Oracle Cloud Infrastructure v3.9.0, Sep 24 25

Oracle Cloud Infrastructure v3.9.0 published on Wednesday, Sep 24, 2025 by Pulumi

oci.Core.getIpsecConnectionTunnels

Oracle Cloud Infrastructure v3.9.0 published on Wednesday, Sep 24, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testIpSecConnectionTunnels = oci.Core.getIpsecConnectionTunnels({
    ipsecId: testIpsec.id,
});

import pulumi
import pulumi_oci as oci

test_ip_sec_connection_tunnels = oci.Core.get_ipsec_connection_tunnels(ipsec_id=test_ipsec["id"])

package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v3/go/oci/core"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := core.GetIpsecConnectionTunnels(ctx, &core.GetIpsecConnectionTunnelsArgs{
			IpsecId: testIpsec.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testIpSecConnectionTunnels = Oci.Core.GetIpsecConnectionTunnels.Invoke(new()
    {
        IpsecId = testIpsec.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Core.CoreFunctions;
import com.pulumi.oci.Core.inputs.GetIpsecConnectionTunnelsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testIpSecConnectionTunnels = CoreFunctions.getIpsecConnectionTunnels(GetIpsecConnectionTunnelsArgs.builder()
            .ipsecId(testIpsec.id())
            .build());

    }
}

variables:
  testIpSecConnectionTunnels:
    fn::invoke:
      function: oci:Core:getIpsecConnectionTunnels
      arguments:
        ipsecId: ${testIpsec.id}

Using getIpsecConnectionTunnels

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getIpsecConnectionTunnels(args: GetIpsecConnectionTunnelsArgs, opts?: InvokeOptions): Promise<GetIpsecConnectionTunnelsResult>
function getIpsecConnectionTunnelsOutput(args: GetIpsecConnectionTunnelsOutputArgs, opts?: InvokeOptions): Output<GetIpsecConnectionTunnelsResult>

def get_ipsec_connection_tunnels(filters: Optional[Sequence[GetIpsecConnectionTunnelsFilter]] = None,
                                 ipsec_id: Optional[str] = None,
                                 opts: Optional[InvokeOptions] = None) -> GetIpsecConnectionTunnelsResult
def get_ipsec_connection_tunnels_output(filters: Optional[pulumi.Input[Sequence[pulumi.Input[GetIpsecConnectionTunnelsFilterArgs]]]] = None,
                                 ipsec_id: Optional[pulumi.Input[str]] = None,
                                 opts: Optional[InvokeOptions] = None) -> Output[GetIpsecConnectionTunnelsResult]

func GetIpsecConnectionTunnels(ctx *Context, args *GetIpsecConnectionTunnelsArgs, opts ...InvokeOption) (*GetIpsecConnectionTunnelsResult, error)
func GetIpsecConnectionTunnelsOutput(ctx *Context, args *GetIpsecConnectionTunnelsOutputArgs, opts ...InvokeOption) GetIpsecConnectionTunnelsResultOutput

> Note: This function is named GetIpsecConnectionTunnels in the Go SDK.

public static class GetIpsecConnectionTunnels 
{
    public static Task<GetIpsecConnectionTunnelsResult> InvokeAsync(GetIpsecConnectionTunnelsArgs args, InvokeOptions? opts = null)
    public static Output<GetIpsecConnectionTunnelsResult> Invoke(GetIpsecConnectionTunnelsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetIpsecConnectionTunnelsResult> getIpsecConnectionTunnels(GetIpsecConnectionTunnelsArgs args, InvokeOptions options)
public static Output<GetIpsecConnectionTunnelsResult> getIpsecConnectionTunnels(GetIpsecConnectionTunnelsArgs args, InvokeOptions options)

fn::invoke:
  function: oci:Core/getIpsecConnectionTunnels:getIpsecConnectionTunnels
  arguments:
    # arguments dictionary

The following arguments are supported:

IpsecId string: The OCID of the IPSec connection.
Filters List<GetIpsecConnectionTunnelsFilter>

