routeros 1.83.1, Apr 28 25

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.IpIpsecPeer

Explore with Pulumi AI

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as routeros from "@pulumi/routeros";

const test = new routeros.IpIpsecPeer("test", {
    address: "lv20.nordvpn.com",
    exchangeMode: "ike2",
});

import pulumi
import pulumi_routeros as routeros

test = routeros.IpIpsecPeer("test",
    address="lv20.nordvpn.com",
    exchange_mode="ike2")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/routeros/routeros"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := routeros.NewIpIpsecPeer(ctx, "test", &routeros.IpIpsecPeerArgs{
			Address:      pulumi.String("lv20.nordvpn.com"),
			ExchangeMode: pulumi.String("ike2"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Routeros = Pulumi.Routeros;

return await Deployment.RunAsync(() => 
{
    var test = new Routeros.IpIpsecPeer("test", new()
    {
        Address = "lv20.nordvpn.com",
        ExchangeMode = "ike2",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.routeros.IpIpsecPeer;
import com.pulumi.routeros.IpIpsecPeerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new IpIpsecPeer("test", IpIpsecPeerArgs.builder()
            .address("lv20.nordvpn.com")
            .exchangeMode("ike2")
            .build());

    }
}

resources:
  test:
    type: routeros:IpIpsecPeer
    properties:
      address: lv20.nordvpn.com
      exchangeMode: ike2

Create IpIpsecPeer Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IpIpsecPeer(name: string, args?: IpIpsecPeerArgs, opts?: CustomResourceOptions);

@overload
def IpIpsecPeer(resource_name: str,
                args: Optional[IpIpsecPeerArgs] = None,
                opts: Optional[ResourceOptions] = None)

@overload
def IpIpsecPeer(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                ___id_: Optional[float] = None,
                ___path_: Optional[str] = None,
                address: Optional[str] = None,
                comment: Optional[str] = None,
                disabled: Optional[bool] = None,
                exchange_mode: Optional[str] = None,
                ip_ipsec_peer_id: Optional[str] = None,
                local_address: Optional[str] = None,
                name: Optional[str] = None,
                passive: Optional[bool] = None,
                port: Optional[float] = None,
                profile: Optional[str] = None,
                send_initial_contact: Optional[bool] = None)

func NewIpIpsecPeer(ctx *Context, name string, args *IpIpsecPeerArgs, opts ...ResourceOption) (*IpIpsecPeer, error)

public IpIpsecPeer(string name, IpIpsecPeerArgs? args = null, CustomResourceOptions? opts = null)

public IpIpsecPeer(String name, IpIpsecPeerArgs args)
public IpIpsecPeer(String name, IpIpsecPeerArgs args, CustomResourceOptions options)

type: routeros:IpIpsecPeer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IpIpsecPeerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IpIpsecPeerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IpIpsecPeerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IpIpsecPeerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IpIpsecPeerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

IpIpsecPeer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IpIpsecPeer resource accepts the following input properties:

Address string: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
Comment string
Disabled bool
ExchangeMode string: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
IpIpsecPeerId string: The ID of this resource.
LocalAddress string: Routers local address on which Phase 1 should be bounded to.
Name string: Peer name.
Passive bool: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
Port double: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
Profile string: Name of the profile template that will be used during IKE negotiation.
SendInitialContact bool: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

Address string: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
Comment string
Disabled bool
ExchangeMode string: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
IpIpsecPeerId string: The ID of this resource.
LocalAddress string: Routers local address on which Phase 1 should be bounded to.
Name string: Peer name.
Passive bool: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
Port float64: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
Profile string: Name of the profile template that will be used during IKE negotiation.
SendInitialContact bool: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
address String: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
comment String
disabled Boolean
exchangeMode String: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
ipIpsecPeerId String: The ID of this resource.
localAddress String: Routers local address on which Phase 1 should be bounded to.
name String: Peer name.
passive Boolean: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
port Double: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
profile String: Name of the profile template that will be used during IKE negotiation.
sendInitialContact Boolean: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.

___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
address string: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
comment string
disabled boolean
exchangeMode string: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
ipIpsecPeerId string: The ID of this resource.
localAddress string: Routers local address on which Phase 1 should be bounded to.
name string: Peer name.
passive boolean: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
port number: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
profile string: Name of the profile template that will be used during IKE negotiation.
sendInitialContact boolean: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.

___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
address str: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
comment str
disabled bool
exchange_mode str: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
ip_ipsec_peer_id str: The ID of this resource.
local_address str: Routers local address on which Phase 1 should be bounded to.
name str: Peer name.
passive bool: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
port float: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
profile str: Name of the profile template that will be used during IKE negotiation.
send_initial_contact bool: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.

___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
address String: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
comment String
disabled Boolean
exchangeMode String: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
ipIpsecPeerId String: The ID of this resource.
localAddress String: Routers local address on which Phase 1 should be bounded to.
name String: Peer name.
passive Boolean: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
port Number: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
profile String: Name of the profile template that will be used during IKE negotiation.
sendInitialContact Boolean: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.

Outputs

All input properties are implicitly available as output properties. Additionally, the IpIpsecPeer resource produces the following output properties:

Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
Id string: The provider-assigned unique ID for this managed resource.
Responder bool: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.

Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
Id string: The provider-assigned unique ID for this managed resource.
Responder bool: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.

dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id String: The provider-assigned unique ID for this managed resource.
responder Boolean: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.

dynamic boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id string: The provider-assigned unique ID for this managed resource.
responder boolean: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.

dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id str: The provider-assigned unique ID for this managed resource.
responder bool: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.

dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id String: The provider-assigned unique ID for this managed resource.
responder Boolean: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.

