cloudflare.MagicWanIpsecTunnel

Cloudflare v6.13.0, Jan 21 26

Cloudflare v6.13.0 published on Wednesday, Jan 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-cloudflare

Cloudflare v6.13.0 published on Wednesday, Jan 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-cloudflare

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleMagicWanIpsecTunnel = new cloudflare.MagicWanIpsecTunnel("example_magic_wan_ipsec_tunnel", {
    accountId: "023e105f4ecef8ad9ca31a8372d0c353",
    cloudflareEndpoint: "203.0.113.1",
    interfaceAddress: "192.0.2.0/31",
    name: "IPsec_1",
    automaticReturnRouting: true,
    bgp: {
        customerAsn: 0,
        extraPrefixes: ["string"],
        md5Key: "md5_key",
    },
    customRemoteIdentities: {
        fqdnId: "fqdn_id",
    },
    customerEndpoint: "203.0.113.1",
    description: "Tunnel for ISP X",
    healthCheck: {
        direction: "bidirectional",
        enabled: true,
        rate: "low",
        target: {
            saved: "203.0.113.1",
        },
        type: "request",
    },
    interfaceAddress6: "2606:54c1:7:0:a9fe:12d2:1:200/127",
    psk: "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
    replayProtection: false,
});

import pulumi
import pulumi_cloudflare as cloudflare

example_magic_wan_ipsec_tunnel = cloudflare.MagicWanIpsecTunnel("example_magic_wan_ipsec_tunnel",
    account_id="023e105f4ecef8ad9ca31a8372d0c353",
    cloudflare_endpoint="203.0.113.1",
    interface_address="192.0.2.0/31",
    name="IPsec_1",
    automatic_return_routing=True,
    bgp={
        "customer_asn": 0,
        "extra_prefixes": ["string"],
        "md5_key": "md5_key",
    },
    custom_remote_identities={
        "fqdn_id": "fqdn_id",
    },
    customer_endpoint="203.0.113.1",
    description="Tunnel for ISP X",
    health_check={
        "direction": "bidirectional",
        "enabled": True,
        "rate": "low",
        "target": {
            "saved": "203.0.113.1",
        },
        "type": "request",
    },
    interface_address6="2606:54c1:7:0:a9fe:12d2:1:200/127",
    psk="O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
    replay_protection=False)

