← Back to index

opnsense_ipsec_child (Resource)

IPsec Child Resources are used for phase 2 of IPsec VPN connections.

Example Usage

// Small example
resource "opnsense_ipsec_connection" "example" {
  enabled                  = "1"
  proposals                = ["default"]
  unique                   = "no"
  aggressive               = "0"
  version                  = "2"
  mobike                   = "1"
  local_addresses          = ["192.168.1.1"]
  remote_addresses         = ["10.0.0.1"]
  local_port               = ""
  remote_port              = ""
  udp_encapsulation        = "0"
  reauthentication_time    = "3600"
  rekey_time               = "1800"
  ike_lifetime             = "3600"
  dpd_delay                = "10"
  dpd_timeout              = "60"
  send_certificate_request = "1"
  send_certificate         = "ifasked"
  keying_tries             = "1"
  description              = "Example IPsec Connection"
}

resource "opnsense_ipsec_child" "example" {
  enabled          = "1"
  ipsec_connection = opnsense_ipsec_connection.example.id
  proposals        = ["default"]
  sha256_96        = "0"
  start_action     = "trap|start"
  close_action     = "none"
  dpd_action       = "start"
  mode             = "tunnel"
  install_policies = "1"
  local_networks   = ["192.168.1.0/24"]
  remote_networks  = ["10.0.0.0/24"]
  request_id       = "100"
  rekey_time       = "1800"
  description      = "Example IPsec Child"
}

Schema

Required

  • ipsec_connection (String) The parent connection UUID.
  • local_networks (Set of String) List of local networks for the Child Resource.
  • proposals (Set of String) List of proposals for the Child Resource.
  • remote_networks (Set of String) List of remote networks for the Child Resource.

Optional

  • close_action (String) Close action for the Child Resource.
  • description (String) Optional description for the PSK.
  • dpd_action (String) DPD action for the Child Resource.
  • enabled (String) Enable or disable the Child Resource.
  • install_policies (String) Install policies for the Child Resource.
  • mode (String) Mode for the Child Resource.
  • rekey_time (String) Rekey time for the Child Resource in seconds.
  • request_id (String) Request ID for the Child Resource.
  • sha256_96 (String) Enable or disable SHA256_96.
  • start_action (String) Start action for the Child Resource.

Read-Only

  • id (String) UUID of the resource.

Import

In Terraform v1.5.0 and later, use an import block to import opnsense_ipsec_child using the id. For example:

import {
  to = opnsense_ipsec_child.example
  id = "<opnsense-resource-id>"
}

Using terraform import, import opnsense_ipsec_child using the id. For example:

% terraform import opnsense_ipsec_child.example <opnsense-resource-id>