From 6e540f1593f2e19c87dfb5f2ba158d82d15498b5 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 11:06:00 +0000 Subject: [PATCH 01/22] removed unnecessary sentence --- .../partials/magic-transit/tunnel-endpoints/add-tunnels.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 831b987136cb00d..e139d0389a062cd 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -9,7 +9,7 @@ params: - tunnelHealthDash --- -import { Details, Markdown, Render, TabItem, Tabs } from "~/components"; +import { APIRequest, Details, Markdown, Render, TabItem, Tabs } from "~/components"; @@ -81,7 +81,7 @@ import { Details, Markdown, Render, TabItem, Tabs } from "~/components";
-Create a `POST` request [using the API](/api/resources/magic_transit/subresources/gre_tunnels/methods/create/) to create a GRE tunnel. You will need your [API Key](/fundamentals/api/get-started/keys/#view-your-global-api-key). +Create a `POST` request [using the API](/api/resources/magic_transit/subresources/gre_tunnels/methods/create/) to create a GRE tunnel. Example: From 14f18ad8288ccbccadb0416602524821abf290ac Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 11:10:03 +0000 Subject: [PATCH 02/22] added apirequest --- .../magic-transit/tunnel-endpoints/add-tunnels.mdx | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index e139d0389a062cd..481d28a965a6b40 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -85,6 +85,19 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource Example: +", + "description": "", + "interface_address": "", + "cloudflare_gre_endpoint": "", + "customer_gre_endpoint": "" + }} +/> + + ```bash curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/gre_tunnels \ --header "X-Auth-Email: " \ From 486fb8c3af811b84d2abef22373cb8b7291f3337 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 11:10:18 +0000 Subject: [PATCH 03/22] removed old example --- .../tunnel-endpoints/add-tunnels.mdx | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 481d28a965a6b40..623d2aa8ae5d4c2 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -98,23 +98,6 @@ Example: /> -```bash -curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/gre_tunnels \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "gre_tunnels": [ - { - "name": "", - "description": "", - "interface_address": "", - "cloudflare_gre_endpoint": "", - "customer_gre_endpoint": "" - } - ] -}' -```
From 2a2e45ddf7f8d9c21ff00db46fc4b99421291379 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 11:11:33 +0000 Subject: [PATCH 04/22] added example response --- .../tunnel-endpoints/add-tunnels.mdx | 42 +++++++++++++++++-- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 623d2aa8ae5d4c2..7c0f5d34256a20e 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -83,8 +83,6 @@ import { APIRequest, Details, Markdown, Render, TabItem, Tabs } from "~/componen Create a `POST` request [using the API](/api/resources/magic_transit/subresources/gre_tunnels/methods/create/) to create a GRE tunnel. -Example: - - +```json output +{ + "errors": [ + { + "code": 1000, + "message": "message" + } + ], + "messages": [ + { + "code": 1000, + "message": "message" + } + ], + "result": { + "gre_tunnels": [ + { + "cloudflare_gre_endpoint": "203.0.113.1", + "customer_gre_endpoint": "203.0.113.1", + "interface_address": "192.0.2.0/31", + "name": "GRE_1", + "description": "Tunnel for ISP X", + "health_check": { + "direction": "unidirectional", + "enabled": true, + "rate": "low", + "target": { + "saved": "203.0.113.1" + }, + "type": "reply" + }, + "mtu": 0, + "ttl": 0 + } + ] + }, + "success": true +} +``` From 5e8fb6916961893f6bfbfd6ee3b0a34954cf84b0 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 11:12:39 +0000 Subject: [PATCH 05/22] removed unnecessary sentence --- .../partials/magic-transit/tunnel-endpoints/add-tunnels.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 7c0f5d34256a20e..260bfbc19503fbf 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -139,7 +139,7 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource
-1. Create a `POST` request [using the API](/api/resources/magic_transit/subresources/ipsec_tunnels/methods/create/) to create an IPsec tunnel. You will need your [API Key](/fundamentals/api/get-started/keys/#view-your-global-api-key). +1. Create a `POST` request [using the API](/api/resources/magic_transit/subresources/ipsec_tunnels/methods/create/) to create an IPsec tunnel. Note that in example below, replay protection is disabled by default. You can enable it with the flag `"replay_protection": true` for each IPsec tunnel, if the devices you use do not support disabling this feature. If you have already created IPsec tunnels, update them with a [`PUT` request](https://developers.cloudflare.com/api/resources/magic_transit/subresources/ipsec_tunnels/methods/update/).