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewMagicWanIpsecTunnel(ctx, "example_magic_wan_ipsec_tunnel", &cloudflare.MagicWanIpsecTunnelArgs{
			AccountId:              pulumi.String("023e105f4ecef8ad9ca31a8372d0c353"),
			CloudflareEndpoint:     pulumi.String("203.0.113.1"),
			InterfaceAddress:       pulumi.String("192.0.2.0/31"),
			Name:                   pulumi.String("IPsec_1"),
			AutomaticReturnRouting: pulumi.Bool(true),
			Bgp: &cloudflare.MagicWanIpsecTunnelBgpArgs{
				CustomerAsn: pulumi.Int(0),
				ExtraPrefixes: pulumi.StringArray{
					pulumi.String("string"),
				},
				Md5Key: pulumi.String("md5_key"),
			},
			CustomRemoteIdentities: &cloudflare.MagicWanIpsecTunnelCustomRemoteIdentitiesArgs{
				FqdnId: pulumi.String("fqdn_id"),
			},
			CustomerEndpoint: pulumi.String("203.0.113.1"),
			Description:      pulumi.String("Tunnel for ISP X"),
			HealthCheck: &cloudflare.MagicWanIpsecTunnelHealthCheckArgs{
				Direction: pulumi.String("bidirectional"),
				Enabled:   pulumi.Bool(true),
				Rate:      pulumi.String("low"),
				Target: &cloudflare.MagicWanIpsecTunnelHealthCheckTargetArgs{
					Saved: pulumi.String("203.0.113.1"),
				},
				Type: pulumi.String("request"),
			},
			InterfaceAddress6: pulumi.String("2606:54c1:7:0:a9fe:12d2:1:200/127"),
			Psk:               pulumi.String("O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy"),
			ReplayProtection:  pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleMagicWanIpsecTunnel = new Cloudflare.MagicWanIpsecTunnel("example_magic_wan_ipsec_tunnel", new()
    {
        AccountId = "023e105f4ecef8ad9ca31a8372d0c353",
        CloudflareEndpoint = "203.0.113.1",
        InterfaceAddress = "192.0.2.0/31",
        Name = "IPsec_1",
        AutomaticReturnRouting = true,
        Bgp = new Cloudflare.Inputs.MagicWanIpsecTunnelBgpArgs
        {
            CustomerAsn = 0,
            ExtraPrefixes = new[]
            {
                "string",
            },
            Md5Key = "md5_key",
        },
        CustomRemoteIdentities = new Cloudflare.Inputs.MagicWanIpsecTunnelCustomRemoteIdentitiesArgs
        {
            FqdnId = "fqdn_id",
        },
        CustomerEndpoint = "203.0.113.1",
        Description = "Tunnel for ISP X",
        HealthCheck = new Cloudflare.Inputs.MagicWanIpsecTunnelHealthCheckArgs
        {
            Direction = "bidirectional",
            Enabled = true,
            Rate = "low",
            Target = new Cloudflare.Inputs.MagicWanIpsecTunnelHealthCheckTargetArgs
            {
                Saved = "203.0.113.1",
            },
            Type = "request",
        },
        InterfaceAddress6 = "2606:54c1:7:0:a9fe:12d2:1:200/127",
        Psk = "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
        ReplayProtection = false,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.MagicWanIpsecTunnel;
import com.pulumi.cloudflare.MagicWanIpsecTunnelArgs;
import com.pulumi.cloudflare.inputs.MagicWanIpsecTunnelBgpArgs;
import com.pulumi.cloudflare.inputs.MagicWanIpsecTunnelCustomRemoteIdentitiesArgs;
import com.pulumi.cloudflare.inputs.MagicWanIpsecTunnelHealthCheckArgs;
import com.pulumi.cloudflare.inputs.MagicWanIpsecTunnelHealthCheckTargetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleMagicWanIpsecTunnel = new MagicWanIpsecTunnel("exampleMagicWanIpsecTunnel", MagicWanIpsecTunnelArgs.builder()
            .accountId("023e105f4ecef8ad9ca31a8372d0c353")
            .cloudflareEndpoint("203.0.113.1")
            .interfaceAddress("192.0.2.0/31")
            .name("IPsec_1")
            .automaticReturnRouting(true)
            .bgp(MagicWanIpsecTunnelBgpArgs.builder()
                .customerAsn(0)
                .extraPrefixes("string")
                .md5Key("md5_key")
                .build())
            .customRemoteIdentities(MagicWanIpsecTunnelCustomRemoteIdentitiesArgs.builder()
                .fqdnId("fqdn_id")
                .build())
            .customerEndpoint("203.0.113.1")
            .description("Tunnel for ISP X")
            .healthCheck(MagicWanIpsecTunnelHealthCheckArgs.builder()
                .direction("bidirectional")
                .enabled(true)
                .rate("low")
                .target(MagicWanIpsecTunnelHealthCheckTargetArgs.builder()
                    .saved("203.0.113.1")
                    .build())
                .type("request")
                .build())
            .interfaceAddress6("2606:54c1:7:0:a9fe:12d2:1:200/127")
            .psk("O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy")
            .replayProtection(false)
            .build());

    }
}

resources:
  exampleMagicWanIpsecTunnel:
    type: cloudflare:MagicWanIpsecTunnel
    name: example_magic_wan_ipsec_tunnel
    properties:
      accountId: 023e105f4ecef8ad9ca31a8372d0c353
      cloudflareEndpoint: 203.0.113.1
      interfaceAddress: 192.0.2.0/31
      name: IPsec_1
      automaticReturnRouting: true
      bgp:
        customerAsn: 0
        extraPrefixes:
          - string
        md5Key: md5_key
      customRemoteIdentities:
        fqdnId: fqdn_id
      customerEndpoint: 203.0.113.1
      description: Tunnel for ISP X
      healthCheck:
        direction: bidirectional
        enabled: true
        rate: low
        target:
          saved: 203.0.113.1
        type: request
      interfaceAddress6: 2606:54c1:7:0:a9fe:12d2:1:200/127
      psk: O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy
      replayProtection: false

