1 of 1

Create IPSec Tunnel

Creates a new IPSec Tunnel.
The full IPSec Tunnel needs to be provided to create the object. Optional data will be filled with defaults or left empty.

To create a IPSec Tunnel, perform a POST request.

Endpoint

Use a region-specific endpoint to create IPSec Tunnel: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels.

Request

curl --location \
--request POST 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
  "metadata": {},
  "properties": {
    "name": "My Company Gateway Tunnel",
    "description": "Allows local subnet X to connect to virtual network Y.",
    "remoteHost": "vpn.mycompany.com",
    "auth": {
      "method": "PSK",
      "psk": {
        "key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
      }
    },
    "ike": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 86400
    },
    "esp": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 3600
    },
    "cloudNetworkCIDRs": [
      "203.0.113.0/24"
    ],
    "peerNetworkCIDRs": [
      "198.51.100.0/24"
    ]
  }
}'

You can update the gatewayId value to get a specific IPSecGateway:

Path Parameter

Type

Description

Example

gatewayId

string

The ID (UUID) of the IPSec Gateway.

66a114c7-2ddd-5119-9ddf-5a789f5a5a44

Below is the list of mandatory body parameters for updating an IPSec Tunnel:

Body Parameters

Required

Type

Description

Example

metadata

object

Metadata

{}

properties

yes

object

Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.

properties.name

yes

string

The human-readable name of your IPSec Gateway Tunnel.

My Tunnel

properties.description

string

Human-readable description of the IPSec Gateway Tunnel.

Tunnel connecting site A to site B.

properties.remoteHost

yes

string

The remote peer host fully qualified domain name or IPV4 IP to connect to.

203.0.113.1

properties.auth

yes

object

Properties needed to define IPSec Authentication.

properties.auth.ike

yes

object

Settings for the initial security exchange phase.

{ "encryption": "AES-256", "hash": "SHA256" }

properties.auth.esp

yes

object

Settings for the IPSec SA (ESP) phase.

{ "encryption": "AES-256", "auth": "SHA256" }

properties.cloudNetworkCIDRs

yes

array

The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel.

["10.0.0.0/24", "203.0.113.0/24"]

properties.peerNetworkCIDRs

yes

array

The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.

["10.0.1.0/24", "198.51.100.0/24"]

To make authenticated requests to the API, the following fields are mandatory in the request header:

Header Parameters

Required

Type

Description

Authorization

yes

string

The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).

Content-Type

yes

string

Set this to application/json.

Response

201 Successful operation

{
  "id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "type": "ipsectunnel",
  "href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "metadata": {
    "createdDate": "2020-12-10T13:37:50+01:00",
    "createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedDate": "2020-12-11T13:37:50+01:00",
    "lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
    "status": "AVAILABLE",
    "statusMessage": null
  },
  "properties": {
    "name": "My Company Gateway Tunnel",
    "description": "Allows local subnet X to connect to virtual network Y.",
    "remoteHost": "vpn.mycompany.com",
    "auth": {
      "method": "PSK",
      "psk": {}
    },
    "ike": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 86400
    },
    "esp": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 3600
    },
    "cloudNetworkCIDRs": [
      "203.0.113.0/24"
    ],
    "peerNetworkCIDRs": [
      "198.51.100.0/24"
    ]
  }
}

Result: The IPSec Tunnel is successfully created. the id and other details of the created IPSec Tunnel are provided in the response.

Create IPSec Tunnel

Creates a new IPSec Tunnel.
The full IPSec Tunnel needs to be provided to create the object. Optional data will be filled with defaults or left empty.

To create a IPSec Tunnel, perform a POST request.

Endpoint

Use a region-specific endpoint to create IPSec Tunnel: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels.

Request

curl --location \
--request POST 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
  "metadata": {},
  "properties": {
    "name": "My Company Gateway Tunnel",
    "description": "Allows local subnet X to connect to virtual network Y.",
    "remoteHost": "vpn.mycompany.com",
    "auth": {
      "method": "PSK",
      "psk": {
        "key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
      }
    },
    "ike": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 86400
    },
    "esp": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 3600
    },
    "cloudNetworkCIDRs": [
      "203.0.113.0/24"
    ],
    "peerNetworkCIDRs": [
      "198.51.100.0/24"
    ]
  }
}'

You can update the gatewayId value to get a specific IPSecGateway:

Path Parameter

Type

Description

Example

gatewayId

string

The ID (UUID) of the IPSec Gateway.

66a114c7-2ddd-5119-9ddf-5a789f5a5a44

Below is the list of mandatory body parameters for updating an IPSec Tunnel:

Body Parameters

Required

Type

Description

Example

metadata

object

Metadata

{}

properties

yes

object

Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.

properties.name

yes

string

The human-readable name of your IPSec Gateway Tunnel.

My Tunnel

properties.description

string

Human-readable description of the IPSec Gateway Tunnel.

Tunnel connecting site A to site B.

properties.remoteHost

yes

string

The remote peer host fully qualified domain name or IPV4 IP to connect to.

203.0.113.1

properties.auth

yes

object

Properties needed to define IPSec Authentication.

properties.auth.ike

yes

object

Settings for the initial security exchange phase.

{ "encryption": "AES-256", "hash": "SHA256" }

properties.auth.esp

yes

object

Settings for the IPSec SA (ESP) phase.

{ "encryption": "AES-256", "auth": "SHA256" }

properties.cloudNetworkCIDRs

yes

array

The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel.

["10.0.0.0/24", "203.0.113.0/24"]

properties.peerNetworkCIDRs

yes

array

The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.

["10.0.1.0/24", "198.51.100.0/24"]

To make authenticated requests to the API, the following fields are mandatory in the request header:

Header Parameters

Required

Type

Description

Authorization

yes

string

The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).

Content-Type

yes

string

Set this to application/json.

Response

201 Successful operation

{
  "id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "type": "ipsectunnel",
  "href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
  "metadata": {
    "createdDate": "2020-12-10T13:37:50+01:00",
    "createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedDate": "2020-12-11T13:37:50+01:00",
    "lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
    "resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>",
    "status": "AVAILABLE",
    "statusMessage": null
  },
  "properties": {
    "name": "My Company Gateway Tunnel",
    "description": "Allows local subnet X to connect to virtual network Y.",
    "remoteHost": "vpn.mycompany.com",
    "auth": {
      "method": "PSK",
      "psk": {}
    },
    "ike": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 86400
    },
    "esp": {
      "diffieHellmanGroup": "16-MODP4096",
      "encryptionAlgorithm": "AES256",
      "integrityAlgorithm": "SHA256",
      "lifetime": 3600
    },
    "cloudNetworkCIDRs": [
      "203.0.113.0/24"
    ],
    "peerNetworkCIDRs": [
      "198.51.100.0/24"
    ]
  }
}

Result: The IPSec Tunnel is successfully created. the id and other details of the created IPSec Tunnel are provided in the response.