curl--location \--request POST'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels' \--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \--header 'Content-Type: application/json' \--data-raw '{ "metadata": {}, "properties": { "name": "My Company Gateway Tunnel", "description": "Allows local subnet X to connect to virtual network Y.", "remoteHost": "vpn.mycompany.com", "auth": { "method": "PSK", "psk": { "key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa" } }, "ike": { "diffieHellmanGroup": "16-MODP4096", "encryptionAlgorithm": "AES256", "integrityAlgorithm": "SHA256", "lifetime": 86400 }, "esp": { "diffieHellmanGroup": "16-MODP4096", "encryptionAlgorithm": "AES256", "integrityAlgorithm": "SHA256", "lifetime": 3600 }, "cloudNetworkCIDRs": [ "203.0.113.0/24" ], "peerNetworkCIDRs": [ "198.51.100.0/24" ] }}'
You can update the gatewayId value to get a specific IPSecGateway:
Path Parameter
Type
Description
Example
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
Body Parameters
Required
Type
Description
Example
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
The human-readable name of your IPSec Gateway Tunnel.
Human-readable description of the IPSec Gateway Tunnel.
Tunnel connecting site A to site B.
The remote peer host fully qualified domain name or IPV4 IP to connect to.
Properties needed to define IPSec Authentication.
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel.
["10.0.0.0/24", "203.0.113.0/24"]
properties.peerNetworkCIDRs
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "198.51.100.0/24"]
{ "id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe", "type": "ipsectunnel", "href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe", "metadata": { "createdDate": "2020-12-10T13:37:50+01:00", "createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3", "createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3", "lastModifiedDate": "2020-12-11T13:37:50+01:00", "lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3", "lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3", "resourceURN": "ionos:<product>:<location>:<contract>:<resource-path>", "status": "AVAILABLE", "statusMessage": null }, "properties": { "name": "My Company Gateway Tunnel", "description": "Allows local subnet X to connect to virtual network Y.", "remoteHost": "vpn.mycompany.com", "auth": { "method": "PSK", "psk": {} }, "ike": { "diffieHellmanGroup": "16-MODP4096", "encryptionAlgorithm": "AES256", "integrityAlgorithm": "SHA256", "lifetime": 86400 }, "esp": { "diffieHellmanGroup": "16-MODP4096", "encryptionAlgorithm": "AES256", "integrityAlgorithm": "SHA256", "lifetime": 3600 }, "cloudNetworkCIDRs": [ "203.0.113.0/24" ], "peerNetworkCIDRs": [ "198.51.100.0/24" ] }}
Result: The IPSec Tunnel is successfully created. the id and other details of the created IPSec Tunnel are provided in the response.