Create MagicWanIpsecTunnel Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new MagicWanIpsecTunnel(name: string, args: MagicWanIpsecTunnelArgs, opts?: CustomResourceOptions);

@overload
def MagicWanIpsecTunnel(resource_name: str,
                        args: MagicWanIpsecTunnelArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def MagicWanIpsecTunnel(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        account_id: Optional[str] = None,
                        name: Optional[str] = None,
                        interface_address: Optional[str] = None,
                        cloudflare_endpoint: Optional[str] = None,
                        description: Optional[str] = None,
                        customer_endpoint: Optional[str] = None,
                        custom_remote_identities: Optional[MagicWanIpsecTunnelCustomRemoteIdentitiesArgs] = None,
                        health_check: Optional[MagicWanIpsecTunnelHealthCheckArgs] = None,
                        bgp: Optional[MagicWanIpsecTunnelBgpArgs] = None,
                        interface_address6: Optional[str] = None,
                        automatic_return_routing: Optional[bool] = None,
                        psk: Optional[str] = None,
                        replay_protection: Optional[bool] = None)

func NewMagicWanIpsecTunnel(ctx *Context, name string, args MagicWanIpsecTunnelArgs, opts ...ResourceOption) (*MagicWanIpsecTunnel, error)

public MagicWanIpsecTunnel(string name, MagicWanIpsecTunnelArgs args, CustomResourceOptions? opts = null)

public MagicWanIpsecTunnel(String name, MagicWanIpsecTunnelArgs args)
public MagicWanIpsecTunnel(String name, MagicWanIpsecTunnelArgs args, CustomResourceOptions options)

type: cloudflare:MagicWanIpsecTunnel
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args MagicWanIpsecTunnelArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var magicWanIpsecTunnelResource = new Cloudflare.MagicWanIpsecTunnel("magicWanIpsecTunnelResource", new()
{
    AccountId = "string",
    Name = "string",
    InterfaceAddress = "string",
    CloudflareEndpoint = "string",
    Description = "string",
    CustomerEndpoint = "string",
    CustomRemoteIdentities = new Cloudflare.Inputs.MagicWanIpsecTunnelCustomRemoteIdentitiesArgs
    {
        FqdnId = "string",
    },
    HealthCheck = new Cloudflare.Inputs.MagicWanIpsecTunnelHealthCheckArgs
    {
        Direction = "string",
        Enabled = false,
        Rate = "string",
        Target = new Cloudflare.Inputs.MagicWanIpsecTunnelHealthCheckTargetArgs
        {
            Effective = "string",
            Saved = "string",
        },
        Type = "string",
    },
    Bgp = new Cloudflare.Inputs.MagicWanIpsecTunnelBgpArgs
    {
        CustomerAsn = 0,
        ExtraPrefixes = new[]
        {
            "string",
        },
        Md5Key = "string",
    },
    InterfaceAddress6 = "string",
    AutomaticReturnRouting = false,
    Psk = "string",
    ReplayProtection = false,
});

example, err := cloudflare.NewMagicWanIpsecTunnel(ctx, "magicWanIpsecTunnelResource", &cloudflare.MagicWanIpsecTunnelArgs{
	AccountId:          pulumi.String("string"),
	Name:               pulumi.String("string"),
	InterfaceAddress:   pulumi.String("string"),
	CloudflareEndpoint: pulumi.String("string"),
	Description:        pulumi.String("string"),
	CustomerEndpoint:   pulumi.String("string"),
	CustomRemoteIdentities: &cloudflare.MagicWanIpsecTunnelCustomRemoteIdentitiesArgs{
		FqdnId: pulumi.String("string"),
	},
	HealthCheck: &cloudflare.MagicWanIpsecTunnelHealthCheckArgs{
		Direction: pulumi.String("string"),
		Enabled:   pulumi.Bool(false),
		Rate:      pulumi.String("string"),
		Target: &cloudflare.MagicWanIpsecTunnelHealthCheckTargetArgs{
			Effective: pulumi.String("string"),
			Saved:     pulumi.String("string"),
		},
		Type: pulumi.String("string"),
	},
	Bgp: &cloudflare.MagicWanIpsecTunnelBgpArgs{
		CustomerAsn: pulumi.Int(0),
		ExtraPrefixes: pulumi.StringArray{
			pulumi.String("string"),
		},
		Md5Key: pulumi.String("string"),
	},
	InterfaceAddress6:      pulumi.String("string"),
	AutomaticReturnRouting: pulumi.Bool(false),
	Psk:                    pulumi.String("string"),
	ReplayProtection:       pulumi.Bool(false),
})

