID is created or modified. The full IPSecGateway needs to be provided to ensure (either update or create) the IPSecGateway. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.
To ensure that the IPSecGateway with the provided ID is created or modified, perform PUT
request.
Note: If IPSecGateway for a given gatewayId
does not exist, a new one is created instead.
Use the following endpoint to ensure IPSecGateway is created or modified: https://vpn.de-fra.ionos.com/ipsecgateways/{gatewayId}
.
Note: The following request contains a sample gatewayId
. Replace them with the gatewayId
value whose information you want to update.
Below is the list of mandatory path parameters for updating an IPSecGateway:
Below is the list of mandatory body parameters for updating an IPSecGateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The IPSec Gateway is successfully updated or created.
Returns the IPSec Tunnel by ID.
To retrieve the IPSec Tunnel, perform a GET
request.
Use the following endpoint to retrieve IPSec Tunnel: https://vpn.de-fra.ionos.com/ipsecgateways/{gatewayId}/tunnels/{tunnelId}
.
You can update the gatewayId
and tunnelId
values to get a specific IPSec Tunnel for a given gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The IPSec Tunnel and its details for the specified gatewayId
and tunnelId
are successfully obtained.
Enables retrieving all IPSec Tunnels using pagination and optional filters.
To retrieve all the IPSec Tunnels, perform a GET
request.
Use the following endpoint to retrieve all IPSec Tunnels: https://vpn.de-fra.ionos.com/ipsecgateways/{gatewayId}/tunnels
.
Below is the list of optional Path Parameters:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: All existing IPSec Tunnels and their details are successfully obtained.
Creates a new Wireguard Peer.
The full Wireguard Peer needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a Wireguard Peer, perform a POST
request.
Use the following endpoint to create Wireguard Peer: https://vpn.de-fra.ionos.com/wireguardgateways/{gatewayId}/peers
.
Below is the list of mandatory body parameters for creating a Wireguard Peer:
You can update the gatewayId
value to get a specific WireGuard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
201 Successful operation
Result: The Wireguard Peer is successfully created. the id
and other details of the created Wireguard Peer are provided in the response.
Deletes the specified IPSecTunnel.
To delete a IPSec Tunnel, perform a DELETE
request with the gatewayId
of the IPSecGateway and tunnelId
of the IPSec Tunnel.
Use the following endpoint to delete IPSec Tunnel: https://vpn.de-fra.ionos.com/ipsecgateways/{gatewayid}/tunnels/{tunnelId}
.
Note: The following request contains a sample gatewayId
and tunnelId
. Replace them with the gatewayId
and tunnelId
value, whose information you want to delete.
You can update the gatewayId
and tunnelId
values to delete a specific IPSec Tunnel for a given gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
202 Successful operation
Result: The IPSec Tunnel with the specified gatewayId
and tunnelId
is successfully deleted.
This endpoint Deletes the specified IPSec Gateway.
To delete a IPSec Gateway, perform a DELETE
request with the gatewayId
of the IPSec Gateway.
Use the following endpoint to delete IPSec Gateway: https://vpn.de-fra.ionos.com/ipsecgateways/{gatewayId}
.
Note: The following request contains a sample gatewayId
. Replace them with the gatewayId
value, whose information you want to delete.
You can update the gatewayId
value to delete a specific IPSec Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
202 Successful operation
Result: The IPSec Gateway with the specified gatewayId
is successfully deleted.
Creates a new IPSec Tunnel.
The full IPSec Tunnel needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a IPSec Tunnel, perform a POST
request.
Use the following endpoint to create IPSec Tunnel: https://vpn.de-fra.ionos.com/ipsecgateways/{gatewayId}/tunnels
.
You can update the gatewayId
value to get a specific IPSecGateway:
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
To make authenticated requests to the API, the following fields are mandatory in the request header:
201 Successful operation
Result: The IPSec Tunnel is successfully created. the id
and other details of the created IPSec Tunnel are provided in the response.
The full IPSec Gateway needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a IPSec Gateway, perform a POST
request.
Use the following endpoint to create IPSec Gateway: https://vpn.de-fra.ionos.com/ipsecgateways
.
Below is the list of mandatory body parameters for creating an IPSec Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
201 Successful operation
Result: The IPSec Gateway is successfully created. the id
and other details of the created IPSec Gateway are provided in the response.
Ensures that the IPSec Tunnel with the provided ID is created or modified. The full IPSec Tunnel needs to be provided to ensure (either update or create) the IPSec Tunnel. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.s
To ensure that the IPSec Tunnel with the provided ID is created or modified, perform PUT
request.
Note: If IPSec Tunnel for a given tunnelId
does not exist, a new one is created instead.
Use the following endpoint to ensure that IPSec Tunnel is created or modified: https://vpn.de-fra.ionos.com/ipsecgateways/{gatewayId}/tunnels/{tunnelId}
.
Note: The following request contains a sample gatewayId
and tunnelId
. Replace them with the gatewayId
and tunnelId
values whose information you want to update.
You can update the gatewayId
and tunnelId
values to specify the IPSec Gateway and Tunnel:
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Following is an example of when a IPSec Tunnel is successfully created.
Result: The IPSec Tunnel is successfully updated or created.