IpsecId string: The OCID of the IPSec connection.
Filters []GetIpsecConnectionTunnelsFilter

ipsecId String: The OCID of the IPSec connection.
filters List<GetIpsecConnectionTunnelsFilter>

ipsecId string: The OCID of the IPSec connection.
filters GetIpsecConnectionTunnelsFilter[]

ipsec_id str: The OCID of the IPSec connection.
filters Sequence[GetIpsecConnectionTunnelsFilter]

ipsecId String: The OCID of the IPSec connection.
filters List<Property Map>

getIpsecConnectionTunnels Result

The following output properties are available:

Id string: The provider-assigned unique ID for this managed resource.
IpSecConnectionTunnels List<GetIpsecConnectionTunnelsIpSecConnectionTunnel>: The list of two ip_sec_connection_tunnels.
IpsecId string
Filters List<GetIpsecConnectionTunnelsFilter>

Id string: The provider-assigned unique ID for this managed resource.
IpSecConnectionTunnels []GetIpsecConnectionTunnelsIpSecConnectionTunnel: The list of two ip_sec_connection_tunnels.
IpsecId string
Filters []GetIpsecConnectionTunnelsFilter

id String: The provider-assigned unique ID for this managed resource.
ipSecConnectionTunnels List<GetIpsecConnectionTunnelsIpSecConnectionTunnel>: The list of two ip_sec_connection_tunnels.
ipsecId String
filters List<GetIpsecConnectionTunnelsFilter>

id string: The provider-assigned unique ID for this managed resource.
ipSecConnectionTunnels GetIpsecConnectionTunnelsIpSecConnectionTunnel[]: The list of two ip_sec_connection_tunnels.
ipsecId string
filters GetIpsecConnectionTunnelsFilter[]

id str: The provider-assigned unique ID for this managed resource.
ip_sec_connection_tunnels Sequence[GetIpsecConnectionTunnelsIpSecConnectionTunnel]: The list of two ip_sec_connection_tunnels.
ipsec_id str
filters Sequence[GetIpsecConnectionTunnelsFilter]

id String: The provider-assigned unique ID for this managed resource.
ipSecConnectionTunnels List<Property Map>: The list of two ip_sec_connection_tunnels.
ipsecId String
filters List<Property Map>

Supporting Types

GetIpsecConnectionTunnelsFilter

Name string
Values List<string>
Regex bool

Name string
Values []string
Regex bool

name String
values List<String>
regex Boolean

name string
values string[]
regex boolean

name str
values Sequence[str]
regex bool

name String
values List<String>
regex Boolean

GetIpsecConnectionTunnelsIpSecConnectionTunnel

AssociatedVirtualCircuits List<string>: The list of virtual circuit OCIDs over which your network can reach this tunnel.
BgpSessionInfos List<GetIpsecConnectionTunnelsIpSecConnectionTunnelBgpSessionInfo>: Information for establishing a BGP session for the IPSec tunnel.
CompartmentId string: The OCID of the compartment containing the tunnel.
CpeIp string: The IP address of the CPE device's VPN headend. Example: 203.0.113.22
DisplayName string: A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
DpdConfigs List<GetIpsecConnectionTunnelsIpSecConnectionTunnelDpdConfig>
DpdMode string: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
DpdTimeoutInSec int: DPD timeout in seconds.
EncryptionDomainConfigs List<GetIpsecConnectionTunnelsIpSecConnectionTunnelEncryptionDomainConfig>: Configuration information used by the encryption domain policy.
Id string: The OCID of the tunnel.
IkeVersion string: Internet Key Exchange protocol version.
IpsecId string: The OCID of the IPSec connection.
NatTranslationEnabled string: By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.
OracleCanInitiate string: Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device, or both respond to and initiate requests.
PhaseOneDetails List<GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseOneDetail>: IPSec tunnel details specific to ISAKMP phase one.
PhaseTwoDetails List<GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseTwoDetail>: IPsec tunnel detail information specific to phase two.
Routing string: The type of routing used for this tunnel (BGP dynamic routing, static routing, or policy-based routing).
SharedSecret string
State string: The tunnel's lifecycle state.
Status string: The status of the tunnel based on IPSec protocol characteristics.
TimeCreated string: The date and time the IPSec tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TimeStatusUpdated string: When the status of the IPSec tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TunnelId string
VpnIp string: The IP address of the Oracle VPN headend for the connection. Example: 203.0.113.21