var magicWanIpsecTunnelResource = new MagicWanIpsecTunnel("magicWanIpsecTunnelResource", MagicWanIpsecTunnelArgs.builder()
    .accountId("string")
    .name("string")
    .interfaceAddress("string")
    .cloudflareEndpoint("string")
    .description("string")
    .customerEndpoint("string")
    .customRemoteIdentities(MagicWanIpsecTunnelCustomRemoteIdentitiesArgs.builder()
        .fqdnId("string")
        .build())
    .healthCheck(MagicWanIpsecTunnelHealthCheckArgs.builder()
        .direction("string")
        .enabled(false)
        .rate("string")
        .target(MagicWanIpsecTunnelHealthCheckTargetArgs.builder()
            .effective("string")
            .saved("string")
            .build())
        .type("string")
        .build())
    .bgp(MagicWanIpsecTunnelBgpArgs.builder()
        .customerAsn(0)
        .extraPrefixes("string")
        .md5Key("string")
        .build())
    .interfaceAddress6("string")
    .automaticReturnRouting(false)
    .psk("string")
    .replayProtection(false)
    .build());

magic_wan_ipsec_tunnel_resource = cloudflare.MagicWanIpsecTunnel("magicWanIpsecTunnelResource",
    account_id="string",
    name="string",
    interface_address="string",
    cloudflare_endpoint="string",
    description="string",
    customer_endpoint="string",
    custom_remote_identities={
        "fqdn_id": "string",
    },
    health_check={
        "direction": "string",
        "enabled": False,
        "rate": "string",
        "target": {
            "effective": "string",
            "saved": "string",
        },
        "type": "string",
    },
    bgp={
        "customer_asn": 0,
        "extra_prefixes": ["string"],
        "md5_key": "string",
    },
    interface_address6="string",
    automatic_return_routing=False,
    psk="string",
    replay_protection=False)

const magicWanIpsecTunnelResource = new cloudflare.MagicWanIpsecTunnel("magicWanIpsecTunnelResource", {
    accountId: "string",
    name: "string",
    interfaceAddress: "string",
    cloudflareEndpoint: "string",
    description: "string",
    customerEndpoint: "string",
    customRemoteIdentities: {
        fqdnId: "string",
    },
    healthCheck: {
        direction: "string",
        enabled: false,
        rate: "string",
        target: {
            effective: "string",
            saved: "string",
        },
        type: "string",
    },
    bgp: {
        customerAsn: 0,
        extraPrefixes: ["string"],
        md5Key: "string",
    },
    interfaceAddress6: "string",
    automaticReturnRouting: false,
    psk: "string",
    replayProtection: false,
});

type: cloudflare:MagicWanIpsecTunnel
properties:
    accountId: string
    automaticReturnRouting: false
    bgp:
        customerAsn: 0
        extraPrefixes:
            - string
        md5Key: string
    cloudflareEndpoint: string
    customRemoteIdentities:
        fqdnId: string
    customerEndpoint: string
    description: string
    healthCheck:
        direction: string
        enabled: false
        rate: string
        target:
            effective: string
            saved: string
        type: string
    interfaceAddress: string
    interfaceAddress6: string
    name: string
    psk: string
    replayProtection: false

MagicWanIpsecTunnel Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The MagicWanIpsecTunnel resource accepts the following input properties:

AccountId string: Identifier
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
AutomaticReturnRouting bool: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
Bgp MagicWanIpsecTunnelBgp
CustomRemoteIdentities MagicWanIpsecTunnelCustomRemoteIdentities
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelHealthCheck
InterfaceAddress6 string: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
Psk string: A randomly generated or provided string for use in the IPsec tunnel.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

