Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
To set user privileges via the Cloud API for creating and managing VPN Gateways, follow these steps:
Authenticate to the Cloud API using your API credentials. For more information, see Get Started with IONOS API.
Create a user using the POST /cloudapi/v6/um/users endpoint.
Set the following required parameters for the user: user's name, email address, and password.
Create a group using the POST /cloudapi/v6/um/groups endpoint.
Set accessAndManageVpn privilege to true.
Assign the user to the created group using POST /cloudapi/v6/um/groups/{groupId}/users endpoint.
Result: The privilege to create and manage VPN Gateway is granted to the user.
Action
Description
Learn how to set user privileges for VPN Gateway via the API.
A regional endpoint is necessary to interact with the VPN Gateway REST API endpoints. For more information, see the .
IONOS supports the following endpoints for various locations:
Berlin, Germany: https://vpn.de-txl.ionos.com/clusters
Frankfurt, Germany: https://vpn.de-fra.ionos.com/clusters
Logroño, Spain: https://vpn.es-vit.ionos.com/clusters
Creates a new WireGuard Gateway.
The full WireGuard Gateway needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a WireGuard Gateway, perform a POST request.
Use a endpoint to create a WireGuard Gateway: https://vpn.{region}.ionos.com/wireguardgateways.
Below is the list of mandatory body parameters for creating a WireGuard Gateway:
201 Successful operation
Result: The WireGuard Gateway is successfully created. the id and other details of the created WireGuard Gateway are provided in the response.
https://vpn.gb-lhr.ionos.com/clustersNewark, United States: https://vpn.us-ewr.ionos.com/clusters
Las Vegas, United States: https://vpn.us-las.ionos.com/clusters
Lenexa, United States: https://vpn.us-mci.ionos.com/clusters
Paris, France: https://vpn.fr-par.ionos.com/clusters
Action
Description
Endpoint to retrieve all WireGuard VPN Gateways using pagination and optional filters.
Creates a new WireGuard VPN Gateway. The full configuration needs to be provided.
Retrieves details of a specific WireGuard VPN Gateway.
Ensures that a WireGuard VPN Gateway with the provided ID is created or modified.
Deletes the specified WireGuard Gateway.
Action
Description
Endpoint to retrieve all WireGuard Peers associated with a VPN Gateway using pagination and optional filters.
Creates a new WireGuard Peer. The full configuration needs to be provided.
Retrieves details of a specific WireGuard Peer.
Ensures that a WireGuard Peer with the provided ID is created or modified.
Deletes the specified WireGuard Peer.
Action
Description
Endpoint to retrieve all IPSec VPN Gateways using pagination and optional filters.
Creates a new IPSec VPN Gateway. The full configuration needs to be provided.
Retrieves details of a specific IPSec VPN Gateway.
Ensures that an IPSec VPN Gateway with the provided ID is created or modified.
Deletes the specified IPSec Gateway.
Action
Description
Endpoint to retrieve all IPSec VPN Tunnels associated with an IPSec VPN Gateway using pagination and optional filters.
Creates a new IPSec VPN Tunnel associated with an IPSec VPN Gateway. The full configuration needs to be provided.
Retrieves details of a specific IPSec VPN Tunnel.
Ensures that an IPSec VPN Tunnel with the provided ID is created or modified.
Deletes the specified IPSec Tunnel.
Properties with all data needed to create a new WireGuard Gateway.
properties.name
yes
string
The human readable name of your WireGuard Gateway.
My Company Gateway
properties.description
no
string
Human readable description of the WireGuard Gateway.
This gateway allows connections to Datacenter LAN X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
192.0.2.0
properties.interfaceIPv4CIDR
no
string
The IPV4 address (with CIDR mask) to be assigned to the WireGuard interface.
172.16.0.1/32
properties.interfaceIPv6CIDR
no
string
The IPV6 address (with CIDR mask) to be assigned to the WireGuard interface.
2001:0db8:85a3::/128
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.privateKey
yes
string
PrivateKey used for WireGuard Server.
0HpE4BNwGHabeaC4aY/GFxB6fBSc0d49Db0qAzRVSVc=
properties.listenPort
no
integer
Port that WireGuard Server will listen on.
