Cloudflare v6.1.2, Apr 28 25

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

cloudflare.MagicWanIpsecTunnel

Explore with Pulumi AI

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleMagicWanIpsecTunnel = new cloudflare.MagicWanIpsecTunnel("example_magic_wan_ipsec_tunnel", {
    accountId: "023e105f4ecef8ad9ca31a8372d0c353",
    cloudflareEndpoint: "203.0.113.1",
    interfaceAddress: "192.0.2.0/31",
    name: "IPsec_1",
    customerEndpoint: "203.0.113.1",
    description: "Tunnel for ISP X",
    healthCheck: {
        direction: "bidirectional",
        enabled: true,
        rate: "low",
        target: {
            saved: "203.0.113.1",
        },
        type: "request",
    },
    psk: "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
    replayProtection: false,
});

import pulumi
import pulumi_cloudflare as cloudflare

example_magic_wan_ipsec_tunnel = cloudflare.MagicWanIpsecTunnel("example_magic_wan_ipsec_tunnel",
    account_id="023e105f4ecef8ad9ca31a8372d0c353",
    cloudflare_endpoint="203.0.113.1",
    interface_address="192.0.2.0/31",
    name="IPsec_1",
    customer_endpoint="203.0.113.1",
    description="Tunnel for ISP X",
    health_check={
        "direction": "bidirectional",
        "enabled": True,
        "rate": "low",
        "target": {
            "saved": "203.0.113.1",
        },
        "type": "request",
    },
    psk="O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
    replay_protection=False)

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewMagicWanIpsecTunnel(ctx, "example_magic_wan_ipsec_tunnel", &cloudflare.MagicWanIpsecTunnelArgs{
			AccountId:          pulumi.String("023e105f4ecef8ad9ca31a8372d0c353"),
			CloudflareEndpoint: pulumi.String("203.0.113.1"),
			InterfaceAddress:   pulumi.String("192.0.2.0/31"),
			Name:               pulumi.String("IPsec_1"),
			CustomerEndpoint:   pulumi.String("203.0.113.1"),
			Description:        pulumi.String("Tunnel for ISP X"),
			HealthCheck: &cloudflare.MagicWanIpsecTunnelHealthCheckArgs{
				Direction: pulumi.String("bidirectional"),
				Enabled:   pulumi.Bool(true),
				Rate:      pulumi.String("low"),
				Target: &cloudflare.MagicWanIpsecTunnelHealthCheckTargetArgs{
					Saved: pulumi.String("203.0.113.1"),
				},
				Type: pulumi.String("request"),
			},
			Psk:              pulumi.String("O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy"),
			ReplayProtection: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleMagicWanIpsecTunnel = new Cloudflare.MagicWanIpsecTunnel("example_magic_wan_ipsec_tunnel", new()
    {
        AccountId = "023e105f4ecef8ad9ca31a8372d0c353",
        CloudflareEndpoint = "203.0.113.1",
        InterfaceAddress = "192.0.2.0/31",
        Name = "IPsec_1",
        CustomerEndpoint = "203.0.113.1",
        Description = "Tunnel for ISP X",
        HealthCheck = new Cloudflare.Inputs.MagicWanIpsecTunnelHealthCheckArgs
        {
            Direction = "bidirectional",
            Enabled = true,
            Rate = "low",
            Target = new Cloudflare.Inputs.MagicWanIpsecTunnelHealthCheckTargetArgs
            {
                Saved = "203.0.113.1",
            },
            Type = "request",
        },
        Psk = "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
        ReplayProtection = false,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.MagicWanIpsecTunnel;
import com.pulumi.cloudflare.MagicWanIpsecTunnelArgs;
import com.pulumi.cloudflare.inputs.MagicWanIpsecTunnelHealthCheckArgs;
import com.pulumi.cloudflare.inputs.MagicWanIpsecTunnelHealthCheckTargetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleMagicWanIpsecTunnel = new MagicWanIpsecTunnel("exampleMagicWanIpsecTunnel", MagicWanIpsecTunnelArgs.builder()
            .accountId("023e105f4ecef8ad9ca31a8372d0c353")
            .cloudflareEndpoint("203.0.113.1")
            .interfaceAddress("192.0.2.0/31")
            .name("IPsec_1")
            .customerEndpoint("203.0.113.1")
            .description("Tunnel for ISP X")
            .healthCheck(MagicWanIpsecTunnelHealthCheckArgs.builder()
                .direction("bidirectional")
                .enabled(true)
                .rate("low")
                .target(MagicWanIpsecTunnelHealthCheckTargetArgs.builder()
                    .saved("203.0.113.1")
                    .build())
                .type("request")
                .build())
            .psk("O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy")
            .replayProtection(false)
            .build());