AccountId string: Identifier
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
AutomaticReturnRouting bool: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
Bgp MagicWanIpsecTunnelBgpArgs
CustomRemoteIdentities MagicWanIpsecTunnelCustomRemoteIdentitiesArgs
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelHealthCheckArgs
InterfaceAddress6 string: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
Psk string: A randomly generated or provided string for use in the IPsec tunnel.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId String: Identifier
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
automaticReturnRouting Boolean: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
bgp MagicWanIpsecTunnelBgp
customRemoteIdentities MagicWanIpsecTunnelCustomRemoteIdentities
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelHealthCheck
interfaceAddress6 String: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
psk String: A randomly generated or provided string for use in the IPsec tunnel.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId string: Identifier
cloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
interfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
automaticReturnRouting boolean: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
bgp MagicWanIpsecTunnelBgp
customRemoteIdentities MagicWanIpsecTunnelCustomRemoteIdentities
customerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description string: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelHealthCheck
interfaceAddress6 string: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
psk string: A randomly generated or provided string for use in the IPsec tunnel.
replayProtection boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

account_id str: Identifier
cloudflare_endpoint str: The IP address assigned to the Cloudflare side of the IPsec tunnel.
interface_address str: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
name str: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
automatic_return_routing bool: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
bgp MagicWanIpsecTunnelBgpArgs
custom_remote_identities MagicWanIpsecTunnelCustomRemoteIdentitiesArgs
customer_endpoint str: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description str: An optional description forthe IPsec tunnel.
health_check MagicWanIpsecTunnelHealthCheckArgs
interface_address6 str: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
psk str: A randomly generated or provided string for use in the IPsec tunnel.
replay_protection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId String: Identifier
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
automaticReturnRouting Boolean: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
bgp Property Map
customRemoteIdentities Property Map
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck Property Map
interfaceAddress6 String: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
psk String: A randomly generated or provided string for use in the IPsec tunnel.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

Outputs

All input properties are implicitly available as output properties. Additionally, the MagicWanIpsecTunnel resource produces the following output properties:

AllowNullCipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
BgpStatus MagicWanIpsecTunnelBgpStatus
CreatedOn string: The date and time the tunnel was created.
Id string: The provider-assigned unique ID for this managed resource.
ModifiedOn string: The date and time the tunnel was last modified.
PskMetadata MagicWanIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.

AllowNullCipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
BgpStatus MagicWanIpsecTunnelBgpStatus
CreatedOn string: The date and time the tunnel was created.
Id string: The provider-assigned unique ID for this managed resource.
ModifiedOn string: The date and time the tunnel was last modified.
PskMetadata MagicWanIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.

allowNullCipher Boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
bgpStatus MagicWanIpsecTunnelBgpStatus
createdOn String: The date and time the tunnel was created.
id String: The provider-assigned unique ID for this managed resource.
modifiedOn String: The date and time the tunnel was last modified.
pskMetadata MagicWanIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.

allowNullCipher boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
bgpStatus MagicWanIpsecTunnelBgpStatus
createdOn string: The date and time the tunnel was created.
id string: The provider-assigned unique ID for this managed resource.
modifiedOn string: The date and time the tunnel was last modified.
pskMetadata MagicWanIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.

allow_null_cipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
bgp_status MagicWanIpsecTunnelBgpStatus
created_on str: The date and time the tunnel was created.
id str: The provider-assigned unique ID for this managed resource.
modified_on str: The date and time the tunnel was last modified.
psk_metadata MagicWanIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.

allowNullCipher Boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
bgpStatus Property Map
createdOn String: The date and time the tunnel was created.
id String: The provider-assigned unique ID for this managed resource.
modifiedOn String: The date and time the tunnel was last modified.
pskMetadata Property Map: The PSK metadata that includes when the PSK was generated.