AssociatedVirtualCircuits []string: The list of virtual circuit OCIDs over which your network can reach this tunnel.
BgpSessionInfos []GetIpsecConnectionTunnelsIpSecConnectionTunnelBgpSessionInfo: Information for establishing a BGP session for the IPSec tunnel.
CompartmentId string: The OCID of the compartment containing the tunnel.
CpeIp string: The IP address of the CPE device's VPN headend. Example: 203.0.113.22
DisplayName string: A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
DpdConfigs []GetIpsecConnectionTunnelsIpSecConnectionTunnelDpdConfig
DpdMode string: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
DpdTimeoutInSec int: DPD timeout in seconds.
EncryptionDomainConfigs []GetIpsecConnectionTunnelsIpSecConnectionTunnelEncryptionDomainConfig: Configuration information used by the encryption domain policy.
Id string: The OCID of the tunnel.
IkeVersion string: Internet Key Exchange protocol version.
IpsecId string: The OCID of the IPSec connection.
NatTranslationEnabled string: By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.
OracleCanInitiate string: Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device, or both respond to and initiate requests.
PhaseOneDetails []GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseOneDetail: IPSec tunnel details specific to ISAKMP phase one.
PhaseTwoDetails []GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseTwoDetail: IPsec tunnel detail information specific to phase two.
Routing string: The type of routing used for this tunnel (BGP dynamic routing, static routing, or policy-based routing).
SharedSecret string
State string: The tunnel's lifecycle state.
Status string: The status of the tunnel based on IPSec protocol characteristics.
TimeCreated string: The date and time the IPSec tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TimeStatusUpdated string: When the status of the IPSec tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TunnelId string
VpnIp string: The IP address of the Oracle VPN headend for the connection. Example: 203.0.113.21

associatedVirtualCircuits List<String>: The list of virtual circuit OCIDs over which your network can reach this tunnel.
bgpSessionInfos List<GetIpsecConnectionTunnelsIpSecConnectionTunnelBgpSessionInfo>: Information for establishing a BGP session for the IPSec tunnel.
compartmentId String: The OCID of the compartment containing the tunnel.
cpeIp String: The IP address of the CPE device's VPN headend. Example: 203.0.113.22
displayName String: A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpdConfigs List<GetIpsecConnectionTunnelsIpSecConnectionTunnelDpdConfig>
dpdMode String: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
dpdTimeoutInSec Integer: DPD timeout in seconds.
encryptionDomainConfigs List<GetIpsecConnectionTunnelsIpSecConnectionTunnelEncryptionDomainConfig>: Configuration information used by the encryption domain policy.
id String: The OCID of the tunnel.
ikeVersion String: Internet Key Exchange protocol version.
ipsecId String: The OCID of the IPSec connection.
natTranslationEnabled String: By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.
oracleCanInitiate String: Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device, or both respond to and initiate requests.
phaseOneDetails List<GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseOneDetail>: IPSec tunnel details specific to ISAKMP phase one.
phaseTwoDetails List<GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseTwoDetail>: IPsec tunnel detail information specific to phase two.
routing String: The type of routing used for this tunnel (BGP dynamic routing, static routing, or policy-based routing).
sharedSecret String
state String: The tunnel's lifecycle state.
status String: The status of the tunnel based on IPSec protocol characteristics.
timeCreated String: The date and time the IPSec tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeStatusUpdated String: When the status of the IPSec tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
tunnelId String
vpnIp String: The IP address of the Oracle VPN headend for the connection. Example: 203.0.113.21