    }
}

resources:
  exampleMagicWanIpsecTunnel:
    type: cloudflare:MagicWanIpsecTunnel
    name: example_magic_wan_ipsec_tunnel
    properties:
      accountId: 023e105f4ecef8ad9ca31a8372d0c353
      cloudflareEndpoint: 203.0.113.1
      interfaceAddress: 192.0.2.0/31
      name: IPsec_1
      customerEndpoint: 203.0.113.1
      description: Tunnel for ISP X
      healthCheck:
        direction: bidirectional
        enabled: true
        rate: low
        target:
          saved: 203.0.113.1
        type: request
      psk: O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy
      replayProtection: false

Create MagicWanIpsecTunnel Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new MagicWanIpsecTunnel(name: string, args: MagicWanIpsecTunnelArgs, opts?: CustomResourceOptions);

@overload
def MagicWanIpsecTunnel(resource_name: str,
                        args: MagicWanIpsecTunnelArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def MagicWanIpsecTunnel(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        account_id: Optional[str] = None,
                        cloudflare_endpoint: Optional[str] = None,
                        interface_address: Optional[str] = None,
                        name: Optional[str] = None,
                        customer_endpoint: Optional[str] = None,
                        description: Optional[str] = None,
                        health_check: Optional[MagicWanIpsecTunnelHealthCheckArgs] = None,
                        ipsec_tunnel_id: Optional[str] = None,
                        psk: Optional[str] = None,
                        replay_protection: Optional[bool] = None)

func NewMagicWanIpsecTunnel(ctx *Context, name string, args MagicWanIpsecTunnelArgs, opts ...ResourceOption) (*MagicWanIpsecTunnel, error)

public MagicWanIpsecTunnel(string name, MagicWanIpsecTunnelArgs args, CustomResourceOptions? opts = null)

public MagicWanIpsecTunnel(String name, MagicWanIpsecTunnelArgs args)
public MagicWanIpsecTunnel(String name, MagicWanIpsecTunnelArgs args, CustomResourceOptions options)

type: cloudflare:MagicWanIpsecTunnel
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var magicWanIpsecTunnelResource = new Cloudflare.MagicWanIpsecTunnel("magicWanIpsecTunnelResource", new()
{
    AccountId = "string",
    CloudflareEndpoint = "string",
    InterfaceAddress = "string",
    Name = "string",
    CustomerEndpoint = "string",
    Description = "string",
    HealthCheck = new Cloudflare.Inputs.MagicWanIpsecTunnelHealthCheckArgs
    {
        Direction = "string",
        Enabled = false,
        Rate = "string",
        Target = new Cloudflare.Inputs.MagicWanIpsecTunnelHealthCheckTargetArgs
        {
            Effective = "string",
            Saved = "string",
        },
        Type = "string",
    },
    IpsecTunnelId = "string",
    Psk = "string",
    ReplayProtection = false,
});

