
This Repository contains the "vcd_nsxt_ipsec_vpn_tunnel" Terraform Module. You can use this Module to deploy NSX-T IPSec VPN Tunnels into a VMware Cloud Director (VCD) Environment.

Primary LanguageHCL

Terraform VMware Cloud Director NSX-T IPSec VPN Tunnel Module

This Terraform module will deploy an IPSec VPN Tunnel on an NSX-T Edge Gateway in a VMware Cloud Director (VCD) environment. This module can be used to provision a new IPSec VPN Tunnel into Rackspace Technology SDDC Flex VCD Data Center Regions.


Name Version
terraform ~> 1.2
vcd ~> 3.8


Name Type
vcd_vdc_group Data Source
vcd_nsxt_edgegateway Data Source
vcd_library_certificate Data Source
vcd_nsxt_ipsec_vpn_tunnel Resource


Name Description Type Default Required
vdc_org_name The name of the Data Center Group Organization in VCD string "Organization Name Format: <Account_Number>-<Region>-<Account_Name>" yes
vdc_group_name The name of the Data Center Group in VCD string "Data Center Group Name Format: <Account_Number>-<Region>-<Account_Name> <datacenter group>" yes
vdc_edge_name Name of the Data Center Group Edge Gateway string "Edge Gateway Name Format: <Account_Number>-<Region>-<Edge_GW_Identifier>-<edge>" Yes
name The name of the IPSec VPN tunnel string - yes
description The description of the IPSec VPN tunnel string "" no
enabled Whether the IPSec VPN tunnel is enabled bool true no
pre_shared_key The pre-shared key for authentication (used when authentication mode is PSK) string "" yes
local_ip_address The local IP address for the IPSec VPN tunnel string - yes
local_networks List of local networks (CIDR blocks) to be included in the tunnel list(string) - yes
remote_ip_address The remote IP address for the IPSec VPN tunnel string - yes
remote_id The remote identifier for the IPSec VPN tunnel string "" no
remote_networks List of remote networks (CIDR blocks) to be included in the tunnel list(string) [""] no
logging Whether logging is enabled for the IPSec VPN tunnel bool false no
authentication_mode The authentication mode for the IPSec VPN tunnel string "PSK" no
certificate_alias The alias of the library certificate to use for authentication string "" no
ca_certificate_alias The alias of the CA certificate to use for authentication string "" no


Name Description
ipsec_vpn_tunnel_name The name of the IPSec VPN tunnel
authentication_mode The authentication mode of the IPSec VPN tunnel
local_ip_address The local IP address of the IPSec VPN tunnel
local_networks The local networks of the IPSec VPN tunnel
remote_ip_address The remote IP address of the IPSec VPN tunnel
remote_networks The remote networks of the IPSec VPN tunnel
remote_id The remote identifier of the IPSec VPN tunnel
security_profile The security profile of the IPSec VPN tunnel
status The status of the IPSec VPN tunnel

Example Usage

module "vcd_nsxt_ipsec_vpn_tunnel" {
  source                = "github.com/global-vmware/vcd_nsxt_ipsec_vpn_tunnel.git?ref=v1.1.1"

  vdc_org_name          = "<US1-VDC-ORG-NAME>"
  vdc_group_name        = "<US1-VDC-GRP-NAME>"
  vdc_edge_name         = "<US1-VDC-EDGE-NAME>"

  name                  = "US1-VPN-Tunnel-->US2"

  authentication_mode   = "PSK"

  pre_shared_key        = "mysecretpsk"

  local_ip_address      = ""
  local_networks        = ["", "", "", "", ""]

  remote_ip_address     = ""
  remote_networks       = ["", "", "", "", ""]


This module is maintained by the Global VMware Cloud Automation Services Team.