51820
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
metadata
no
object
Metadata
{}
properties
yes
object
curl --location \
--request POST 'https://vpn.de-fra.ionos.com/wireguardgateways' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway",
"description": "This gateway allows connections to Datacenter LAN X.",
"gatewayIP": "81.173.1.2",
"interfaceIPv4CIDR": "172.16.0.1/30",
"interfaceIPv6CIDR": "fd00::2/128",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"privateKey": "0HpE4BNwGHabeaC4aY/GFxB6fBSc0d49Db0qAzRVSVc=",
"listenPort": 51820,
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}'{
"id": "85c79b4b-5b40-570a-b788-58dd46ea71e2",
"type": "wireguardgateway",
"href": "/wireguardgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null,
"publicKey": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VuAyEApNLcmIfCLRwyGYN16teusuGPkdGo2C8OxiqaJLgOig4=\n-----END PUBLIC KEY-----\n"
},
"properties": {
"name": "My Company Gateway",
"description": "This gateway allows connections to Datacenter LAN X.",
"gatewayIP": "192.0.2.0",
"interfaceIPv4CIDR": "172.16.0.1/32",
"interfaceIPv6CIDR": "2001:0db8:85a3::/128,
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "2001:0db8:85a3::/24"
}
],
"listenPort": 51820
}
}This endpoint enables retrieving all WireGuard Gateways using pagination and optional filters.
To retrieve all the WireGuard Gateways, perform a GET request.
Use a region-specific endpoint to retrieve all WireGuard Gateways: https://vpn.{region}.ionos.com/wireguardgateways.
Below is the list of optional Path Parameters:
200 Successful operation
Result: All existing WireGuard Gateways and their details are successfully obtained.
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
offset
integer
The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0
0
limit
integer
The maximum number of elements to return. Use together with offset for pagination. Default: 100
100
curl --location \
--request GET 'https://vpn.de-fra.ionos.com/wireguardgateways?limit=100&offset=0' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'{
"id": "55871672-381f-589c-8809-4ffbecd8b27c",
"type": "collection",
"href": "/wireguardgateways",
"items": [
{
"id": "85c79b4b-5b40-570a-b788-58dd46ea71e2",
"type": "wireguardgateway",
"href": "/wireguardgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null,
"publicKey": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VuAyEApNLcmIfCLRwyGYN16teusuGPkdGo2C8OxiqaJLgOig4=\n-----END PUBLIC KEY-----\n"
},
"properties": {
"name": "My Company Gateway",
"description": "This gateway allows connections to Datacenter LAN X.",
"gatewayIP": "81.173.1.2",
"interfaceIPv4CIDR": "172.16.0.1/30",
"interfaceIPv6CIDR": "fd00::2/128",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"listenPort": 51820,
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}
],
"offset": 0,
"limit": 42,
"_links": {
"prev": "http://PREVIOUS-PAGE-URI",
"self": "http://THIS-PAGE-URI",
"next": "http://NEXT-PAGE-URI"
}
}Deletes the specified IPSecTunnel.
To delete a IPSec Tunnel, perform a DELETE request with the gatewayId of the IPSecGateway and tunnelId of the IPSec Tunnel.
Use a region-specific endpoint to delete IPSec Tunnel: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayid}/tunnels/{tunnelId}.
Note: The following request contains a sample gatewayId and tunnelId. Replace them with the gatewayId and tunnelId value, whose information you want to delete.
You can update the gatewayId and tunnelId values to delete a specific IPSec Tunnel for a given gateway:
202 Successful operation
Result: The IPSec Tunnel with the specified gatewayId and tunnelId is successfully deleted.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
gatewayId
string
The ID (UUID) of the IPSecGateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
tunnelId
string
The ID (UUID) of the IPSecTunnel.
curl --location \
--request DELETE 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'Below is the list of optional Path Parameters:
offset
integer
The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0
0
limit
integer
The maximum number of elements to return. Use together with offset for pagination. Default: 100
100
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: All existing WireGuard Peers and their details are successfully obtained.
Note: The following request contains a sample gatewayId. Replace them with the gatewayId value, whose information you want to delete.
You can update the gatewayId value to delete a specific IPSec Gateway:
gatewayId
string
The ID (UUID) of the IPSec Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
To make authenticated requests to the API, the following fields are mandatory in the request header:
202 Successful operation
Result: The IPSec Gateway with the specified gatewayId is successfully deleted.
Returns the WireGuard Gateway by ID.
To retrieve the WireGuard Gateway, perform a GET request.
