Joining the ConversationTerraform: IPsec site creation with Responder-only and destination type FQDN possible?
Hi,
see subject.
When trying to setup an ipsec site (IKEv2) in responder only mode and with destination type FQDN for primary and secondary tunnel, terraform (in fact opentofu), gives this error:
│ Error: Cato API error in SiteAddIpsecIkeV2SiteTunnels
│
│ with cato_ipsec_site.Vienna,
│ on main.tf line 73, in resource "cato_ipsec_site" "Vienna":
│ 73: resource "cato_ipsec_site" "Vienna" {
│
│ {"networkErrors":{"code":422,"message":"Response body {\"errors\":[{\"message\":\"input:
│ variable.updateIpsecIkeV2SiteTunnelsInput.primary.tunnels[0].tunnelId is not a valid
│ IPSecV2InterfaceId\",\"path\":[\"variable\",\"updateIpsecIkeV2SiteTunnelsInput\",\"primary\",\"tunnels\",0,\"tunnelId\"]}],\"data\":null}"},"graphqlErrors":[{"message":"input:
│ variable.updateIpsecIkeV2SiteTunnelsInput.primary.tunnels[0].tunnelId is not a valid
│ IPSecV2InterfaceId","path":["variable","updateIpsecIkeV2SiteTunnelsInput","primary","tunnels",0,"tunnelId"]}]}
╵
That appears when adding the "tunnels" section.
Without that section, a deployment if possible.
Obviously, the tunnels section is required.
--------------------snip--------------------
connection_mode = "RESPONDER_ONLY"
identification_type = "IPV4"
primary = {
destination_type = "FQDN"
tunnels = [
{
public_site_ip = "10.10.10.10"
psk = "abcABC1234567!!"
//last_mile_bw = {
//downstream = 10
//upstream = 10
}
]
}
---------------snap-------------------------------------
Is that supported with the terraform provider currently?
Thanks,
Christian
