# Create IPSec Tunnel
* Creates a new IPSec Tunnel.
* The full IPSec Tunnel needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a IPSec Tunnel, perform a `POST` request.
## Endpoint
Use a [region-specific](https://docs.ionos.com/sections-test/guides/network-services/vpn-gateway/api-how-tos/..#endpoints) endpoint to create IPSec Tunnel: `https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels`.
## Request
```bash
curl --location \
--request POST 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {
"key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}'
```
{% tabs %}
{% tab title="Path Parameters" %}
You can update the `gatewayId` value to get a specific IPSecGateway:
| Path Parameter | Type | Description | Example |
| -------------- | ------ | ----------------------------------- | -------------------------------------- |
| `gatewayId` | string | The ID (UUID) of the IPSec Gateway. | `66a114c7-2ddd-5119-9ddf-5a789f5a5a44` |
| {% endtab %} | | | |
{% tab title="Request Body Parameters" %}
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
| Body Parameters | Required | Type | Description | Example |
| ------------------------------ | -------- | ------ | ------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------- |
| `metadata` | no | object | Metadata | `{}` |
| `properties` | yes | object | Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway. | |
| `properties.name` | yes | string | The human-readable name of your IPSec Gateway Tunnel. | `My Tunnel` |
| `properties.description` | no | string | Human-readable description of the IPSec Gateway Tunnel. | `Tunnel connecting site A to site B.` |
| `properties.remoteHost` | yes | string | The remote peer host fully qualified domain name or IPV4 IP to connect to. | `203.0.113.1` |
| `properties.auth` | yes | object | Properties needed to define IPSec Authentication. | |
| `properties.auth.ike` | yes | object | Settings for the initial security exchange phase. | `{ "encryption": "AES-256", "hash": "SHA256" }` |
| `properties.auth.esp` | yes | object | Settings for the IPSec SA (ESP) phase. | `{ "encryption": "AES-256", "auth": "SHA256" }` |
| `properties.cloudNetworkCIDRs` | yes | array | The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel. | `["10.0.0.0/24", "203.0.113.0/24"]` |
| `properties.peerNetworkCIDRs` | yes | array | The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel. | `["10.0.1.0/24", "198.51.100.0/24"]` |
| {% endtab %} | | | | |
{% tab title="Request Header Parameters" %}
To make authenticated requests to the API, the following fields are mandatory in the request header:
| Header Parameters | Required | Type | Description |
| ----------------- | -------- | ------ | --------------------------------------------------------------------------------- |
| `Authorization` | yes | string | The Bearer token to enable requests to authenticate using a JSON Web Token (JWT). |
| `Content-Type` | yes | string | Set this to `application/json`. |
| {% endtab %} | | | |
| {% endtabs %} | | | |
## Response
**201 Successful operation**
```json
{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos::::",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}
```
{% hint style="success" %}
**Result:** The IPSec Tunnel is successfully created. the `id` and other details of the created IPSec Tunnel are provided in the response.
{% endhint %}