example, err := cloudflare.NewMagicWanIpsecTunnel(ctx, "magicWanIpsecTunnelResource", &cloudflare.MagicWanIpsecTunnelArgs{
	AccountId:          pulumi.String("string"),
	CloudflareEndpoint: pulumi.String("string"),
	InterfaceAddress:   pulumi.String("string"),
	Name:               pulumi.String("string"),
	CustomerEndpoint:   pulumi.String("string"),
	Description:        pulumi.String("string"),
	HealthCheck: &cloudflare.MagicWanIpsecTunnelHealthCheckArgs{
		Direction: pulumi.String("string"),
		Enabled:   pulumi.Bool(false),
		Rate:      pulumi.String("string"),
		Target: &cloudflare.MagicWanIpsecTunnelHealthCheckTargetArgs{
			Effective: pulumi.String("string"),
			Saved:     pulumi.String("string"),
		},
		Type: pulumi.String("string"),
	},
	IpsecTunnelId:    pulumi.String("string"),
	Psk:              pulumi.String("string"),
	ReplayProtection: pulumi.Bool(false),
})

var magicWanIpsecTunnelResource = new MagicWanIpsecTunnel("magicWanIpsecTunnelResource", MagicWanIpsecTunnelArgs.builder()
    .accountId("string")
    .cloudflareEndpoint("string")
    .interfaceAddress("string")
    .name("string")
    .customerEndpoint("string")
    .description("string")
    .healthCheck(MagicWanIpsecTunnelHealthCheckArgs.builder()
        .direction("string")
        .enabled(false)
        .rate("string")
        .target(MagicWanIpsecTunnelHealthCheckTargetArgs.builder()
            .effective("string")
            .saved("string")
            .build())
        .type("string")
        .build())
    .ipsecTunnelId("string")
    .psk("string")
    .replayProtection(false)
    .build());

magic_wan_ipsec_tunnel_resource = cloudflare.MagicWanIpsecTunnel("magicWanIpsecTunnelResource",
    account_id="string",
    cloudflare_endpoint="string",
    interface_address="string",
    name="string",
    customer_endpoint="string",
    description="string",
    health_check={
        "direction": "string",
        "enabled": False,
        "rate": "string",
        "target": {
            "effective": "string",
            "saved": "string",
        },
        "type": "string",
    },
    ipsec_tunnel_id="string",
    psk="string",
    replay_protection=False)

const magicWanIpsecTunnelResource = new cloudflare.MagicWanIpsecTunnel("magicWanIpsecTunnelResource", {
    accountId: "string",
    cloudflareEndpoint: "string",
    interfaceAddress: "string",
    name: "string",
    customerEndpoint: "string",
    description: "string",
    healthCheck: {
        direction: "string",
        enabled: false,
        rate: "string",
        target: {
            effective: "string",
            saved: "string",
        },
        type: "string",
    },
    ipsecTunnelId: "string",
    psk: "string",
    replayProtection: false,
});

type: cloudflare:MagicWanIpsecTunnel
properties:
    accountId: string
    cloudflareEndpoint: string
    customerEndpoint: string
    description: string
    healthCheck:
        direction: string
        enabled: false
        rate: string
        target:
            effective: string
            saved: string
        type: string
    interfaceAddress: string
    ipsecTunnelId: string
    name: string
    psk: string
    replayProtection: false

MagicWanIpsecTunnel Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The MagicWanIpsecTunnel resource accepts the following input properties:

AccountId string: Identifier
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelHealthCheck
IpsecTunnelId string: Identifier
Psk string: A randomly generated or provided string for use in the IPsec tunnel.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

AccountId string: Identifier
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelHealthCheckArgs
IpsecTunnelId string: Identifier
Psk string: A randomly generated or provided string for use in the IPsec tunnel.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId String: Identifier
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelHealthCheck
ipsecTunnelId String: Identifier
psk String: A randomly generated or provided string for use in the IPsec tunnel.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId string: Identifier
cloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
interfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
customerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description string: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelHealthCheck
ipsecTunnelId string: Identifier
psk string: A randomly generated or provided string for use in the IPsec tunnel.
replayProtection boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

account_id str: Identifier
cloudflare_endpoint str: The IP address assigned to the Cloudflare side of the IPsec tunnel.
interface_address str: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
name str: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
customer_endpoint str: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description str: An optional description forthe IPsec tunnel.
health_check MagicWanIpsecTunnelHealthCheckArgs
ipsec_tunnel_id str: Identifier
psk str: A randomly generated or provided string for use in the IPsec tunnel.
replay_protection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId String: Identifier
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck Property Map
ipsecTunnelId String: Identifier
psk String: A randomly generated or provided string for use in the IPsec tunnel.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

