terraform-provider-oci
terraform-provider-oci copied to clipboard
oracle
Unable to create Site-to-Site VPN connection with oci_core_ipsec
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Issue details
Hi , We are trying to create OCI site-to-site VPN connection using the oci_core_ipsec resource , however , when running TF apply , its complaining that two tunnel configurations are missing. While the resource configuration does not have such attribute to define tunnels in there . There is only one attribute "static_routes" about which documentation states that " If you configure both tunnels to use BGP dynamic routing, you can provide an empty list for the static routes.". So I left it empty list for two BGP tunnels. Regardless even if put some value there e.g. ["0.0.0.0/0"] , it still gives the same error.
Terraform Version and Provider Version
Terraform v1.6.3 on linux_amd64
- provider registry.terraform.io/oracle/oci v5.19.0
Affected Resource(s)
oci_core_ipsec
Terraform Configuration Files
resource "oci_core_cpe" "this" { #Required compartment_id = var.compartment_id ip_address = var.cpe_ip display_name = "TEST-CPE02" is_private = "true" }
resource "oci_core_ipsec" "vpn02" { #Required compartment_id = var.compartment_id cpe_id = resource.oci_core_cpe.this.id drg_id = var.drg_id static_routes = []
}
Debug Output
oci_core_ipsec.vpn02: Creating... ╷ │ Error: 400-InvalidParameter, Request passed in to create private Ipsec tunnels must have 2 tunnel configuration details by default but 0 was provided │ Suggestion: Please update the parameter(s) in the Terraform config as per error message Request passed in to create private Ipsec tunnels must have 2 tunnel configuration details by default but 0 was provided │ Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_ip_sec_connection │ API Reference: https://docs.oracle.com/iaas/api/#/en/iaas/20160918/IPSecConnection/CreateIPSecConnection │ Request Target: POST https://iaas.ca-toronto-1.oraclecloud.com/20160918/ipsecConnections │ Provider version: 5.19.0, released on 2023-11-01. │ Service: Core Ip Sec Connection │ Operation Name: CreateIPSecConnection │ OPC request ID: 21c9b1ea751c2644adcbcf8363f24bb1/D6A08C9ACFCC5E6425841AC85A8C4010/7B85670DFBBA1327073C32DB5991F191 │ │ │ with oci_core_ipsec.vpn02, │ on main.tf line 20, in resource "oci_core_ipsec" "vpn02": │ 20: resource "oci_core_ipsec" "vpn02" {
Panic Output
Expected Behavior
It should create the OCI Site-to-Site connection.
Actual Behavior
Instead of creating resource , its produce above error.
Steps to Reproduce
- use the above config
- run Terraform apply
Important Factoids
n/a
References
Creating private IPSec connections with terraform is not supported at this time
Thanks Iris for looking into it . Do you have any time frame when this will be available in future ? As our requirements is to configure the redundant VPN connections over FastConnect. We have done the manual configuration which just works fine , however, when trying to automate with Terraform we stuck on this step. CPE creation via TF with private IP/Fastconnect works fine.
Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.
Hi Team, Is there any time frame when this resource would be available for General usage?
If its not supported then why would there be a resource in the provider???
Can this limitation (no support for private ipsec connections) be mentioned on the documentation page? https://github.com/oracle/terraform-provider-oci/blob/master/website/docs/r/core_ipsec.html.markdown
