Creates a new IPSec Tunnel.
The full IPSec Tunnel needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a IPSec Tunnel, perform a POST request.
Use a endpoint to create IPSec Tunnel: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels.
You can update the gatewayId value to get a specific IPSecGateway:
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
201 Successful operation
Result: The IPSec Tunnel is successfully created. the id and other details of the created IPSec Tunnel are provided in the response.
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
properties.name
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
curl --location \
--request POST 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {
"key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}'
{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}yes
string
The human-readable name of your IPSec Gateway Tunnel.
My Tunnel
properties.description
no
string
Human-readable description of the IPSec Gateway Tunnel.
Tunnel connecting site A to site B.
properties.remoteHost
yes
string
The remote peer host fully qualified domain name or IPV4 IP to connect to.
203.0.113.1
properties.auth
yes
object
Properties needed to define IPSec Authentication.
properties.auth.ike
yes
object
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
properties.auth.esp
yes
object
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
yes
array
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel.
["10.0.0.0/24", "203.0.113.0/24"]
properties.peerNetworkCIDRs
yes
array
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "198.51.100.0/24"]