Refer to Anti-replay protection for more information on this topic. From 7e7c92e78eac6068232c0ba34adf4e430104c420 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 11:16:16 +0000 Subject: [PATCH 06/22] added api request --- .../magic-transit/tunnel-endpoints/add-tunnels.mdx | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 260bfbc19503fbf..30a54689da2cbbb 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -143,7 +143,18 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource Note that in example below, replay protection is disabled by default. You can enable it with the flag `"replay_protection": true` for each IPsec tunnel, if the devices you use do not support disabling this feature. If you have already created IPsec tunnels, update them with a [`PUT` request](https://developers.cloudflare.com/api/resources/magic_transit/subresources/ipsec_tunnels/methods/update/).
Refer to Anti-replay protection for more information on this topic. -Example: +", + "description": "", + "interface_address": "", + "cloudflare_endpoint": "", + "customer_endpoint": "" + }} +/> + ```bash curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/ipsec_tunnels \ From 531499b07490e68c0ff792ef724912c78def3999 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 11:16:30 +0000 Subject: [PATCH 07/22] deleted old example --- .../tunnel-endpoints/add-tunnels.mdx | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 30a54689da2cbbb..53fab0cf6fb26c7 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -156,25 +156,6 @@ Note that in example below, replay protection is disabled by default. You can en /> -```bash -curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/ipsec_tunnels \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "ipsec_tunnels": [ - { - "name": "", - "description": "", - "interface_address": "", - "cloudflare_endpoint": "", - "customer_endpoint": "", - "replay_protection": false - } - ] -}' -``` - ```json output { "result": { From afc8950f3a77f6883244155821159acf9c16c78b Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 11:16:57 +0000 Subject: [PATCH 08/22] updated example response --- .../tunnel-endpoints/add-tunnels.mdx | 64 +++++++++++-------- 1 file changed, 36 insertions(+), 28 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 53fab0cf6fb26c7..ba40ed8d408be94 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -158,34 +158,42 @@ Note that in example below, replay protection is disabled by default. You can en ```json output { - "result": { - "ipsec_tunnels": [ - { - "id": "", - "interface_address": "", - "created_on": "2023-04-21T10:42:22.138586Z", - "modified_on": "2023-04-21T10:42:22.138586Z", - "name": "", - "cloudflare_endpoint": "", - "customer_endpoint": "", - "remote_identities": { - "hex_id": "", - "fqdn_id": ".ipsec.cloudflare.com", - "user_id": "ipsec@.ipsec.cloudflare.com" - }, - "description": " test", - "health_check": { - "enabled": true, - "target": "", - "type": "reply", - "rate": "mid" - } - } - ] - }, - "success": true, - "errors": [], - "messages": [] + "errors": [ + { + "code": 1000, + "message": "message" + } + ], + "messages": [ + { + "code": 1000, + "message": "message" + } + ], + "result": { + "ipsec_tunnels": [ + { + "cloudflare_endpoint": "203.0.113.1", + "interface_address": "192.0.2.0/31", + "name": "IPsec_1", + "allow_null_cipher": true, + "customer_endpoint": "203.0.113.1", + "description": "Tunnel for ISP X", + "health_check": { + "direction": "unidirectional", + "enabled": true, + "rate": "low", + "target": { + "saved": "203.0.113.1" + }, + "type": "reply" + }, + "psk_metadata": {}, + "replay_protection": false + } + ] + }, + "success": true } ``` From 7b76e9d90ab5ec6dd1716b6bcba352f74cff3b03 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 11:17:49 +0000 Subject: [PATCH 09/22] indented content --- .../tunnel-endpoints/add-tunnels.mdx | 109 +++++++++--------- 1 file changed, 54 insertions(+), 55 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index ba40ed8d408be94..ba3f079545400eb 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -141,61 +141,60 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource 1. Create a `POST` request [using the API](/api/resources/magic_transit/subresources/ipsec_tunnels/methods/create/) to create an IPsec tunnel. -Note that in example below, replay protection is disabled by default. You can enable it with the flag `"replay_protection": true` for each IPsec tunnel, if the devices you use do not support disabling this feature. If you have already created IPsec tunnels, update them with a [`PUT` request](https://developers.cloudflare.com/api/resources/magic_transit/subresources/ipsec_tunnels/methods/update/).