associatedVirtualCircuits string[]: The list of virtual circuit OCIDs over which your network can reach this tunnel.
bgpSessionInfos GetIpsecConnectionTunnelsIpSecConnectionTunnelBgpSessionInfo[]: Information for establishing a BGP session for the IPSec tunnel.
compartmentId string: The OCID of the compartment containing the tunnel.
cpeIp string: The IP address of the CPE device's VPN headend. Example: 203.0.113.22
displayName string: A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpdConfigs GetIpsecConnectionTunnelsIpSecConnectionTunnelDpdConfig[]
dpdMode string: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
dpdTimeoutInSec number: DPD timeout in seconds.
encryptionDomainConfigs GetIpsecConnectionTunnelsIpSecConnectionTunnelEncryptionDomainConfig[]: Configuration information used by the encryption domain policy.
id string: The OCID of the tunnel.
ikeVersion string: Internet Key Exchange protocol version.
ipsecId string: The OCID of the IPSec connection.
natTranslationEnabled string: By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.
oracleCanInitiate string: Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device, or both respond to and initiate requests.
phaseOneDetails GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseOneDetail[]: IPSec tunnel details specific to ISAKMP phase one.
phaseTwoDetails GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseTwoDetail[]: IPsec tunnel detail information specific to phase two.
routing string: The type of routing used for this tunnel (BGP dynamic routing, static routing, or policy-based routing).
sharedSecret string
state string: The tunnel's lifecycle state.
status string: The status of the tunnel based on IPSec protocol characteristics.
timeCreated string: The date and time the IPSec tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeStatusUpdated string: When the status of the IPSec tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
tunnelId string
vpnIp string: The IP address of the Oracle VPN headend for the connection. Example: 203.0.113.21

associated_virtual_circuits Sequence[str]: The list of virtual circuit OCIDs over which your network can reach this tunnel.
bgp_session_infos Sequence[GetIpsecConnectionTunnelsIpSecConnectionTunnelBgpSessionInfo]: Information for establishing a BGP session for the IPSec tunnel.
compartment_id str: The OCID of the compartment containing the tunnel.
cpe_ip str: The IP address of the CPE device's VPN headend. Example: 203.0.113.22
display_name str: A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpd_configs Sequence[GetIpsecConnectionTunnelsIpSecConnectionTunnelDpdConfig]
dpd_mode str: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
dpd_timeout_in_sec int: DPD timeout in seconds.
encryption_domain_configs Sequence[GetIpsecConnectionTunnelsIpSecConnectionTunnelEncryptionDomainConfig]: Configuration information used by the encryption domain policy.
id str: The OCID of the tunnel.
ike_version str: Internet Key Exchange protocol version.
ipsec_id str: The OCID of the IPSec connection.
nat_translation_enabled str: By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.
oracle_can_initiate str: Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device, or both respond to and initiate requests.
phase_one_details Sequence[GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseOneDetail]: IPSec tunnel details specific to ISAKMP phase one.
phase_two_details Sequence[GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseTwoDetail]: IPsec tunnel detail information specific to phase two.
routing str: The type of routing used for this tunnel (BGP dynamic routing, static routing, or policy-based routing).
shared_secret str
state str: The tunnel's lifecycle state.
status str: The status of the tunnel based on IPSec protocol characteristics.
time_created str: The date and time the IPSec tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
time_status_updated str: When the status of the IPSec tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
tunnel_id str
vpn_ip str: The IP address of the Oracle VPN headend for the connection. Example: 203.0.113.21

associatedVirtualCircuits List<String>: The list of virtual circuit OCIDs over which your network can reach this tunnel.
bgpSessionInfos List<Property Map>: Information for establishing a BGP session for the IPSec tunnel.
compartmentId String: The OCID of the compartment containing the tunnel.
cpeIp String: The IP address of the CPE device's VPN headend. Example: 203.0.113.22
displayName String: A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpdConfigs List<Property Map>
dpdMode String: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
dpdTimeoutInSec Number: DPD timeout in seconds.
encryptionDomainConfigs List<Property Map>: Configuration information used by the encryption domain policy.
id String: The OCID of the tunnel.
ikeVersion String: Internet Key Exchange protocol version.
ipsecId String: The OCID of the IPSec connection.
natTranslationEnabled String: By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.
oracleCanInitiate String: Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device, or both respond to and initiate requests.
phaseOneDetails List<Property Map>: IPSec tunnel details specific to ISAKMP phase one.
phaseTwoDetails List<Property Map>: IPsec tunnel detail information specific to phase two.
routing String: The type of routing used for this tunnel (BGP dynamic routing, static routing, or policy-based routing).
sharedSecret String
state String: The tunnel's lifecycle state.
status String: The status of the tunnel based on IPSec protocol characteristics.
timeCreated String: The date and time the IPSec tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeStatusUpdated String: When the status of the IPSec tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
tunnelId String
vpnIp String: The IP address of the Oracle VPN headend for the connection. Example: 203.0.113.21