Use a region-specific endpoint to retrieve a WireGuard Gateway: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}.
You can update the gatewayId value to get a specific WireGuard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The WireGuard Gateway and its details for the specified gatewayId are successfully obtained.
Deletes the specified WireGuard Peer.
To delete a WireGuard Peer, perform a DELETE request with the gatewayId of the WireGuard Gateway and peerId of the WireGuard Peer.
Use a region-specific endpoint to delete the WireGuard Peer: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayid}/peers/{peerId}.
Note: The following request contains a sample gatewayId and peerId. Replace them with the gatewayId and peerId value, whose information you want to delete.
You can update the gatewayId and peerId values to delete a specific WireGuard Peer for a given gateway:
202 Successful operation
Result: The WireGuard Peer with the specified gatewayId and peerId is successfully deleted.
curl --location \
--request GET 'https://vpn.de-fra.ionos.com/wireguardgateways/55871672-381f-589c-8809-4ffbecd8b27c/peers?limit=100&offset=0' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'{
"id": "7c33f158-b93c-5fe7-83c6-84dde2357a33",
"type": "collection",
"href": "/wireguardgateways/{gatewayId}/peers",
"items": [
{
"id": "b62b3a40-adee-5b6c-b98d-be20bfcbdd91",
"type": "wireguardpeer",
"href": "/wireguardgateways/{gatewayId}/peers/b62b3a40-adee-5b6c-b98d-be20bfcbdd91",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Peer",
"description": "Allows local machine A to connect to Datacenter LAN Y.",
"endpoint": {
"host": "198.51.100.0/24",
"port": 51820
},
"allowedIPs": [
"198.51.100.0/24"
],
"publicKey": "no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI="
}
}
],
"offset": 0,
"limit": 42,
"_links": {
"prev": "http://PREVIOUS-PAGE-URI",
"self": "http://THIS-PAGE-URI",
"next": "http://NEXT-PAGE-URI"
}
}curl --location \
--request DELETE 'https://vpn.de-fra.ionos.com/ipsecgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
Authorization
yes
string
The Bearer token enable requests to authenticate using an JSON Web Token (JWT).
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
b62b3a40-adee-5b6c-b98d-be20bfcbdd91
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
peerId
string
The ID (UUID) of the WireGuard Peer.
curl --location \
--request GET 'https://vpn.de-fra.ionos.com/wireguardgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'{
"id": "85c79b4b-5b40-570a-b788-58dd46ea71e2",
"type": "wireguardgateway",
"href": "/wireguardgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null,
"publicKey": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VuAyEApNLcmIfCLRwyGYN16teusuGPkdGo2C8OxiqaJLgOig4=\n-----END PUBLIC KEY-----\n"
},
"properties": {
"name": "My Company Gateway",
"description": "This gateway allows connections to Datacenter LAN X.",
"gatewayIP": "81.173.1.2",
"interfaceIPv4CIDR": "172.16.0.1/30",
"interfaceIPv6CIDR": "fd00::2/128",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"listenPort": 51820,
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}curl --location \
--request DELETE 'https://vpn.de-fra.ionos.com/wireguardgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2/peers/b62b3a40-adee-5b6c-b98d-be20bfcbdd91' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'Below is the list of optional Path Parameters:
offset
integer
The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0
0
limit
integer
The maximum number of elements to return. Use together with offset for pagination. Default: 100
100
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: All existing IPSec Gateways and their details are successfully obtained.
You can update the gatewayId and peerId values to get a specific WireGuard Peer for a given gateway:
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
peerId
string
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The WireGuard Peer and its details for the specified gatewayId and peerId are successfully obtained.
Below is the list of optional Path Parameters:
offset
integer
The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0
0
limit
integer
The maximum number of elements to return. Use together with offset for pagination. Default: 100
100
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: All existing IPSec Tunnels and their details are successfully obtained.
Note: The following request contains a sample gatewayId. Replace them with the gatewayId value, whose information you want to delete.
You can update the gatewayId value to delete a specific WireGuard Gateway:
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
To make authenticated requests to the API, the following fields are mandatory in the request header:
202 Successful operation
Result: The WireGuard Gateway with the specified gatewayId is successfully deleted.
Returns the IPSec Tunnel by ID.
To retrieve the IPSec Tunnel, perform a GET request.
Use a region-specific endpoint to retrieve IPSec Tunnel: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels/{tunnelId}.