Look up Existing MagicWanIpsecTunnel Resource

Get an existing MagicWanIpsecTunnel resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: MagicWanIpsecTunnelState, opts?: CustomResourceOptions): MagicWanIpsecTunnel

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        allow_null_cipher: Optional[bool] = None,
        automatic_return_routing: Optional[bool] = None,
        bgp: Optional[MagicWanIpsecTunnelBgpArgs] = None,
        bgp_status: Optional[MagicWanIpsecTunnelBgpStatusArgs] = None,
        cloudflare_endpoint: Optional[str] = None,
        created_on: Optional[str] = None,
        custom_remote_identities: Optional[MagicWanIpsecTunnelCustomRemoteIdentitiesArgs] = None,
        customer_endpoint: Optional[str] = None,
        description: Optional[str] = None,
        health_check: Optional[MagicWanIpsecTunnelHealthCheckArgs] = None,
        interface_address: Optional[str] = None,
        interface_address6: Optional[str] = None,
        modified_on: Optional[str] = None,
        name: Optional[str] = None,
        psk: Optional[str] = None,
        psk_metadata: Optional[MagicWanIpsecTunnelPskMetadataArgs] = None,
        replay_protection: Optional[bool] = None) -> MagicWanIpsecTunnel

func GetMagicWanIpsecTunnel(ctx *Context, name string, id IDInput, state *MagicWanIpsecTunnelState, opts ...ResourceOption) (*MagicWanIpsecTunnel, error)

public static MagicWanIpsecTunnel Get(string name, Input<string> id, MagicWanIpsecTunnelState? state, CustomResourceOptions? opts = null)

public static MagicWanIpsecTunnel get(String name, Output<String> id, MagicWanIpsecTunnelState state, CustomResourceOptions options)

resources:  _:    type: cloudflare:MagicWanIpsecTunnel    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string: Identifier
AllowNullCipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
AutomaticReturnRouting bool: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
Bgp MagicWanIpsecTunnelBgp
BgpStatus MagicWanIpsecTunnelBgpStatus
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
CreatedOn string: The date and time the tunnel was created.
CustomRemoteIdentities MagicWanIpsecTunnelCustomRemoteIdentities
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelHealthCheck
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
InterfaceAddress6 string: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
ModifiedOn string: The date and time the tunnel was last modified.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
Psk string: A randomly generated or provided string for use in the IPsec tunnel.
PskMetadata MagicWanIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

AccountId string: Identifier
AllowNullCipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
AutomaticReturnRouting bool: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
Bgp MagicWanIpsecTunnelBgpArgs
BgpStatus MagicWanIpsecTunnelBgpStatusArgs
CloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
CreatedOn string: The date and time the tunnel was created.
CustomRemoteIdentities MagicWanIpsecTunnelCustomRemoteIdentitiesArgs
CustomerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
Description string: An optional description forthe IPsec tunnel.
HealthCheck MagicWanIpsecTunnelHealthCheckArgs
InterfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
InterfaceAddress6 string: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
ModifiedOn string: The date and time the tunnel was last modified.
Name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
Psk string: A randomly generated or provided string for use in the IPsec tunnel.
PskMetadata MagicWanIpsecTunnelPskMetadataArgs: The PSK metadata that includes when the PSK was generated.
ReplayProtection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId String: Identifier
allowNullCipher Boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
automaticReturnRouting Boolean: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
bgp MagicWanIpsecTunnelBgp
bgpStatus MagicWanIpsecTunnelBgpStatus
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
createdOn String: The date and time the tunnel was created.
customRemoteIdentities MagicWanIpsecTunnelCustomRemoteIdentities
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelHealthCheck
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
interfaceAddress6 String: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
modifiedOn String: The date and time the tunnel was last modified.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk String: A randomly generated or provided string for use in the IPsec tunnel.
pskMetadata MagicWanIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId string: Identifier
allowNullCipher boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
automaticReturnRouting boolean: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
bgp MagicWanIpsecTunnelBgp
bgpStatus MagicWanIpsecTunnelBgpStatus
cloudflareEndpoint string: The IP address assigned to the Cloudflare side of the IPsec tunnel.
createdOn string: The date and time the tunnel was created.
customRemoteIdentities MagicWanIpsecTunnelCustomRemoteIdentities
customerEndpoint string: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description string: An optional description forthe IPsec tunnel.
healthCheck MagicWanIpsecTunnelHealthCheck
interfaceAddress string: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
interfaceAddress6 string: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
modifiedOn string: The date and time the tunnel was last modified.
name string: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk string: A randomly generated or provided string for use in the IPsec tunnel.
pskMetadata MagicWanIpsecTunnelPskMetadata: The PSK metadata that includes when the PSK was generated.
replayProtection boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