GetIpsecConnectionTunnelsIpSecConnectionTunnelBgpSessionInfo

BgpIpv6State string: The state of the BGP IPv6 session.
BgpIpv6state string: Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.
BgpState string: The state of the BGP session.
CustomerBgpAsn string: If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.
CustomerInterfaceIp string: The IP address for the CPE end of the inside tunnel interface.
CustomerInterfaceIpv6 string: The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
OracleBgpAsn string: The Oracle BGP ASN.
OracleInterfaceIp string: The IP address for the Oracle end of the inside tunnel interface.
OracleInterfaceIpv6 string: The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

BgpIpv6State string: The state of the BGP IPv6 session.
BgpIpv6state string: Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.
BgpState string: The state of the BGP session.
CustomerBgpAsn string: If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.
CustomerInterfaceIp string: The IP address for the CPE end of the inside tunnel interface.
CustomerInterfaceIpv6 string: The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
OracleBgpAsn string: The Oracle BGP ASN.
OracleInterfaceIp string: The IP address for the Oracle end of the inside tunnel interface.
OracleInterfaceIpv6 string: The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

bgpIpv6State String: The state of the BGP IPv6 session.
bgpIpv6state String: Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.
bgpState String: The state of the BGP session.
customerBgpAsn String: If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.
customerInterfaceIp String: The IP address for the CPE end of the inside tunnel interface.
customerInterfaceIpv6 String: The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
oracleBgpAsn String: The Oracle BGP ASN.
oracleInterfaceIp String: The IP address for the Oracle end of the inside tunnel interface.
oracleInterfaceIpv6 String: The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

bgpIpv6State string: The state of the BGP IPv6 session.
bgpIpv6state string: Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.
bgpState string: The state of the BGP session.
customerBgpAsn string: If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.
customerInterfaceIp string: The IP address for the CPE end of the inside tunnel interface.
customerInterfaceIpv6 string: The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
oracleBgpAsn string: The Oracle BGP ASN.
oracleInterfaceIp string: The IP address for the Oracle end of the inside tunnel interface.
oracleInterfaceIpv6 string: The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

bgp_ipv6_state str: The state of the BGP IPv6 session.
bgp_ipv6state str: Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.
bgp_state str: The state of the BGP session.
customer_bgp_asn str: If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.
customer_interface_ip str: The IP address for the CPE end of the inside tunnel interface.
customer_interface_ipv6 str: The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
oracle_bgp_asn str: The Oracle BGP ASN.
oracle_interface_ip str: The IP address for the Oracle end of the inside tunnel interface.
oracle_interface_ipv6 str: The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

bgpIpv6State String: The state of the BGP IPv6 session.
bgpIpv6state String: Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.
bgpState String: The state of the BGP session.
customerBgpAsn String: If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.
customerInterfaceIp String: The IP address for the CPE end of the inside tunnel interface.
customerInterfaceIpv6 String: The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
oracleBgpAsn String: The Oracle BGP ASN.
oracleInterfaceIp String: The IP address for the Oracle end of the inside tunnel interface.
oracleInterfaceIpv6 String: The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

GetIpsecConnectionTunnelsIpSecConnectionTunnelDpdConfig

DpdMode string: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
DpdTimeoutInSec int: DPD timeout in seconds.

DpdMode string: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
DpdTimeoutInSec int: DPD timeout in seconds.

dpdMode String: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
dpdTimeoutInSec Integer: DPD timeout in seconds.

dpdMode string: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
dpdTimeoutInSec number: DPD timeout in seconds.

dpd_mode str: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
dpd_timeout_in_sec int: DPD timeout in seconds.

dpdMode String: Dead peer detection (DPD) mode set on the Oracle side of the connection. This mode sets whether Oracle can only respond to a request from the CPE device to start DPD, or both respond to and initiate requests.
dpdTimeoutInSec Number: DPD timeout in seconds.

GetIpsecConnectionTunnelsIpSecConnectionTunnelEncryptionDomainConfig

CpeTrafficSelectors List<string>: Lists IPv4 or IPv6-enabled subnets in your on-premises network.
OracleTrafficSelectors List<string>: Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.