You can update the gatewayId and tunnelId values to get a specific IPSec Tunnel for a given gateway:
200 Successful operation
Result: The IPSec Tunnel and its details for the specified gatewayId and tunnelId are successfully obtained.
Returns the IPSec Gateway by ID.
To retrieve the IPSec Gateway, perform a GET request.
Use a region-specific endpoint to retrieve IPSec Gateway: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}.
You can update the gatewayId value to get a specific IPSec Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The IPSec Gateway and its details for the specified gatewayId are successfully obtained.
curl --location \
--request GET 'https://vpn.de-fra.ionos.com/ipsecgateways?limit=100&offset=0' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'{
"id": "26a73a96-96e9-51d2-98d2-90043b958618",
"type": "collection",
"href": "/ipsecgateways",
"items": [
{
"id": "66a114c7-2ddd-5119-9ddf-5a789f5a5a44",
"type": "ipsecgateway",
"href": "/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway",
"description": "This gateway connects site A to VDC X.",
"gatewayIP": "81.173.1.2",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"version": "IKEv2",
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}
],
"offset": 0,
"limit": 42,
"_links": {
"prev": "http://PREVIOUS-PAGE-URI",
"self": "http://THIS-PAGE-URI",
"next": "http://NEXT-PAGE-URI"
}
}curl --location \
--request GET 'https://api.ionos.com/wireguardgateways/55871672-381f-589c-8809-4ffbecd8b27c/peers/b62b3a40-adee-5b6c-b98d-be20bfcbdd91' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'{
"id": "b62b3a40-adee-5b6c-b98d-be20bfcbdd91",
"type": "wireguardpeer",
"href": "/wireguardgateways/{gatewayId}/peers/b62b3a40-adee-5b6c-b98d-be20bfcbdd91",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Peer",
"description": "Allows local machine A to connect to Datacenter LAN Y.",
"endpoint": {
"host": "198.51.100.0/24",
"port": 51820
},
"allowedIPs": [
"198.51.100.0/24"
],
"publicKey": "no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI="
}
}curl --location \
--request GET 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels?limit=100&offset=0' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'{
"id": "0ef10f6b-8742-5e74-98ff-3e89354b1082",
"type": "collection",
"href": "/ipsecgateways/{gatewayId}/tunnels",
"items": [
{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}
],
"offset": 0,
"limit": 42,
"_links": {
"prev": "http://PREVIOUS-PAGE-URI",
"self": "http://THIS-PAGE-URI",
"next": "http://NEXT-PAGE-URI"
}
}curl --location \
--request DELETE 'https://vpn.de-fra.ionos.com/wireguardgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
The ID (UUID) of the WireGuard Peer.
b62b3a40-adee-5b6c-b98d-be20bfcbdd91
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
Authorization
yes
string
The Bearer token enable requests to authenticate using an JSON Web Token (JWT).
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
tunnelId
string
The ID (UUID) of the IPSec Tunnel.
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
curl --location \
--request GET 'https://vpn.de-fra.ionos.coms/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}curl --location \
--request GET 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'{
"id": "66a114c7-2ddd-5119-9ddf-5a789f5a5a44",
"type": "ipsecgateway",
"href": "/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway",
"description": "This gateway connects site A to VDC X.",
"gatewayIP": "81.173.1.2",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"version": "IKEv2",
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}Below is the list of mandatory body parameters for creating an IPSec Gateway:
metadata
no
object
Metadata
{}
properties
yes
To make authenticated requests to the API, the following fields are mandatory in the request header:
201 Successful operation
Result: The IPSec Gateway is successfully created. the id and other details of the created IPSec Gateway are provided in the response.
Ensures that the WireGuard Peer with the provided ID is created or modified. Remember to provide the full WireGuard Peer specification to ensure the WireGuard Peer with the respective ID is created or updated. When left empty, they are filled with default values or remain empty; previously provided values are not used for these empty fields.
To ensure that the WireGuard Peer with the provided ID is created or modified, perform PUT request.
Use a endpoint to ensure that the WireGuard Peer is created or modified: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}/peers/{peerId}.
Below is the list of mandatory path parameters:
Below is the list of fields returned in the response for a WireGuard Peer:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Following is an example of when a WireGuard Peer is successfully created.
Result: The WireGuard Peer is successfully updated or created.