account_id str: Identifier
allow_null_cipher bool: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
automatic_return_routing bool: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
bgp MagicWanIpsecTunnelBgpArgs
bgp_status MagicWanIpsecTunnelBgpStatusArgs
cloudflare_endpoint str: The IP address assigned to the Cloudflare side of the IPsec tunnel.
created_on str: The date and time the tunnel was created.
custom_remote_identities MagicWanIpsecTunnelCustomRemoteIdentitiesArgs
customer_endpoint str: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description str: An optional description forthe IPsec tunnel.
health_check MagicWanIpsecTunnelHealthCheckArgs
interface_address str: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
interface_address6 str: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
modified_on str: The date and time the tunnel was last modified.
name str: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk str: A randomly generated or provided string for use in the IPsec tunnel.
psk_metadata MagicWanIpsecTunnelPskMetadataArgs: The PSK metadata that includes when the PSK was generated.
replay_protection bool: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

accountId String: Identifier
allowNullCipher Boolean: When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).
automaticReturnRouting Boolean: True if automatic stateful return routing should be enabled for a tunnel, false otherwise.
bgp Property Map
bgpStatus Property Map
cloudflareEndpoint String: The IP address assigned to the Cloudflare side of the IPsec tunnel.
createdOn String: The date and time the tunnel was created.
customRemoteIdentities Property Map
customerEndpoint String: The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
description String: An optional description forthe IPsec tunnel.
healthCheck Property Map
interfaceAddress String: A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
interfaceAddress6 String: A 127 bit IPV6 prefix from within the virtualsubnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtualsubnet6. Eg if virtualsubnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interfaceaddress6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127
modifiedOn String: The date and time the tunnel was last modified.
name String: The name of the IPsec tunnel. The name cannot share a name with other tunnels.
psk String: A randomly generated or provided string for use in the IPsec tunnel.
pskMetadata Property Map: The PSK metadata that includes when the PSK was generated.
replayProtection Boolean: If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

Supporting Types

MagicWanIpsecTunnelBgp, MagicWanIpsecTunnelBgpArgs

CustomerAsn int: ASN used on the customer end of the BGP session
ExtraPrefixes List<string>: Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.
Md5Key string: MD5 key to use for session authentication.

CustomerAsn int: ASN used on the customer end of the BGP session
ExtraPrefixes []string: Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.
Md5Key string: MD5 key to use for session authentication.

customerAsn Integer: ASN used on the customer end of the BGP session
extraPrefixes List<String>: Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.
md5Key String: MD5 key to use for session authentication.

customerAsn number: ASN used on the customer end of the BGP session
extraPrefixes string[]: Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.
md5Key string: MD5 key to use for session authentication.

customer_asn int: ASN used on the customer end of the BGP session
extra_prefixes Sequence[str]: Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.
md5_key str: MD5 key to use for session authentication.

customerAsn Number: ASN used on the customer end of the BGP session
extraPrefixes List<String>: Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.
md5Key String: MD5 key to use for session authentication.

MagicWanIpsecTunnelBgpStatus, MagicWanIpsecTunnelBgpStatusArgs

BgpState string
CfSpeakerIp string
CfSpeakerPort int
CustomerSpeakerIp string
CustomerSpeakerPort int
State string: Available values: "BGPDOWN", "BGPUP", "BGP_ESTABLISHING".
TcpEstablished bool
UpdatedAt string