Refer to Anti-replay protection for more information on this topic. - -", - "description": "", - "interface_address": "", - "cloudflare_endpoint": "", - "customer_endpoint": "" - }} -/> - - -```json output -{ - "errors": [ - { - "code": 1000, - "message": "message" - } - ], - "messages": [ - { - "code": 1000, - "message": "message" - } - ], - "result": { - "ipsec_tunnels": [ - { - "cloudflare_endpoint": "203.0.113.1", - "interface_address": "192.0.2.0/31", - "name": "IPsec_1", - "allow_null_cipher": true, - "customer_endpoint": "203.0.113.1", - "description": "Tunnel for ISP X", - "health_check": { - "direction": "unidirectional", - "enabled": true, - "rate": "low", - "target": { - "saved": "203.0.113.1" - }, - "type": "reply" - }, - "psk_metadata": {}, - "replay_protection": false - } - ] - }, - "success": true -} -``` + Note that in example below, replay protection is disabled by default. You can enable it with the flag `"replay_protection": true` for each IPsec tunnel, if the devices you use do not support disabling this feature. If you have already created IPsec tunnels, update them with a [`PUT` request](https://developers.cloudflare.com/api/resources/magic_transit/subresources/ipsec_tunnels/methods/update/).
Refer to Anti-replay protection for more information on this topic. + + ", + "description": "", + "interface_address": "", + "cloudflare_endpoint": "", + "customer_endpoint": "" + }} + /> + + ```json output + { + "errors": [ + { + "code": 1000, + "message": "message" + } + ], + "messages": [ + { + "code": 1000, + "message": "message" + } + ], + "result": { + "ipsec_tunnels": [ + { + "cloudflare_endpoint": "203.0.113.1", + "interface_address": "192.0.2.0/31", + "name": "IPsec_1", + "allow_null_cipher": true, + "customer_endpoint": "203.0.113.1", + "description": "Tunnel for ISP X", + "health_check": { + "direction": "unidirectional", + "enabled": true, + "rate": "low", + "target": { + "saved": "203.0.113.1" + }, + "type": "reply" + }, + "psk_metadata": {}, + "replay_protection": false + } + ] + }, + "success": true + } + ``` 2. Create a `POST` request to generate a PSK. Use the tunnel `id` you received from the previous command (exemplified by `` above): From a12f5bccdcc2acf91eaa2ccf18d20620f1ca1ef6 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 12:19:41 +0000 Subject: [PATCH 10/22] more details --- .../tunnel-endpoints/add-tunnels.mdx | 30 ++----------------- 1 file changed, 3 insertions(+), 27 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index ba3f079545400eb..5b89c70522fc351 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -141,7 +141,7 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource 1. Create a `POST` request [using the API](/api/resources/magic_transit/subresources/ipsec_tunnels/methods/create/) to create an IPsec tunnel. - Note that in example below, replay protection is disabled by default. You can enable it with the flag `"replay_protection": true` for each IPsec tunnel, if the devices you use do not support disabling this feature. If you have already created IPsec tunnels, update them with a [`PUT` request](https://developers.cloudflare.com/api/resources/magic_transit/subresources/ipsec_tunnels/methods/update/).
