User GuidesDeveloper ReferenceSupportFAQsLog in

Create IPSec Tunnel or a WireGuard Peer

After creating a VPN Gateway, you can create a Tunnel or a Peer based on your chosen VPN Gateway protocol.

To create tunnels or peers, follow these steps:

1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.

2. On the VPN Gateways page, click Create Tunnels or Create Peers based on the chosen VPN Gateway protocol.

Create Tunnels
Create Peers

3. Enter the following details:

Enter the following details in the Create IPSec Tunnel page:

Properties

  • Tunnel name: Enter a tunnel name.

  • Description: (Optional). Enter a description.

  • Remote host: Enter a valid public IPv4 address or an Fully Qualified Domain Name (FQDN).

Define Tunnel Properties

Authentication

  • Pre-shared key (PSK): Enter a valid key or click Generate to automatically generate a key.

Initial Exchange (IKE_SA_INIT) Settings

Select an appropriate value from the drop-down list for the following:

Settings
Values

Diffie-Hellman Group

15-MODP3072 16-MODP4096 19-ECP256 20-ECP384 21-ECP521 28-ECP256BP 29-ECP384BP 30-ECP512BP

Encryption Algorithm

AES128-CTR AES256-CTR AES128-GCM-16 AES256-GCM-16 AES128-GCM-12 AES256-GCM-12 AES128-CCM-12 AES256-CCM-12 AES128 AES256

Integrity Algorithm

SHA256 SHA384 SHA512 AES-XCBC

Lifetime

Specify a value starting from 3600 seconds to a maximum of 604800 seconds.

For more information about determining the appropriate combination of encryption and hashing algorithms based on your need, see FAQs.

Child SA/IPSec SA Settings (ESP)

Select an appropriate value from the drop-down list for the following:

Settings
Values

Diffie-Hellman Group

15-MODP3072 16-MODP4096 19-ECP256 20-ECP384 21-ECP521 28-ECP256BP 29-ECP384BP 30-ECP512BP

Encryption Algorithm

AES128-CTR AES256-CTR AES128-GCM-16 AES256-GCM-16 AES128-GCM-12 AES256-GCM-12 AES128-CCM-12 AES256-CCM-12 AES128 AES256

Integrity Algorithm

SHA256 SHA384 SHA512 AES-XCBC

Lifetime

Specify a value starting from 600 seconds to a maximum of 86400 seconds.

For more information about the combination of encryption and hashing algorithms for your needs, see FAQs.

Define Tunnel Properties

Network CIDRs

Enter the following details:

  • Cloud Network CIDRs: Specify up to 20 IPv4 or IPv6 network addresses, separated by commas, on IONOS Cloud that can connect to the tunnel.

  • Peer Network CIDRs: Specify up to to 20 IPv4 or IPv6 addresses, separated by commas, on the peer side that can connect to the tunnel.

4. Click Save to save the configuration.

PreviousCreate VPN GatewayNextView VPN Gateways

Last updated

Revision created

updated