← Back to index

opnsense_ipsec_connection (Resource)

IPsec Connections are used for establishing secure communication channels.

Example Usage

// Small example
resource "opnsense_ipsec_connection" "example" {
  enabled                  = "1"
  proposals                = ["default"]
  unique                   = "no"
  aggressive               = "0"
  version                  = "2"
  mobike                   = "1"
  local_addresses          = ["192.168.1.1"]
  remote_addresses         = ["10.0.0.1"]
  local_port               = ""
  remote_port              = ""
  udp_encapsulation        = "0"
  reauthentication_time    = "3600"
  rekey_time               = "1800"
  ike_lifetime             = "3600"
  dpd_delay                = "10"
  dpd_timeout              = "60"
  send_certificate_request = "1"
  send_certificate         = "ifasked"
  keying_tries             = "1"
  description              = "Example IPsec Connection"
}

Schema

Required

  • aggressive (String) Enable or disable aggressive mode.
  • description (String) Description for the IPsec connection.
  • dpd_delay (String) Dead Peer Detection (DPD) delay.
  • dpd_timeout (String) Dead Peer Detection (DPD) timeout.
  • enabled (String) Enable or disable the IPsec connection.
  • ike_lifetime (String) IKE lifetime duration.
  • keying_tries (String) Number of keying tries.
  • local_addresses (Set of String) List of local addresses for the connection.
  • local_port (String) Local port for the connection.
  • mobike (String) Enable or disable MOBIKE support.
  • proposals (Set of String) List of encryption proposals for the connection.
  • reauthentication_time (String) Time interval for reauthentication.
  • rekey_time (String) Time interval for rekeying.
  • remote_addresses (Set of String) List of remote addresses for the connection.
  • remote_port (String) Remote port for the connection.
  • send_certificate (String) Whether to send a certificate.
  • send_certificate_request (String) Whether to send a certificate request.
  • udp_encapsulation (String) Enable or disable UDP encapsulation.
  • unique (String) Whether the connection should use unique IDs.
  • version (String) IKE version to use (e.g., '1', '2').

Optional

  • ip_pools (Set of String) List of IP pools for the connection.

Read-Only

  • id (String) UUID of the resource.

Import

In Terraform v1.5.0 and later, use an import block to import opnsense_ipsec_connection using the id. For example:

import {
  to = opnsense_ipsec_connection.example
  id = "<opnsense-resource-id>"
}

Using terraform import, import opnsense_ipsec_connection using the id. For example:

% terraform import opnsense_ipsec_connection.example <opnsense-resource-id>