Refer to Anti-replay protection for more information on this topic. + Note that in example below, replay protection is disabled by default. You can enable it with the flag `"replay_protection": true` for each IPsec tunnel, if the devices you use do not support disabling this feature. If you have already created IPsec tunnels, update them with a [`PUT` request](https://developers.cloudflare.com/api/resources/magic_transit/subresources/ipsec_tunnels/methods/update/). Refer to Anti-replay protection for more information on this topic. ", "interface_address": "", "cloudflare_endpoint": "", - "customer_endpoint": "" + "customer_endpoint": "", + "psk": "YOUR_STRING" }} /> @@ -196,31 +197,6 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource } ``` -2. Create a `POST` request to generate a PSK. Use the tunnel `id` you received from the previous command (exemplified by `` above): - -```bash -curl --request POST \ -https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/ipsec_tunnels/{your_tunnel_id}/psk_generate \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " -``` - -```json output -{ - "result": { - "ipsec_id": "", - "ipsec_tunnel_id": "", - "psk": "", - "psk_metadata": { - "last_generated_on": "2023-04-21T10:48:15.953887008Z" - } - }, - "success": true, - "errors": [], - "messages": [] -} -``` - 3. Use the above `psk` value to configure the IPsec tunnel on your equipment. You do not need to take further action to use the PSK on Cloudflare's side, as this value is automatically set.
From 9ceafef1ac983306bd23f7fe4538b28d653a807e Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 14:23:42 +0000 Subject: [PATCH 11/22] psk create --- .../magic-transit/tunnel-endpoints/add-tunnels.mdx | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 5b89c70522fc351..41e049e42923a04 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -151,8 +151,7 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource "description": "", "interface_address": "", "cloudflare_endpoint": "", - "customer_endpoint": "", - "psk": "YOUR_STRING" + "customer_endpoint": "" }} /> @@ -197,6 +196,15 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource } ``` + Take note of the tunnel `id` value. We will use it to generate a pre-shared key (PSK). + +2. Create a `POST` [request](/api/resources/magic_transit/subresources/ipsec_tunnels/methods/psk_generate/) to generate a PSK. Use the tunnel `id` value you received from the previous command. + + + 3. Use the above `psk` value to configure the IPsec tunnel on your equipment. You do not need to take further action to use the PSK on Cloudflare's side, as this value is automatically set. From dde67299057df37cba07122ce127ccdececeba59 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Thu, 13 Mar 2025 14:51:25 +0000 Subject: [PATCH 12/22] added create psk --- .../tunnel-endpoints/add-tunnels.mdx | 33 +++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 41e049e42923a04..3448f00d5a16391 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -9,7 +9,7 @@ params: - tunnelHealthDash --- -import { APIRequest, Details, Markdown, Render, TabItem, Tabs } from "~/components"; +import { APIRequest, CURL, Details, Markdown, Render, TabItem, Tabs } from "~/components"; @@ -205,7 +205,36 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource method="POST" /> -3. Use the above `psk` value to configure the IPsec tunnel on your equipment. You do not need to take further action to use the PSK on Cloudflare's side, as this value is automatically set. + ```json output + { + "result": { + "ipsec_id": "", + "ipsec_tunnel_id": "", + "psk": "", + "psk_metadata": { + "last_generated_on": "2025-03-13T14:28:47.054317925Z" + } + }, + "success": true, + "errors": [], + "messages": [] + } + ``` + + Take note of your `psk` value. + +3. Create a `PUT` [request](/api/resources/magic_transit/subresources/ipsec_tunnels/methods/update/) to update your IPsec tunnel with the PSK. + + " + }} + /> + + +4. Use the above `psk` value to configure the IPsec tunnel on your equipment as well. From 63b3bdfd3e1fb6d35e62e135b0a52eb341b0b589 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Fri, 14 Mar 2025 10:18:22 +0000 Subject: [PATCH 13/22] refined output examples --- .../tunnel-endpoints/add-tunnels.mdx | 65 ++++++++++++++----- 1 file changed, 47 insertions(+), 18 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 3448f00d5a16391..f2b1947e3281d14 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -112,18 +112,15 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource "result": { "gre_tunnels": [ { - "cloudflare_gre_endpoint": "203.0.113.1", - "customer_gre_endpoint": "203.0.113.1", - "interface_address": "192.0.2.0/31", - "name": "GRE_1", - "description": "Tunnel for ISP X", + "cloudflare_gre_endpoint": "", + "customer_gre_endpoint": "", + "interface_address": "", + "name": "", + "description": "", "health_check": { "direction": "unidirectional", "enabled": true, "rate": "low", - "target": { - "saved": "203.0.113.1" - }, "type": "reply" }, "mtu": 0, @@ -172,19 +169,16 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource "result": { "ipsec_tunnels": [ { - "cloudflare_endpoint": "203.0.113.1", - "interface_address": "192.0.2.0/31", - "name": "IPsec_1", - "allow_null_cipher": true, - "customer_endpoint": "203.0.113.1", - "description": "Tunnel for ISP X", + "id": "", + "interface_address": "", + "name": "", + "cloudflare_endpoint": "", + "customer_endpoint": "", + "description": "", "health_check": { "direction": "unidirectional", "enabled": true, "rate": "low", - "target": { - "saved": "203.0.113.1" - }, "type": "reply" }, "psk_metadata": {}, @@ -233,8 +227,43 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource }} /> +```json output +{ + "result": { + "modified": true, + "modified_ipsec_tunnel": { + "id": "", + "interface_address": "", + "created_on": "2025-03-13T14:28:21.139535Z", + "modified_on": "2025-03-13T14:33:26.09683Z", + "name": "", + "cloudflare_endpoint": "", + "customer_endpoint": "", + "remote_identities": { + "hex_id": "", + "fqdn_id": "", + "user_id": "" + }, + "psk_metadata": { + "last_generated_on": "2025-03-13T14:28:47.054318Z" + }, + "description": "", + "health_check": { + "enabled": true, + "target": "", + "type": "reply", + "rate": "mid", + "direction": "unidirectional" + } + } + }, + "success": true, + "errors": [], + "messages": [] +} +``` -4. Use the above `psk` value to configure the IPsec tunnel on your equipment as well. +4. Use the `psk` value from step 3 to configure the IPsec tunnel on your equipment as well. From 326befcc0732bb52362fa0bbc38ea7c23dfdc3fe Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Fri, 14 Mar 2025 10:29:04 +0000 Subject: [PATCH 14/22] added new var --- src/content/docs/magic-transit/how-to/configure-tunnels.mdx | 3 ++- .../configuration/manually/how-to/configure-tunnels.mdx | 1 + .../partials/magic-transit/tunnel-endpoints/add-tunnels.mdx | 5 +++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/content/docs/magic-transit/how-to/configure-tunnels.mdx b/src/content/docs/magic-transit/how-to/configure-tunnels.mdx index 4eeb25352adce96..207ecc83464205b 100644 --- a/src/content/docs/magic-transit/how-to/configure-tunnels.mdx +++ b/src/content/docs/magic-transit/how-to/configure-tunnels.mdx @@ -58,8 +58,9 @@ import { GlossaryTooltip, Render } from "~/components"; healthCheck: "/magic-transit/how-to/tunnel-health-checks/", productPathProbe: "/magic-transit/reference/tunnel-health-checks/", antiReplayPagePath: "/magic-transit/reference/anti-replay-protection/", - BiVsUniHealthCheck: "unidirectional", + biVsUniHealthCheck: "unidirectional", tunnelHealthDash: "/magic-transit/how-to/check-tunnel-health-dashboard/", + biVsUniHealthCheckDefaults: "For Magic Transit this option defaults to unidirectional" }} /> diff --git a/src/content/docs/magic-wan/configuration/manually/how-to/configure-tunnels.mdx b/src/content/docs/magic-wan/configuration/manually/how-to/configure-tunnels.mdx index 6e89eb8314b82c9..5ed176d647f7993 100644 --- a/src/content/docs/magic-wan/configuration/manually/how-to/configure-tunnels.mdx +++ b/src/content/docs/magic-wan/configuration/manually/how-to/configure-tunnels.mdx @@ -70,6 +70,7 @@ import { GlossaryTooltip, Render } from "~/components"; BiVsUniHealthCheck: "bidirectional", tunnelHealthDash: "/magic-wan/configuration/common-settings/check-tunnel-health-dashboard/", + biVsUniHealthCheckDefaults: "For Magic WAN this option defaults to bidirectional" }} /> diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index f2b1947e3281d14..5003d9a3a2a77ec 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -5,8 +5,9 @@ params: - healthCheck - productPathProbe - antiReplayPagePath - - BiVsUniHealthCheck + - biVsUniHealthCheck - tunnelHealthDash + - biVsUniHealthCheckDefaults --- import { APIRequest, CURL, Details, Markdown, Render, TabItem, Tabs } from "~/components"; @@ -269,7 +270,7 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource
-Bidirectional health checks are available for GRE and IPsec tunnels. For Magic WAN this option defaults to bidirectional, while for Magic Transit it defaults to unidirectional. +Bidirectional health checks are available for GRE and IPsec tunnels. {props.biVsUniHealthCheckDefaults}. You can enable bidirectional health checks via the API with `--data '{"health_check": {"direction": "bidirectional"}}'`. For example: From 56344053fcaca08c87821317f99ad0510d022f85 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Fri, 14 Mar 2025 10:38:59 +0000 Subject: [PATCH 15/22] added curl --- .../magic-transit/tunnel-endpoints/add-tunnels.mdx | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 5003d9a3a2a77ec..ee161bb5560f803 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -272,7 +272,18 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource Bidirectional health checks are available for GRE and IPsec tunnels. {props.biVsUniHealthCheckDefaults}. -You can enable bidirectional health checks via the API with `--data '{"health_check": {"direction": "bidirectional"}}'`. For example: +You can change this setting via the API with `"bidirectional"` or `"unidirectional"`: + + ```bash curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/ipsec_tunnels \ From 05dc56eabd384e36d8d348e1fc953b78dc2da38f Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Fri, 14 Mar 2025 10:39:14 +0000 Subject: [PATCH 16/22] removed old example --- .../magic-transit/tunnel-endpoints/add-tunnels.mdx | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index ee161bb5560f803..1b704d4fdbbda63 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -285,14 +285,6 @@ You can change this setting via the API with `"bidirectional"` or `"unidirection }} /> -```bash -curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/ipsec_tunnels \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{"health_check": {"direction": "bidirectional"}}' -``` -
From 73a7d873757c1e6b2150016d2733ce682c5f84ae Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Fri, 14 Mar 2025 10:40:14 +0000 Subject: [PATCH 17/22] added response example --- .../tunnel-endpoints/add-tunnels.mdx | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 1b704d4fdbbda63..31e390c309ec08d 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -285,6 +285,42 @@ You can change this setting via the API with `"bidirectional"` or `"unidirection }} /> +```json output +{ + "result": { + "modified": true, + "modified_ipsec_tunnel": { + "id": "", + "interface_address": "", + "created_on": "2025-03-13T14:28:21.139535Z", + "modified_on": "2025-03-13T14:33:26.09683Z", + "name": "", + "cloudflare_endpoint": "", + "customer_endpoint": "", + "remote_identities": { + "hex_id": "", + "fqdn_id": "", + "user_id": "" + }, + "psk_metadata": { + "last_generated_on": "2025-03-13T14:28:47.054318Z" + }, + "description": "", + "health_check": { + "enabled": true, + "target": "", + "type": "reply", + "rate": "mid", + "direction": "bidirectional" + } + } + }, + "success": true, + "errors": [], + "messages": [] +} +``` + From 5b239b23c319a81c211e156c861343435e4e81b5 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Fri, 14 Mar 2025 10:43:13 +0000 Subject: [PATCH 18/22] corrected var --- .../configuration/manually/how-to/configure-tunnels.mdx | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/content/docs/magic-wan/configuration/manually/how-to/configure-tunnels.mdx b/src/content/docs/magic-wan/configuration/manually/how-to/configure-tunnels.mdx index 5ed176d647f7993..42f59e770b6236f 100644 --- a/src/content/docs/magic-wan/configuration/manually/how-to/configure-tunnels.mdx +++ b/src/content/docs/magic-wan/configuration/manually/how-to/configure-tunnels.mdx @@ -63,13 +63,11 @@ import { GlossaryTooltip, Render } from "~/components"; params={{ productName: "Magic WAN", productPathDash: "Magic WAN > Configuration", - healthCheck: - "/magic-wan/configuration/common-settings/tunnel-health-checks/", + healthCheck: "/magic-wan/configuration/common-settings/tunnel-health-checks/", productPathProbe: "/magic-wan/reference/tunnel-health-checks/", antiReplayPagePath: "/magic-wan/reference/anti-replay-protection/", - BiVsUniHealthCheck: "bidirectional", - tunnelHealthDash: - "/magic-wan/configuration/common-settings/check-tunnel-health-dashboard/", + biVsUniHealthCheck: "bidirectional", + tunnelHealthDash: "/magic-wan/configuration/common-settings/check-tunnel-health-dashboard/", biVsUniHealthCheckDefaults: "For Magic WAN this option defaults to bidirectional" }} /> From 17e8be2e48f3d051fc4af2faf5f1b6c928cee2cf Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Fri, 14 Mar 2025 10:50:52 +0000 Subject: [PATCH 19/22] added curl --- .../tunnel-health/update-tunnel-health-checks-frequency.