Outputs

All input properties are implicitly available as output properties. Additionally, the MagicWanIpsecTunnel resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
IpsecTunnel MagicWanIpsecTunnelIpsecTunnel
IpsecTunnels List<MagicWanIpsecTunnelIpsecTunnel>
Modified bool
ModifiedIpsecTunnel MagicWanIpsecTunnelModifiedIpsecTunnel

Id string: The provider-assigned unique ID for this managed resource.
IpsecTunnel MagicWanIpsecTunnelIpsecTunnel
IpsecTunnels []MagicWanIpsecTunnelIpsecTunnel
Modified bool
ModifiedIpsecTunnel MagicWanIpsecTunnelModifiedIpsecTunnel

id String: The provider-assigned unique ID for this managed resource.
ipsecTunnel MagicWanIpsecTunnelIpsecTunnel
ipsecTunnels List<MagicWanIpsecTunnelIpsecTunnel>
modified Boolean
modifiedIpsecTunnel MagicWanIpsecTunnelModifiedIpsecTunnel

id string: The provider-assigned unique ID for this managed resource.
ipsecTunnel MagicWanIpsecTunnelIpsecTunnel
ipsecTunnels MagicWanIpsecTunnelIpsecTunnel[]
modified boolean
modifiedIpsecTunnel MagicWanIpsecTunnelModifiedIpsecTunnel

id str: The provider-assigned unique ID for this managed resource.
ipsec_tunnel MagicWanIpsecTunnelIpsecTunnel
ipsec_tunnels Sequence[MagicWanIpsecTunnelIpsecTunnel]
modified bool
modified_ipsec_tunnel MagicWanIpsecTunnelModifiedIpsecTunnel

id String: The provider-assigned unique ID for this managed resource.
ipsecTunnel Property Map
ipsecTunnels List<Property Map>
modified Boolean
modifiedIpsecTunnel Property Map

Look up Existing MagicWanIpsecTunnel Resource

Get an existing MagicWanIpsecTunnel resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: MagicWanIpsecTunnelState, opts?: CustomResourceOptions): MagicWanIpsecTunnel

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        cloudflare_endpoint: Optional[str] = None,
        customer_endpoint: Optional[str] = None,
        description: Optional[str] = None,
        health_check: Optional[MagicWanIpsecTunnelHealthCheckArgs] = None,
        interface_address: Optional[str] = None,
        ipsec_tunnel: Optional[MagicWanIpsecTunnelIpsecTunnelArgs] = None,
        ipsec_tunnel_id: Optional[str] = None,
        ipsec_tunnels: Optional[Sequence[MagicWanIpsecTunnelIpsecTunnelArgs]] = None,
        modified: Optional[bool] = None,
        modified_ipsec_tunnel: Optional[MagicWanIpsecTunnelModifiedIpsecTunnelArgs] = None,
        name: Optional[str] = None,
        psk: Optional[str] = None,
        replay_protection: Optional[bool] = None) -> MagicWanIpsecTunnel

func GetMagicWanIpsecTunnel(ctx *Context, name string, id IDInput, state *MagicWanIpsecTunnelState, opts ...ResourceOption) (*MagicWanIpsecTunnel, error)

public static MagicWanIpsecTunnel Get(string name, Input<string> id, MagicWanIpsecTunnelState? state, CustomResourceOptions? opts = null)

public static MagicWanIpsecTunnel get(String name, Output<String> id, MagicWanIpsecTunnelState state, CustomResourceOptions options)

resources:  _:    type: cloudflare:MagicWanIpsecTunnel    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string: Identifier
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelHealthCheck
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
IpsecTunnel MagicWanIpsecTunnelIpsecTunnel
IpsecTunnelId string: Identifier
IpsecTunnels List<MagicWanIpsecTunnelIpsecTunnel>
Modified bool
ModifiedIpsecTunnel MagicWanIpsecTunnelModifiedIpsecTunnel
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
Psk string: A randomly generated or provided string for use in the IPsec tunnel.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