CpeTrafficSelectors []string: Lists IPv4 or IPv6-enabled subnets in your on-premises network.
OracleTrafficSelectors []string: Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.

cpeTrafficSelectors List<String>: Lists IPv4 or IPv6-enabled subnets in your on-premises network.
oracleTrafficSelectors List<String>: Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.

cpeTrafficSelectors string[]: Lists IPv4 or IPv6-enabled subnets in your on-premises network.
oracleTrafficSelectors string[]: Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.

cpe_traffic_selectors Sequence[str]: Lists IPv4 or IPv6-enabled subnets in your on-premises network.
oracle_traffic_selectors Sequence[str]: Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.

cpeTrafficSelectors List<String>: Lists IPv4 or IPv6-enabled subnets in your on-premises network.
oracleTrafficSelectors List<String>: Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.

GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseOneDetail

CustomAuthenticationAlgorithm string: Phase two authentication algorithm proposed during tunnel negotiation.
CustomDhGroup string: The proposed custom Diffie-Hellman group.
CustomEncryptionAlgorithm string: The proposed custom phase two encryption algorithm.
IsCustomPhaseOneConfig bool: Indicates whether custom phase one configuration is enabled. If this option is not enabled, default settings are proposed.
IsIkeEstablished bool: Indicates whether IKE phase one is established.
Lifetime int: The total configured lifetime of the IKE security association.
NegotiatedAuthenticationAlgorithm string: The negotiated phase two authentication algorithm.
NegotiatedDhGroup string: The negotiated Diffie-Hellman group.
NegotiatedEncryptionAlgorithm string: The negotiated encryption algorithm.
RemainingLifetime string: Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.
RemainingLifetimeInt int: The remaining lifetime before the key is refreshed.
RemainingLifetimeLastRetrieved string: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

CustomAuthenticationAlgorithm string: Phase two authentication algorithm proposed during tunnel negotiation.
CustomDhGroup string: The proposed custom Diffie-Hellman group.
CustomEncryptionAlgorithm string: The proposed custom phase two encryption algorithm.
IsCustomPhaseOneConfig bool: Indicates whether custom phase one configuration is enabled. If this option is not enabled, default settings are proposed.
IsIkeEstablished bool: Indicates whether IKE phase one is established.
Lifetime int: The total configured lifetime of the IKE security association.
NegotiatedAuthenticationAlgorithm string: The negotiated phase two authentication algorithm.
NegotiatedDhGroup string: The negotiated Diffie-Hellman group.
NegotiatedEncryptionAlgorithm string: The negotiated encryption algorithm.
RemainingLifetime string: Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.
RemainingLifetimeInt int: The remaining lifetime before the key is refreshed.
RemainingLifetimeLastRetrieved string: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

customAuthenticationAlgorithm String: Phase two authentication algorithm proposed during tunnel negotiation.
customDhGroup String: The proposed custom Diffie-Hellman group.
customEncryptionAlgorithm String: The proposed custom phase two encryption algorithm.
isCustomPhaseOneConfig Boolean: Indicates whether custom phase one configuration is enabled. If this option is not enabled, default settings are proposed.
isIkeEstablished Boolean: Indicates whether IKE phase one is established.
lifetime Integer: The total configured lifetime of the IKE security association.
negotiatedAuthenticationAlgorithm String: The negotiated phase two authentication algorithm.
negotiatedDhGroup String: The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm String: The negotiated encryption algorithm.
remainingLifetime String: Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.
remainingLifetimeInt Integer: The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved String: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

customAuthenticationAlgorithm string: Phase two authentication algorithm proposed during tunnel negotiation.
customDhGroup string: The proposed custom Diffie-Hellman group.
customEncryptionAlgorithm string: The proposed custom phase two encryption algorithm.
isCustomPhaseOneConfig boolean: Indicates whether custom phase one configuration is enabled. If this option is not enabled, default settings are proposed.
isIkeEstablished boolean: Indicates whether IKE phase one is established.
lifetime number: The total configured lifetime of the IKE security association.
negotiatedAuthenticationAlgorithm string: The negotiated phase two authentication algorithm.
negotiatedDhGroup string: The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm string: The negotiated encryption algorithm.
remainingLifetime string: Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.
remainingLifetimeInt number: The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved string: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