Ensures that the IPSecGateway with the provided ID is created or modified. The full IPSecGateway needs to be provided to ensure (either update or create) the IPSecGateway. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.
To ensure that the IPSecGateway with the provided ID is created or modified, perform PUT request.
curl --location \
--request POST 'https://vpn.de-fra.ionos.com/ipsecgateways' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway",
"description": "This gateway connects site A to VDC X.",
"gatewayIP": "81.173.1.2",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"version": "IKEv2",
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}'
{
"id": "66a114c7-2ddd-5119-9ddf-5a789f5a5a44",
"type": "ipsecgateway",
"href": "/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway",
"description": "This gateway connects site A to VDC X.",
"gatewayIP": "81.173.1.2",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"version": "IKEv2",
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}object
Properties with all data needed to create a new IPSec Gateway.
properties.name
yes
string
The human readable name of your IPSec Gateway.
My Company IPSec Gateway
properties.description
no
string
Human readable description of the IPSec Gateway.
This gateway connects site A to VDC X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
192.0.2.0
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.version
no
string
The IKE version that is permitted for the VPN tunnels. Default: "IKEv2".
IKEv2
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
properties.name
string
The human-readable name of the WireGuard Peer.
My Company Gateway Peer
properties.description
string
Human-readable description of the WireGuard Peer.
Allows local machine A to connect to Datacenter LAN Y.
properties.endpoint
object
Endpoint details for the WireGuard Peer.
properties.endpoint.host
string
The host IP address or domain for the WireGuard Peer.
198.51.100.0/24
properties.endpoint.port
integer
The port number for the WireGuard Peer.
51820
properties.allowedIPs
array
The subnet CIDRs that are allowed to connect to the WireGuard Gateway.
["198.51.100.0/24"]
properties.publicKey
string
The public key for the WireGuard Peer.
no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI=
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
peerId
string
The ID (UUID) of the WireGuard Peer.
b62b3a40-adee-5b6c-b98d-be20bfcbdd91
id
string
The unique identifier (UUID) for the WireGuard Peer.
b62b3a40-adee-5b6c-b98d-be20bfcbdd91
metadata
object
Metadata related to the WireGuard Peer.
{}
properties
object
Properties of the WireGuard Peer.
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
curl --location \
--request PUT 'https://vpn.de-fra.ionos.com/wireguardgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2/peers/b62b3a40-adee-5b6c-b98d-be20bfcbdd91' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway Peer",
"description": "Allows local machine A to connect to Datacenter LAN Y.",
"endpoint": {
"host": "198.51.100.0/24",
"port": 51820
},
"allowedIPs": [
"198.51.100.0/24"
],
"publicKey": "no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI="
}
}'{
"id": "b62b3a40-adee-5b6c-b98d-be20bfcbdd91",
"type": "wireguardpeer",
"href": "/wireguardgateways/{gatewayId}/peers/b62b3a40-adee-5b6c-b98d-be20bfcbdd91",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Peer",
"description": "Allows local machine A to connect to Datacenter LAN Y.",
"endpoint": {
"host": "198.51.100.0/24",
"port": 51820
},
"allowedIPs": [
"198.51.100.0/24"
],
"publicKey": "no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI="
}
}Use a region-specific endpoint to create a WireGuard Peer: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}/peers.
Below is the list of mandatory body parameters for creating a WireGuard Peer:
metadata
no
object
Metadata related to the WireGuard peer.
{}
properties
yes
You can update the gatewayId value to get a specific WireGuard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
201 Successful operation
Result: The WireGuard Peer is successfully created. the id and other details of the created WireGuard Peer are provided in the response.
Use a region-specific endpoint to create IPSec Tunnel: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels.
You can update the gatewayId value to get a specific IPSecGateway:
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
To make authenticated requests to the API, the following fields are mandatory in the request header:
201 Successful operation
Result: The IPSec Tunnel is successfully created. the id and other details of the created IPSec Tunnel are provided in the response.
Use a region-specific endpoint to ensure IPSecGateway is created or modified: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}.
Below is the list of mandatory path parameters for updating an IPSecGateway:
gatewayId
string
The ID (UUID) of the IPSecGateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
Below is the list of mandatory body parameters for updating an IPSecGateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The IPSec Gateway is successfully updated or created.
Ensures that the WireGuard Gateway with the provided ID is created or modified. Remember to provide the full WireGuard Gateway specification to ensure the WireGuard Gateway with the respective ID is created or updated. When left empty, they are filled with default values or remain empty; previously provided values are not used for these empty fields.