Path Parameters | Type | Description | Example |
---|---|---|---|
Body Parameters | Required | Type | Description | Example |
---|---|---|---|---|
Header Parameters | Required | Type | Description |
---|---|---|---|
Path Parameter | Type | Description | Example |
---|---|---|---|
Header Parameter | Required | Type | Description |
---|---|---|---|
Query Parameters | Type | Description | Example |
---|---|---|---|
Header Parameters | Required | Type | Description |
---|---|---|---|
Body Parameters | Required | Type | Description | Example |
---|---|---|---|---|
Path Parameter | Type | Description | Example |
---|---|---|---|
Header Parameters | Required | Type | Description |
---|---|---|---|
Path Parameter | Type | Description | Example |
---|---|---|---|
Header Parameter | Required | Type | Description |
---|---|---|---|
Path Parameters | Type | Description | Example |
---|---|---|---|
Header Parameters | Required | Type | Description |
---|---|---|---|
Path Parameter | Type | Description | Example |
---|---|---|---|
Body Parameters | Required | Type | Description | Example |
---|---|---|---|---|
Header Parameters | Required | Type | Description |
---|---|---|---|
Body Parameters | Required | Type | Description | Example |
---|---|---|---|---|
Header Parameters | Required | Type | Description |
---|---|---|---|
Path Parameter | Type | Description | Example |
---|---|---|---|
Body Parameters | Required | Type | Description | Example |
---|---|---|---|---|
Header Parameters | Required | Type | Description |
---|---|---|---|
gatewayId
string
The ID (UUID) of the IPSecGateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
id
yes
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update the IPSec Gateway.
properties.name
yes
string
The human readable name of your IPSec Gateway.
My Company IPSec Gateway
properties.description
no
string
Human readable description of the IPSec Gateway.
This gateway connects site A to VDC X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
81.173.1.2
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.version
no
string
The IKE version that is permitted for the VPN tunnels. Default: "IKEv2".
IKEv2
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json
.
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
tunnelId
string
The ID (UUID) of the IPSec Tunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json
.
offset
integer
The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0
0
limit
integer
The maximum number of elements to return. Use together with offset for pagination. Default: 100
100
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json
.
metadata
no
object
Metadata related to the WireGuard peer.
{}
properties
yes
object
Properties with all data needed to create a new WireGuard peer. Note: There is a limit of 20 peers per gateway.
properties.name
yes
string
The human-readable name of the WireGuard peer.
My Company Gateway Peer
properties.description
no
string
Human-readable description of the WireGuard peer.
Allows local machine A to connect to Datacenter LAN Y.
properties.endpoint
yes
object
Properties needed to define the WireGuard endpoint.
properties.endpoint.host
yes
string
Hostname or IPV4 address that the WireGuard Server will connect to.
1.2.3.4
properties.endpoint.port
yes
integer
Port that the WireGuard Server will connect to.
51820
properties.allowedIPs
yes
array
The subnet CIDRs that are allowed to connect to the WireGuard Gateway. Specify "a.b.c.d/32" for an individual IP address. Specify "0.0.0.0/0" or "::/0" for all addresses.
["1.2.3.4/32"]
properties.publicKey
yes
string
The public key for the WireGuard peer.
no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI=
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json
.
gatewayId
string
The ID (UUID) of the IPSecGateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
tunnelId
string
The ID (UUID) of the IPSecTunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
gatewayId
string
The ID (UUID) of the IPSec Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
Authorization
yes
string
The Bearer token enable requests to authenticate using an JSON Web Token (JWT).
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
properties.name
yes
string
The human-readable name of your IPSec Gateway Tunnel.
My Tunnel
properties.description
no
string
Human-readable description of the IPSec Gateway Tunnel.
Tunnel connecting site A to site B.
properties.remoteHost
yes
string
The remote peer host fully qualified domain name or IPV4 IP to connect to.
203.0.113.1
properties.auth
yes
object
Properties needed to define IPSec Authentication.
properties.auth.ike
yes
object
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
properties.auth.esp
yes
object
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
yes
array
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel.
["10.0.0.0/24", "192.168.1.0/24"]
properties.peerNetworkCIDRs
yes
array
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "192.168.2.0/24"]
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json
.
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to create a new IPSec Gateway.
properties.name
yes
string
The human readable name of your IPSec Gateway.
My Company IPSec Gateway
properties.description
no
string
Human readable description of the IPSec Gateway.
This gateway connects site A to VDC X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
81.173.1.2
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.version
no
string
The IKE version that is permitted for the VPN tunnels. Default: "IKEv2".
IKEv2
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json
.
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
tunnelId
string
The ID (UUID) of the IPSec Tunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
id
yes
string
The ID (UUID) of the IPSec Tunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
properties.name
yes
string
The human-readable name of your IPSec Gateway Tunnel.
My Updated Tunnel
properties.description
no
string
Human-readable description of the IPSec Gateway Tunnel.
Updated tunnel connecting site A to site B.
properties.remoteHost
yes
string
The remote peer host fully qualified domain name or IPV4 IP to connect to.
203.0.113.1
properties.auth
yes
object
Properties with all data needed to define IPSec Authentication.
properties.auth.method
yes
string
The Authentication Method to use for IPSec Authentication. Default: "PSK". Options: PSK
PSK
properties.auth.psk
yes
object
Properties needed to define IPSec Authentication PSK. This is required if the method is PSK
.
{ "secret": "your-psk-value" }
properties.ike
no
object
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
properties.esp
no
object
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
yes
array
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, i.e., the CIDRs within your IONOS Cloud LAN.
["10.0.0.0/24", "192.168.1.0/24"]
properties.peerNetworkCIDRs
yes
array
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "192.168.2.0/24"]
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json
.