Ensure IPSec Tunnel

Ensures that the IPSec Tunnel with the provided ID is created or modified. The full IPSec Tunnel needs to be provided to ensure (either update or create) the IPSec Tunnel. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.s

To ensure that the IPSec Tunnel with the provided ID is created or modified, perform PUT request.

Note: If IPSec Tunnel for a given tunnelId does not exist, a new one is created instead.

Endpoint

Use a region-specific endpoint to ensure that IPSec Tunnel is created or modified: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels/{tunnelId}.

Request

Note: The following request contains a sample gatewayId and tunnelId. Replace them with the gatewayId and tunnelId values whose information you want to update.

curl --location \
--request PUT 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
  "id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "metadata": {},
  "properties": {
    "name": "My Company Gateway Tunnel",
    "description": "Allows local subnet X to connect to virtual network Y.",
    "remoteHost": "vpn.mycompany.com",
    "auth": {
      "method": "PSK",
      "psk": {
        "key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
      }
    },
    "ike": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 86400
    },
    "esp": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 3600
    },
    "cloudNetworkCIDRs": [
      "203.0.113.0/24"
    ],
    "peerNetworkCIDRs": [
      "198.51.100.0/24"
    ]
  }
}'

You can update the gatewayId and tunnelId values to specify the IPSec Gateway and Tunnel:

Path Parameter

Type

Description

Example

gatewayId

string

The ID (UUID) of the IPSec Gateway.

66a114c7-2ddd-5119-9ddf-5a789f5a5a44

tunnelId

string

The ID (UUID) of the IPSec Tunnel.

c28b2d3e-7b15-53ca-ae88-6ae9378d6efe

Below is the list of mandatory body parameters for updating an IPSec Tunnel:

Body Parameters

Required

Type

Description

Example

id

yes

string

The ID (UUID) of the IPSec Tunnel.

c28b2d3e-7b15-53ca-ae88-6ae9378d6efe

metadata

object

Metadata

{}

properties

yes

object

Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.

properties.name

yes

string

The human-readable name of your IPSec Gateway Tunnel.

My Updated Tunnel

properties.description

string

Human-readable description of the IPSec Gateway Tunnel.

Updated tunnel connecting site A to site B.

properties.remoteHost

yes

string

The remote peer host fully qualified domain name or IPV4 IP to connect to.

203.0.113.1

properties.auth

yes

object

Properties with all data needed to define IPSec Authentication.

properties.auth.method

yes

string

The Authentication Method to use for IPSec Authentication. Default: "PSK". Options: PSK

PSK

properties.auth.psk

yes

object

Properties needed to define IPSec Authentication PSK. This is required if the method is PSK.

{ "secret": "your-psk-value" }

properties.ike

object

Settings for the initial security exchange phase.

{ "encryption": "AES-256", "hash": "SHA256" }

properties.esp

object

Settings for the IPSec SA (ESP) phase.

{ "encryption": "AES-256", "auth": "SHA256" }

properties.cloudNetworkCIDRs

yes

array

The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, that is, the CIDRs within your IONOS Cloud LAN.

["10.0.0.0/24", "203.0.113.0/24"]

properties.peerNetworkCIDRs

yes

array

The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.

["10.0.1.0/24", "198.51.100.0/24"]

To make authenticated requests to the API, the following fields are mandatory in the request header:

Header Parameters

Required

Type

Description

Authorization

yes

string

The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).

Content-Type

yes

string

Set this to application/json.

Response

200 Successful operation

Following is an example of when a IPSec Tunnel is successfully created.

{
  "id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "type": "ipsectunnel",
  "href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "metadata": {
    "createdDate": "2020-12-10T13:37:50+01:00",
    "createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedDate": "2020-12-11T13:37:50+01:00",
    "lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
    "status": "AVAILABLE",
    "statusMessage": null
  },
  "properties": {
    "name": "My Company Gateway Tunnel",
    "description": "Allows local subnet X to connect to virtual network Y.",
    "remoteHost": "vpn.mycompany.com",
    "auth": {
      "method": "PSK",
      "psk": {}
    },
    "ike": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 86400
    },
    "esp": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 3600
    },
    "cloudNetworkCIDRs": [
      "203.0.113.0/24"
    ],
    "peerNetworkCIDRs": [
      "198.51.100.0/24"
    ]
  }
}

Result: The IPSec Tunnel is successfully updated or created.

PreviousRetrieve IPSec Tunnel NextDelete IPSec Tunnel

Last updated 6 months ago

Was this helpful?