To ensure that the WireGuard Gateway with the provided ID is created or modified, perform PUT request.
Use a endpoint to ensure that the WireGuard Gateway is created or modified: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}.
Below is the list of mandatory path parameters:
Below is the list of mandatory body parameters for updating a WireGuard Gateway:
200 Successful operation
Following is an example of when a WireGuard Gateway is successfully created.
Result: The WireGuard Gateway is successfully updated or created.
curl --location \
--request POST 'https://vpn.de-fra.ionos.com/wireguardgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2/peers' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway Peer",
"description": "Allows local machine A to connect to Datacenter LAN Y.",
"endpoint": {
"host": "198.51.100.0/24",
"port": 51820
},
"allowedIPs": [
"198.51.100.0/24"
],
"publicKey": "no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI="
}
}'
{
"id": "b62b3a40-adee-5b6c-b98d-be20bfcbdd91",
"type": "wireguardpeer",
"href": "/wireguardgateways/{gatewayId}/peers/b62b3a40-adee-5b6c-b98d-be20bfcbdd91",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Peer",
"description": "Allows local machine A to connect to Datacenter LAN Y.",
"endpoint": {
"host": "198.51.100.0/24",
"port": 51820
},
"allowedIPs": [
"198.51.100.0/24"
],
"publicKey": "no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI="
}
}curl --location \
--request POST 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {
"key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}'
{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}curl --location \
--request PUT 'https://vpn.de-fra.ionos.com/ipssecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"id": "66a114c7-2ddd-5119-9ddf-5a789f5a5a44",
"metadata": {},
"properties": {
"name": "My Company Gateway",
"description": "This gateway connects site A to VDC X.",
"gatewayIP": "81.173.1.2",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"version": "IKEv2",
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}'
{
"id": "66a114c7-2ddd-5119-9ddf-5a789f5a5a44",
"type": "ipsecgateway",
"href": "/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway",
"description": "This gateway connects site A to VDC X.",
"gatewayIP": "81.173.1.2",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"version": "IKEv2",
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}object
Properties with all data needed to create a new WireGuard peer. Note: There is a limit of 20 peers per gateway.
properties.name
yes
string
The human-readable name of the WireGuard peer.
My Company Gateway Peer
properties.description
no
string
Human-readable description of the WireGuard peer.
Allows local machine A to connect to Datacenter LAN Y.
properties.endpoint
yes
object
Properties needed to define the WireGuard endpoint.
properties.endpoint.host
yes
string
Hostname or IPV4 address that the WireGuard Server will connect to.
198.51.100.0/24
properties.endpoint.port
yes
integer
Port that the WireGuard Server will connect to.
51820
properties.allowedIPs
yes
array
The subnet CIDRs that are allowed to connect to the WireGuard Gateway. Specify "a.b.c.d/xy" for an individual IP address. Specify "0.0.0.0/0" or "::/0" for all IP addresses.
["198.51.100.0/24"]
properties.publicKey
yes
string
The public key for the WireGuard peer.
no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI=
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
string
The human-readable name of your IPSec Gateway Tunnel.
My Tunnel
properties.description
no
string
Human-readable description of the IPSec Gateway Tunnel.
Tunnel connecting site A to site B.
properties.remoteHost
yes
string
The remote peer host fully qualified domain name or IPV4 IP to connect to.
203.0.113.1
properties.auth
yes
object
Properties needed to define IPSec Authentication.
properties.auth.ike
yes
object
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
properties.auth.esp
yes
object
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
yes
array
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel.
["10.0.0.0/24", "203.0.113.0/24"]
properties.peerNetworkCIDRs
yes
array
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "198.51.100.0/24"]
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
properties.name
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
yes
The human readable name of your IPSec Gateway.
My Company IPSec Gateway
properties.description
no
string
Human readable description of the IPSec Gateway.
This gateway connects site A to VDC X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
192.0.2.0
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.version
no
string
The IKE version that is permitted for the VPN tunnels. Default: "IKEv2".
IKEv2
id
yes
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update the IPSec Gateway.
properties.name
yes
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
string
id
yes
string
The ID (UUID) of the WireGuard Gateway to update.