AccountId string: Identifier
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelHealthCheckArgs
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
IpsecTunnel MagicWanIpsecTunnelIpsecTunnelArgs
IpsecTunnelId string: Identifier
IpsecTunnels []MagicWanIpsecTunnelIpsecTunnelArgs
Modified bool
ModifiedIpsecTunnel MagicWanIpsecTunnelModifiedIpsecTunnelArgs
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
Psk string: A randomly generated or provided string for use in the IPsec tunnel.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId String: Identifier
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelHealthCheck
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
ipsecTunnel MagicWanIpsecTunnelIpsecTunnel
ipsecTunnelId String: Identifier
ipsecTunnels List<MagicWanIpsecTunnelIpsecTunnel>
modified Boolean
modifiedIpsecTunnel MagicWanIpsecTunnelModifiedIpsecTunnel
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk String: A randomly generated or provided string for use in the IPsec tunnel.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId string: Identifier
cloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
customerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description string: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelHealthCheck
interfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
ipsecTunnel MagicWanIpsecTunnelIpsecTunnel
ipsecTunnelId string: Identifier
ipsecTunnels MagicWanIpsecTunnelIpsecTunnel[]
modified boolean
modifiedIpsecTunnel MagicWanIpsecTunnelModifiedIpsecTunnel
name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk string: A randomly generated or provided string for use in the IPsec tunnel.
replayProtection boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

account_id str: Identifier
cloudflare_endpoint str: The IP address assigned to the Cloudflare side of the IPsec tunnel.
customer_endpoint str: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description str: An optional description forthe IPsec tunnel.
health_check MagicWanIpsecTunnelHealthCheckArgs
interface_address str: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
ipsec_tunnel MagicWanIpsecTunnelIpsecTunnelArgs
ipsec_tunnel_id str: Identifier
ipsec_tunnels Sequence[MagicWanIpsecTunnelIpsecTunnelArgs]
modified bool
modified_ipsec_tunnel MagicWanIpsecTunnelModifiedIpsecTunnelArgs
name str: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk str: A randomly generated or provided string for use in the IPsec tunnel.
replay_protection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId String: Identifier
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck Property Map
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
ipsecTunnel Property Map
ipsecTunnelId String: Identifier
ipsecTunnels List<Property Map>
modified Boolean
modifiedIpsecTunnel Property Map
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk String: A randomly generated or provided string for use in the IPsec tunnel.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

Supporting Types

MagicWanIpsecTunnelHealthCheck, MagicWanIpsecTunnelHealthCheckArgs

Direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
Enabled bool: Determines whether to run healthchecks for a tunnel.
Rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
Target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
Type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

Direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
Enabled bool: Determines whether to run healthchecks for a tunnel.
Rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
Target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
Type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction String: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled Boolean: Determines whether to run healthchecks for a tunnel.
rate String: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type String: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled boolean: Determines whether to run healthchecks for a tunnel.
rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction str: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled bool: Determines whether to run healthchecks for a tunnel.
rate str: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type str: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction String: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled Boolean: Determines whether to run healthchecks for a tunnel.
rate String: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target Property Map: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type String: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

MagicWanIpsecTunnelHealthCheckTarget, MagicWanIpsecTunnelHealthCheckTargetArgs

Effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
Saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

Effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
Saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective String: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved String: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective str: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved str: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective String: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved String: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