custom_authentication_algorithm str: Phase two authentication algorithm proposed during tunnel negotiation.
custom_dh_group str: The proposed custom Diffie-Hellman group.
custom_encryption_algorithm str: The proposed custom phase two encryption algorithm.
is_custom_phase_one_config bool: Indicates whether custom phase one configuration is enabled. If this option is not enabled, default settings are proposed.
is_ike_established bool: Indicates whether IKE phase one is established.
lifetime int: The total configured lifetime of the IKE security association.
negotiated_authentication_algorithm str: The negotiated phase two authentication algorithm.
negotiated_dh_group str: The negotiated Diffie-Hellman group.
negotiated_encryption_algorithm str: The negotiated encryption algorithm.
remaining_lifetime str: Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.
remaining_lifetime_int int: The remaining lifetime before the key is refreshed.
remaining_lifetime_last_retrieved str: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

customAuthenticationAlgorithm String: Phase two authentication algorithm proposed during tunnel negotiation.
customDhGroup String: The proposed custom Diffie-Hellman group.
customEncryptionAlgorithm String: The proposed custom phase two encryption algorithm.
isCustomPhaseOneConfig Boolean: Indicates whether custom phase one configuration is enabled. If this option is not enabled, default settings are proposed.
isIkeEstablished Boolean: Indicates whether IKE phase one is established.
lifetime Number: The total configured lifetime of the IKE security association.
negotiatedAuthenticationAlgorithm String: The negotiated phase two authentication algorithm.
negotiatedDhGroup String: The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm String: The negotiated encryption algorithm.
remainingLifetime String: Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.
remainingLifetimeInt Number: The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved String: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseTwoDetail

CustomAuthenticationAlgorithm string: Phase two authentication algorithm proposed during tunnel negotiation.
CustomEncryptionAlgorithm string: The proposed custom phase two encryption algorithm.
DhGroup string: The proposed Diffie-Hellman group.
IsCustomPhaseTwoConfig bool: Indicates whether custom phase two configuration is enabled. If this option is not enabled, default settings are proposed.
IsEspEstablished bool: Indicates that ESP phase two is established.
IsPfsEnabled bool: Indicates that PFS (perfect forward secrecy) is enabled.
Lifetime int: The total configured lifetime of the IKE security association.
NegotiatedAuthenticationAlgorithm string: The negotiated phase two authentication algorithm.
NegotiatedDhGroup string: The negotiated Diffie-Hellman group.
NegotiatedEncryptionAlgorithm string: The negotiated encryption algorithm.
RemainingLifetime string: Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.
RemainingLifetimeInt int: The remaining lifetime before the key is refreshed.
RemainingLifetimeLastRetrieved string: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

CustomAuthenticationAlgorithm string: Phase two authentication algorithm proposed during tunnel negotiation.
CustomEncryptionAlgorithm string: The proposed custom phase two encryption algorithm.
DhGroup string: The proposed Diffie-Hellman group.
IsCustomPhaseTwoConfig bool: Indicates whether custom phase two configuration is enabled. If this option is not enabled, default settings are proposed.
IsEspEstablished bool: Indicates that ESP phase two is established.
IsPfsEnabled bool: Indicates that PFS (perfect forward secrecy) is enabled.
Lifetime int: The total configured lifetime of the IKE security association.
NegotiatedAuthenticationAlgorithm string: The negotiated phase two authentication algorithm.
NegotiatedDhGroup string: The negotiated Diffie-Hellman group.
NegotiatedEncryptionAlgorithm string: The negotiated encryption algorithm.
RemainingLifetime string: Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.
RemainingLifetimeInt int: The remaining lifetime before the key is refreshed.
RemainingLifetimeLastRetrieved string: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