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx b/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx index 4ca32c025eb09ce..948371051fd56d3 100644 --- a/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx +++ b/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx @@ -6,7 +6,7 @@ params: - addTunnelsPath --- -import {AnchorHeading, GlossaryTooltip, Markdown, TabItem, Tabs } from "~/components"; +import { CURL, AnchorHeading, GlossaryTooltip, Markdown, TabItem, Tabs } from "~/components"; By default, Cloudflare servers send health checks to each GRE, CNI, or IPsec tunnel endpoint you configure to receive traffic from {props.productName}. From 952ea58d2b10ebfb4efd7d5d0722c8f418e3caf5 Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Fri, 14 Mar 2025 10:52:25 +0000 Subject: [PATCH 20/22] aded curl example --- .../update-tunnel-health-checks-frequency.mdx | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx b/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx index 948371051fd56d3..86061005d691b48 100644 --- a/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx +++ b/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx @@ -47,6 +47,17 @@ You can adjust the health check frequency by updating your [GRE](/api/resources/ Below is an example of how to adjust tunnel health check frequency to `low`. Note that this command applies to GRE, IPsec and CNI tunnels: + + ```bash curl --request PUT \ https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/gre_tunnels/{tunnel_id} \ From a2a9f86a5ad3db3309a295df1300f20cb40fa06c Mon Sep 17 00:00:00 2001 From: marciocloudflare Date: Fri, 14 Mar 2025 10:52:44 +0000 Subject: [PATCH 21/22] removed old example --- .../update-tunnel-health-checks-frequency.mdx | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx b/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx index 86061005d691b48..2510c2b91d6792f 100644 --- a/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx +++ b/src/content/partials/magic-transit/tunnel-health/update-tunnel-health-checks-frequency.mdx @@ -58,16 +58,6 @@ Below is an example of how to adjust tunnel health check frequency to `low`. Not }} /> -```bash -curl --request PUT \ -https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/gre_tunnels/{tunnel_id} \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "health_check": {"rate":"low"} -}' -``` From 97ec3eb45c0502311f692a95d24bc342edb73ad3 Mon Sep 17 00:00:00 2001 From: marciocloudflare <83226960+marciocloudflare@users.noreply.github.com> Date: Fri, 14 Mar 2025 11:03:28 +0000 Subject: [PATCH 22/22] Update src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com> --- .../partials/magic-transit/tunnel-endpoints/add-tunnels.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx index 31e390c309ec08d..a313e0a803833e9 100644 --- a/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx +++ b/src/content/partials/magic-transit/tunnel-endpoints/add-tunnels.mdx @@ -139,7 +139,7 @@ Create a `POST` request [using the API](/api/resources/magic_transit/subresource 1. Create a `POST` request [using the API](/api/resources/magic_transit/subresources/ipsec_tunnels/methods/create/) to create an IPsec tunnel. - Note that in example below, replay protection is disabled by default. You can enable it with the flag `"replay_protection": true` for each IPsec tunnel, if the devices you use do not support disabling this feature. If you have already created IPsec tunnels, update them with a [`PUT` request](https://developers.cloudflare.com/api/resources/magic_transit/subresources/ipsec_tunnels/methods/update/). Refer to Anti-replay protection for more information on this topic. + Note that in example below, replay protection is disabled by default. You can enable it with the flag `"replay_protection": true` for each IPsec tunnel, if the devices you use do not support disabling this feature. If you have already created IPsec tunnels, update them with a [`PUT` request](/api/resources/magic_transit/subresources/ipsec_tunnels/methods/update/). Refer to Anti-replay protection for more information on this topic.