MagicWanIpsecTunnelIpsecTunnel, MagicWanIpsecTunnelIpsecTunnelArgs

AllowNullCipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
CreatedOn string: The date and time the tunnel was created.
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelIpsecTunnelHealthCheck
Id string: Tunnel identifier tag.
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
ModifiedOn string: The date and time the tunnel was last modified.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
PskMetadata MagicWanIpsecTunnelIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

AllowNullCipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
CreatedOn string: The date and time the tunnel was created.
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelIpsecTunnelHealthCheck
Id string: Tunnel identifier tag.
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
ModifiedOn string: The date and time the tunnel was last modified.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
PskMetadata MagicWanIpsecTunnelIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

allowNullCipher Boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
createdOn String: The date and time the tunnel was created.
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelIpsecTunnelHealthCheck
id String: Tunnel identifier tag.
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
modifiedOn String: The date and time the tunnel was last modified.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
pskMetadata MagicWanIpsecTunnelIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

allowNullCipher boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
cloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
createdOn string: The date and time the tunnel was created.
customerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description string: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelIpsecTunnelHealthCheck
id string: Tunnel identifier tag.
interfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
modifiedOn string: The date and time the tunnel was last modified.
name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
pskMetadata MagicWanIpsecTunnelIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
replayProtection boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

allow_null_cipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
cloudflare_endpoint str: The IP address assigned to the Cloudflare side of the IPsec tunnel.
created_on str: The date and time the tunnel was created.
customer_endpoint str: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description str: An optional description forthe IPsec tunnel.
health_check MagicWanIpsecTunnelIpsecTunnelHealthCheck
id str: Tunnel identifier tag.
interface_address str: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
modified_on str: The date and time the tunnel was last modified.
name str: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk_metadata MagicWanIpsecTunnelIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
replay_protection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

allowNullCipher Boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
createdOn String: The date and time the tunnel was created.
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck Property Map
id String: Tunnel identifier tag.
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
modifiedOn String: The date and time the tunnel was last modified.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
pskMetadata Property Map: The PSK metadata that includes when the PSK was generated.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

MagicWanIpsecTunnelIpsecTunnelHealthCheck, MagicWanIpsecTunnelIpsecTunnelHealthCheckArgs

Direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
Enabled bool: Determines whether to run healthchecks for a tunnel.
Rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
Target MagicWanIpsecTunnelIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
Type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

Direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
Enabled bool: Determines whether to run healthchecks for a tunnel.
Rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
Target MagicWanIpsecTunnelIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
Type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction String: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled Boolean: Determines whether to run healthchecks for a tunnel.
rate String: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type String: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled boolean: Determines whether to run healthchecks for a tunnel.
rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction str: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled bool: Determines whether to run healthchecks for a tunnel.
rate str: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type str: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction String: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled Boolean: Determines whether to run healthchecks for a tunnel.
rate String: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target Property Map: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type String: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

MagicWanIpsecTunnelIpsecTunnelHealthCheckTarget, MagicWanIpsecTunnelIpsecTunnelHealthCheckTargetArgs

Effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
Saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

Effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
Saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective String: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved String: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective str: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved str: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective String: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved String: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

MagicWanIpsecTunnelIpsecTunnelPskMetadata, MagicWanIpsecTunnelIpsecTunnelPskMetadataArgs

LastGeneratedOn string: The date and time the tunnel was last modified.

LastGeneratedOn string: The date and time the tunnel was last modified.

lastGeneratedOn String: The date and time the tunnel was last modified.

lastGeneratedOn string: The date and time the tunnel was last modified.

last_generated_on str: The date and time the tunnel was last modified.

lastGeneratedOn String: The date and time the tunnel was last modified.

