Provides a resource, that manages IPsec tunnels for Magic Transit.
resource "cloudflare_ipsec_tunnel" "example" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "IPsec_1"
customer_endpoint = "203.0.113.1"
cloudflare_endpoint = "203.0.113.1"
interface_address = "192.0.2.0/31"
description = "Tunnel for ISP X"
health_check_enabled = true
health_check_target = "203.0.113.1"
health_check_type = "reply"
psk = "asdf12341234"
allow_null_cipher = false
}
cloudflare_endpoint
(String) IP address assigned to the Cloudflare side of the IPsec tunnel.customer_endpoint
(String) IP address assigned to the customer side of the IPsec tunnel.interface_address
(String) 31-bit prefix (/31 in CIDR notation) supporting 2 hosts, one for each side of the tunnel.name
(String) Name of the IPsec tunnel.account_id
(String) The account identifier to target for the resource. Modifying this attribute will force creation of a new resource.allow_null_cipher
(Boolean) Specifies if this tunnel may use a null cipher (ENCR_NULL) in Phase 2. Defaults to false
.description
(String) An optional description of the IPsec tunnel.fqdn_id
(String) remote_id
in the form of a fqdn. This value is generated by cloudflare.health_check_direction
(String) Specifies the direction for the health check. Available values: unidirectional
, bidirectional
Default: unidirectional
.health_check_enabled
(Boolean) Specifies if ICMP tunnel health checks are enabled. Default: true
.health_check_rate
(String) Specifies the ICMP rate for the health check. Available values: low
, mid
, high
Default: mid
.health_check_target
(String) The IP address of the customer endpoint that will receive tunnel health checks. Default: <customer_gre_endpoint>
.health_check_type
(String) Specifies the ICMP echo type for the health check (request
or reply
). Available values: request
, reply
Default: reply
.hex_id
(String) remote_id
as a hex string. This value is generated by cloudflare.psk
(String, Sensitive) Pre shared key to be used with the IPsec tunnel. If left unset, it will be autogenerated.remote_id
(String) ID to be used while setting up the IPsec tunnel. This value is generated by cloudflare.replay_protection
(Boolean) Specifies if replay protection is enabled. Defaults to false
.user_id
(String) remote_id
in the form of an email address. This value is generated by cloudflare.id
(String) The ID of this resource.Import is supported using the following syntax:
$ terraform import cloudflare_ipsec_tunnel.example <account_id>/<tunnel_id>