85c79b4b-5b40-570a-b788-58dd46ea71e2
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update the WireGuard Gateway.
properties.name
yes
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
Ensures that the IPSec Tunnel with the provided ID is created or modified. The full IPSec Tunnel needs to be provided to ensure (either update or create) the IPSec Tunnel. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.s
To ensure that the IPSec Tunnel with the provided ID is created or modified, perform PUT request.
Use a endpoint to ensure that IPSec Tunnel is created or modified: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels/{tunnelId}.
You can update the gatewayId and tunnelId values to specify the IPSec Gateway and Tunnel:
200 Successful operation
Following is an example of when a IPSec Tunnel is successfully created.
Result: The IPSec Tunnel is successfully updated or created.
curl --location \
--request PUT 'https://vpn.de-fra.ionos.com/wireguardgateways/85c79b4b-5b40-570a-b788-58dd46ea71e2' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"id": "85c79b4b-5b40-570a-b788-58dd46ea71e2",
"metadata": {},
"properties": {
"name": "My Company Gateway",
"description": "This gateway allows connections to Datacenter LAN X.",
"gatewayIP": "192.0.2.0",
"interfaceIPv4CIDR": "172.17.0.1/32",
"interfaceIPv6CIDR": "2001:0db8:85a3::/128",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "2001:0db8:85a3::/24"
}
],
"privateKey": "0HpE4BNwGHabeaC4aY/GFxB6fBSc0d49Db0qAzRVSVc=",
"listenPort": 51820
}
}'{
"id": "85c79b4b-5b40-570a-b788-58dd46ea71e2",
"metadata": {},
"properties": {
"name": "My Company Gateway",
"description": "This gateway allows connections to Datacenter LAN X.",
"gatewayIP": "81.173.1.2",
"interfaceIPv4CIDR": "172.16.0.1/30",
"interfaceIPv6CIDR": "fd00::2/128",
"connections": [
{
"datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003",
"lanId": "2",
"ipv4CIDR": "192.168.1.100/24",
"ipv6CIDR": "fd28:5f8d:d9fe:08bd::/64"
}
],
"privateKey": "0HpE4BNwGHabeaC4aY/GFxB6fBSc0d49Db0qAzRVSVc=",
"listenPort": 51820,
"tier": "STANDARD",
"maintenanceWindow": {
"time": "16:30:59",
"dayOfTheWeek": "Monday"
}
}
}string
The human readable name of your WireGuard Gateway.
My Company Gateway
properties.description
no
string
Human readable description of the WireGuard Gateway.
This gateway allows connections to Datacenter LAN X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
192.0.2.0
properties.interfaceIPv4CIDR
no
string
The IPV4 address (with CIDR mask) to be assigned to the WireGuard interface.
172.16.0.1/32
properties.interfaceIPv6CIDR
no
string
The IPV6 address (with CIDR mask) to be assigned to the WireGuard interface.
2001:0db8:85a3::/128
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.privateKey
yes
string
PrivateKey used for WireGuard Server.
0HpE4BNwGHabeaC4aY/GFxB6fBSc0d49Db0qAzRVSVc=
properties.listenPort
no
integer
Port that WireGuard Server will listen on.
51820
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
id
yes
string
The ID (UUID) of the IPSec Tunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
metadata
no
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
tunnelId
string
The ID (UUID) of the IPSec Tunnel.
curl --location \
--request PUT 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {
"key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}'{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}object
Metadata
{}
properties
yes
object
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
properties.name
yes
string
The human-readable name of your IPSec Gateway Tunnel.
My Updated Tunnel
properties.description
no
string
Human-readable description of the IPSec Gateway Tunnel.
Updated tunnel connecting site A to site B.
properties.remoteHost
yes
string
The remote peer host fully qualified domain name or IPV4 IP to connect to.
203.0.113.1
properties.auth
yes
object
Properties with all data needed to define IPSec Authentication.
properties.auth.method
yes
string
The Authentication Method to use for IPSec Authentication. Default: "PSK". Options: PSK
PSK
properties.auth.psk
yes
object
Properties needed to define IPSec Authentication PSK. This is required if the method is PSK.
{ "secret": "your-psk-value" }
properties.ike
no
object
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
properties.esp
no
object
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
yes
array
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, that is, the CIDRs within your IONOS Cloud LAN.
["10.0.0.0/24", "203.0.113.0/24"]
properties.peerNetworkCIDRs
yes
array
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "198.51.100.0/24"]