MagicWanIpsecTunnelModifiedIpsecTunnel, MagicWanIpsecTunnelModifiedIpsecTunnelArgs

AllowNullCipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
CreatedOn string: The date and time the tunnel was created.
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheck
Id string: Tunnel identifier tag.
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
ModifiedOn string: The date and time the tunnel was last modified.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
PskMetadata MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

AllowNullCipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
CreatedOn string: The date and time the tunnel was created.
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheck
Id string: Tunnel identifier tag.
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
ModifiedOn string: The date and time the tunnel was last modified.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
PskMetadata MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

allowNullCipher Boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
createdOn String: The date and time the tunnel was created.
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheck
id String: Tunnel identifier tag.
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
modifiedOn String: The date and time the tunnel was last modified.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
pskMetadata MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

allowNullCipher boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
cloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
createdOn string: The date and time the tunnel was created.
customerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description string: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheck
id string: Tunnel identifier tag.
interfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
modifiedOn string: The date and time the tunnel was last modified.
name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
pskMetadata MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
replayProtection boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

allow_null_cipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
cloudflare_endpoint str: The IP address assigned to the Cloudflare side of the IPsec tunnel.
created_on str: The date and time the tunnel was created.
customer_endpoint str: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description str: An optional description forthe IPsec tunnel.
health_check MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheck
id str: Tunnel identifier tag.
interface_address str: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
modified_on str: The date and time the tunnel was last modified.
name str: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk_metadata MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
replay_protection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

allowNullCipher Boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
createdOn String: The date and time the tunnel was created.
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck Property Map
id String: Tunnel identifier tag.
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
modifiedOn String: The date and time the tunnel was last modified.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
pskMetadata Property Map: The PSK metadata that includes when the PSK was generated.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheck, MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckArgs

Direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
Enabled bool: Determines whether to run healthchecks for a tunnel.
Rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
Target MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
Type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

Direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
Enabled bool: Determines whether to run healthchecks for a tunnel.
Rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
Target MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
Type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction String: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled Boolean: Determines whether to run healthchecks for a tunnel.
rate String: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type String: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled boolean: Determines whether to run healthchecks for a tunnel.
rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction str: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled bool: Determines whether to run healthchecks for a tunnel.
rate str: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type str: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction String: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled Boolean: Determines whether to run healthchecks for a tunnel.
rate String: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target Property Map: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type String: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTarget, MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTargetArgs

Effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
Saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

Effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
Saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective String: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved String: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective str: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved str: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective String: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved String: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadata, MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadataArgs

LastGeneratedOn string: The date and time the tunnel was last modified.

LastGeneratedOn string: The date and time the tunnel was last modified.

lastGeneratedOn String: The date and time the tunnel was last modified.

lastGeneratedOn string: The date and time the tunnel was last modified.

last_generated_on str: The date and time the tunnel was last modified.

lastGeneratedOn String: The date and time the tunnel was last modified.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.MagicWanIpsecTunnel

On this page

On this page

Example Usage

Create MagicWanIpsecTunnel Resource

Constructor syntax

Parameters

Constructor example

MagicWanIpsecTunnel Resource Properties

Inputs

Outputs

Look up Existing MagicWanIpsecTunnel Resource

Supporting Types

MagicWanIpsecTunnelHealthCheck, MagicWanIpsecTunnelHealthCheckArgs

MagicWanIpsecTunnelHealthCheckTarget, MagicWanIpsecTunnelHealthCheckTargetArgs

MagicWanIpsecTunnelIpsecTunnel, MagicWanIpsecTunnelIpsecTunnelArgs

MagicWanIpsecTunnelIpsecTunnelHealthCheck, MagicWanIpsecTunnelIpsecTunnelHealthCheckArgs

MagicWanIpsecTunnelIpsecTunnelHealthCheckTarget, MagicWanIpsecTunnelIpsecTunnelHealthCheckTargetArgs

MagicWanIpsecTunnelIpsecTunnelPskMetadata, MagicWanIpsecTunnelIpsecTunnelPskMetadataArgs

MagicWanIpsecTunnelModifiedIpsecTunnel, MagicWanIpsecTunnelModifiedIpsecTunnelArgs

MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheck, MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckArgs

MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTarget, MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTargetArgs

MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadata, MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadataArgs

Package Details

On this page

On this page