customAuthenticationAlgorithm String: Phase two authentication algorithm proposed during tunnel negotiation.
customEncryptionAlgorithm String: The proposed custom phase two encryption algorithm.
dhGroup String: The proposed Diffie-Hellman group.
isCustomPhaseTwoConfig Boolean: Indicates whether custom phase two configuration is enabled. If this option is not enabled, default settings are proposed.
isEspEstablished Boolean: Indicates that ESP phase two is established.
isPfsEnabled Boolean: Indicates that PFS (perfect forward secrecy) is enabled.
lifetime Integer: The total configured lifetime of the IKE security association.
negotiatedAuthenticationAlgorithm String: The negotiated phase two authentication algorithm.
negotiatedDhGroup String: The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm String: The negotiated encryption algorithm.
remainingLifetime String: Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.
remainingLifetimeInt Integer: The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved String: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

customAuthenticationAlgorithm string: Phase two authentication algorithm proposed during tunnel negotiation.
customEncryptionAlgorithm string: The proposed custom phase two encryption algorithm.
dhGroup string: The proposed Diffie-Hellman group.
isCustomPhaseTwoConfig boolean: Indicates whether custom phase two configuration is enabled. If this option is not enabled, default settings are proposed.
isEspEstablished boolean: Indicates that ESP phase two is established.
isPfsEnabled boolean: Indicates that PFS (perfect forward secrecy) is enabled.
lifetime number: The total configured lifetime of the IKE security association.
negotiatedAuthenticationAlgorithm string: The negotiated phase two authentication algorithm.
negotiatedDhGroup string: The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm string: The negotiated encryption algorithm.
remainingLifetime string: Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.
remainingLifetimeInt number: The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved string: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

custom_authentication_algorithm str: Phase two authentication algorithm proposed during tunnel negotiation.
custom_encryption_algorithm str: The proposed custom phase two encryption algorithm.
dh_group str: The proposed Diffie-Hellman group.
is_custom_phase_two_config bool: Indicates whether custom phase two configuration is enabled. If this option is not enabled, default settings are proposed.
is_esp_established bool: Indicates that ESP phase two is established.
is_pfs_enabled bool: Indicates that PFS (perfect forward secrecy) is enabled.
lifetime int: The total configured lifetime of the IKE security association.
negotiated_authentication_algorithm str: The negotiated phase two authentication algorithm.
negotiated_dh_group str: The negotiated Diffie-Hellman group.
negotiated_encryption_algorithm str: The negotiated encryption algorithm.
remaining_lifetime str: Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.
remaining_lifetime_int int: The remaining lifetime before the key is refreshed.
remaining_lifetime_last_retrieved str: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

customAuthenticationAlgorithm String: Phase two authentication algorithm proposed during tunnel negotiation.
customEncryptionAlgorithm String: The proposed custom phase two encryption algorithm.
dhGroup String: The proposed Diffie-Hellman group.
isCustomPhaseTwoConfig Boolean: Indicates whether custom phase two configuration is enabled. If this option is not enabled, default settings are proposed.
isEspEstablished Boolean: Indicates that ESP phase two is established.
isPfsEnabled Boolean: Indicates that PFS (perfect forward secrecy) is enabled.
lifetime Number: The total configured lifetime of the IKE security association.
negotiatedAuthenticationAlgorithm String: The negotiated phase two authentication algorithm.
negotiatedDhGroup String: The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm String: The negotiated encryption algorithm.
remainingLifetime String: Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.
remainingLifetimeInt Number: The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved String: The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

Package Details

Repository: oci pulumi/pulumi-oci
License: Apache-2.0
Notes: This Pulumi package is based on the oci Terraform Provider.

Oracle Cloud Infrastructure v3.9.0 published on Wednesday, Sep 24, 2025 by Pulumi

pulumi/pulumi-oci

oci.Core.getIpsecConnectionTunnels

On this page

On this page

Example Usage

Using getIpsecConnectionTunnels

getIpsecConnectionTunnels Result

Supporting Types

GetIpsecConnectionTunnelsFilter

GetIpsecConnectionTunnelsIpSecConnectionTunnel

GetIpsecConnectionTunnelsIpSecConnectionTunnelBgpSessionInfo

GetIpsecConnectionTunnelsIpSecConnectionTunnelDpdConfig

GetIpsecConnectionTunnelsIpSecConnectionTunnelEncryptionDomainConfig

GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseOneDetail

GetIpsecConnectionTunnelsIpSecConnectionTunnelPhaseTwoDetail

Package Details

On this page

On this page