BgpState string
CfSpeakerIp string
CfSpeakerPort int
CustomerSpeakerIp string
CustomerSpeakerPort int
State string: Available values: "BGPDOWN", "BGPUP", "BGP_ESTABLISHING".
TcpEstablished bool
UpdatedAt string

bgpState String
cfSpeakerIp String
cfSpeakerPort Integer
customerSpeakerIp String
customerSpeakerPort Integer
state String: Available values: "BGPDOWN", "BGPUP", "BGP_ESTABLISHING".
tcpEstablished Boolean
updatedAt String

bgpState string
cfSpeakerIp string
cfSpeakerPort number
customerSpeakerIp string
customerSpeakerPort number
state string: Available values: "BGPDOWN", "BGPUP", "BGP_ESTABLISHING".
tcpEstablished boolean
updatedAt string

bgp_state str
cf_speaker_ip str
cf_speaker_port int
customer_speaker_ip str
customer_speaker_port int
state str: Available values: "BGPDOWN", "BGPUP", "BGP_ESTABLISHING".
tcp_established bool
updated_at str

bgpState String
cfSpeakerIp String
cfSpeakerPort Number
customerSpeakerIp String
customerSpeakerPort Number
state String: Available values: "BGPDOWN", "BGPUP", "BGP_ESTABLISHING".
tcpEstablished Boolean
updatedAt String

MagicWanIpsecTunnelCustomRemoteIdentities, MagicWanIpsecTunnelCustomRemoteIdentitiesArgs

FqdnId string: A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

FqdnId string: A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

fqdnId String: A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

fqdnId string: A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

fqdn_id str: A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

fqdnId String: A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

MagicWanIpsecTunnelHealthCheck, MagicWanIpsecTunnelHealthCheckArgs

Direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
Enabled bool: Determines whether to run healthchecks for a tunnel.
Rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
Target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
Type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

Direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
Enabled bool: Determines whether to run healthchecks for a tunnel.
Rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
Target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
Type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction String: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled Boolean: Determines whether to run healthchecks for a tunnel.
rate String: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type String: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction string: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled boolean: Determines whether to run healthchecks for a tunnel.
rate string: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type string: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction str: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled bool: Determines whether to run healthchecks for a tunnel.
rate str: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target MagicWanIpsecTunnelHealthCheckTarget: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type str: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

direction String: The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel. Available values: "unidirectional", "bidirectional".
enabled Boolean: Determines whether to run healthchecks for a tunnel.
rate String: How frequent the health check is run. The default value is mid. Available values: "low", "mid", "high".
target Property Map: The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
type String: The type of healthcheck to run, reply or request. The default value is reply. Available values: "reply", "request".

MagicWanIpsecTunnelHealthCheckTarget, MagicWanIpsecTunnelHealthCheckTargetArgs

Effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
Saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

Effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
Saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective String: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved String: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective string: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved string: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective str: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved str: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

effective String: The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
saved String: The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

MagicWanIpsecTunnelPskMetadata, MagicWanIpsecTunnelPskMetadataArgs

LastGeneratedOn string: The date and time the tunnel was last modified.

LastGeneratedOn string: The date and time the tunnel was last modified.

lastGeneratedOn String: The date and time the tunnel was last modified.

lastGeneratedOn string: The date and time the tunnel was last modified.

last_generated_on str: The date and time the tunnel was last modified.

lastGeneratedOn String: The date and time the tunnel was last modified.

Import

$ pulumi import cloudflare:index/magicWanIpsecTunnel:MagicWanIpsecTunnel example '<account_id>/<ipsec_tunnel_id>'

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.13.0 published on Wednesday, Jan 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-cloudflare

cloudflare.MagicWanIpsecTunnel

On this page

On this page

Example Usage

Create MagicWanIpsecTunnel Resource

Constructor syntax

Parameters

Constructor example

MagicWanIpsecTunnel Resource Properties

Inputs

Outputs

Look up Existing MagicWanIpsecTunnel Resource

Supporting Types

MagicWanIpsecTunnelBgp, MagicWanIpsecTunnelBgpArgs

MagicWanIpsecTunnelBgpStatus, MagicWanIpsecTunnelBgpStatusArgs

MagicWanIpsecTunnelCustomRemoteIdentities, MagicWanIpsecTunnelCustomRemoteIdentitiesArgs

MagicWanIpsecTunnelHealthCheck, MagicWanIpsecTunnelHealthCheckArgs

MagicWanIpsecTunnelHealthCheckTarget, MagicWanIpsecTunnelHealthCheckTargetArgs

MagicWanIpsecTunnelPskMetadata, MagicWanIpsecTunnelPskMetadataArgs

Import

Package Details

On this page

On this page