Look up Existing IpIpsecPeer Resource

Get an existing IpIpsecPeer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IpIpsecPeerState, opts?: CustomResourceOptions): IpIpsecPeer

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        ___id_: Optional[float] = None,
        ___path_: Optional[str] = None,
        address: Optional[str] = None,
        comment: Optional[str] = None,
        disabled: Optional[bool] = None,
        dynamic: Optional[bool] = None,
        exchange_mode: Optional[str] = None,
        ip_ipsec_peer_id: Optional[str] = None,
        local_address: Optional[str] = None,
        name: Optional[str] = None,
        passive: Optional[bool] = None,
        port: Optional[float] = None,
        profile: Optional[str] = None,
        responder: Optional[bool] = None,
        send_initial_contact: Optional[bool] = None) -> IpIpsecPeer

func GetIpIpsecPeer(ctx *Context, name string, id IDInput, state *IpIpsecPeerState, opts ...ResourceOption) (*IpIpsecPeer, error)

public static IpIpsecPeer Get(string name, Input<string> id, IpIpsecPeerState? state, CustomResourceOptions? opts = null)

public static IpIpsecPeer get(String name, Output<String> id, IpIpsecPeerState state, CustomResourceOptions options)

resources:  _:    type: routeros:IpIpsecPeer    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Address string: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
Comment string
Disabled bool
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
ExchangeMode string: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
IpIpsecPeerId string: The ID of this resource.
LocalAddress string: Routers local address on which Phase 1 should be bounded to.
Name string: Peer name.
Passive bool: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
Port double: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
Profile string: Name of the profile template that will be used during IKE negotiation.
Responder bool: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.
SendInitialContact bool: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

Address string: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
Comment string
Disabled bool
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
ExchangeMode string: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
IpIpsecPeerId string: The ID of this resource.
LocalAddress string: Routers local address on which Phase 1 should be bounded to.
Name string: Peer name.
Passive bool: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
Port float64: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
Profile string: Name of the profile template that will be used during IKE negotiation.
Responder bool: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.
SendInitialContact bool: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
address String: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
comment String
disabled Boolean
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
exchangeMode String: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
ipIpsecPeerId String: The ID of this resource.
localAddress String: Routers local address on which Phase 1 should be bounded to.
name String: Peer name.
passive Boolean: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
port Double: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
profile String: Name of the profile template that will be used during IKE negotiation.
responder Boolean: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.
sendInitialContact Boolean: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.

___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
address string: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
comment string
disabled boolean
dynamic boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
exchangeMode string: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
ipIpsecPeerId string: The ID of this resource.
localAddress string: Routers local address on which Phase 1 should be bounded to.
name string: Peer name.
passive boolean: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
port number: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
profile string: Name of the profile template that will be used during IKE negotiation.
responder boolean: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.
sendInitialContact boolean: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.

___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
address str: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
comment str
disabled bool
dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
exchange_mode str: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
ip_ipsec_peer_id str: The ID of this resource.
local_address str: Routers local address on which Phase 1 should be bounded to.
name str: Peer name.
passive bool: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
port float: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
profile str: Name of the profile template that will be used during IKE negotiation.
responder bool: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.
send_initial_contact bool: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.

___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
address String: If the remote peer's address matches this prefix, then the peer configuration is used in authentication and establishment of Phase 1. If several peer's addresses match several configuration entries, the most specific one (i.e. the one with the largest netmask) will be used.
comment String
disabled Boolean
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
exchangeMode String: Different ISAKMP phase 1 exchange modes according to RFC 2408. the main mode relaxes rfc2409 section 5.4, to allow pre-shared-key authentication in the main mode. ike2 mode enables Ikev2 RFC 7296. Parameters that are ignored by IKEv2 proposal-check, compatibility-options, lifebytes, dpd-maximum-failures, nat-traversal.
ipIpsecPeerId String: The ID of this resource.
localAddress String: Routers local address on which Phase 1 should be bounded to.
name String: Peer name.
passive Boolean: When a passive mode is enabled will wait for a remote peer to initiate an IKE connection. The enabled passive mode also indicates that the peer is xauth responder, and disabled passive mode - xauth initiator. When a passive mode is a disabled peer will try to establish not only phase1 but also phase2 automatically, if policies are configured or created during the phase1.
port Number: Communication port used (when a router is an initiator) to connect to remote peer in cases if remote peer uses the non-default port.
profile String: Name of the profile template that will be used during IKE negotiation.
responder Boolean: Whether this peer will act as a responder only (listen to incoming requests) and not initiate a connection.
sendInitialContact Boolean: Specifies whether to send initial contact IKE packet or wait for remote side, this packet should trigger the removal of old peer SAs for current source address. Usually, in road warrior setups clients are initiators and this parameter should be set to no. Initial contact is not sent if modecfg or xauth is enabled for ikev1.

Import

#The ID can be found via API or the terminal

#The command for the terminal is -> :put [/ip/ipsec/peer get [print show-ids]]

$ pulumi import routeros:index/ipIpsecPeer:IpIpsecPeer test *3

#Or you can import a resource using one of its attributes

$ pulumi import routeros:index/ipIpsecPeer:IpIpsecPeer test "name=NordVPN"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: routeros terraform-routeros/terraform-provider-routeros
License
Notes: This Pulumi package is based on the routeros Terraform Provider.

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.IpIpsecPeer

On this page

On this page

Example Usage

Create IpIpsecPeer Resource

Constructor syntax

Parameters

IpIpsecPeer Resource Properties

Inputs

Outputs

Look up Existing IpIpsecPeer Resource

Import

Package Details

On this page

On this page