Create a Cloud Connect attachment via IPSec VPN

POST

https://cdn.emnify.net/api/v1/cnc/breakout/vpn

Creates a Cloud Connect attachment via a specified VPN server. Currently two attachment types are available: - **Static VPN** (type `2`): Basic IPSec VPN connection - **Dynamic VPN with BGP** (type `3`): IPSec VPN with BGP routing. Requires `asn` (Autonomous System Number), otherwise dynamic routing is disabled. Optionally accepts `inside_cidr` for BGP tunnel interfaces. The `on_prem_cidr` parameter specifies the CIDR ranges of your backend network (up to 3). The `public_ip` is the public IP address of your VPN server. A `psk` (Pre-Shared Key) can be configured with 8-64 alphanumeric characters, periods (`.`), and underscores (`_`). It must not begin with `0`. If left empty, it generates automatically and can be retrieved via [`GET /api/v1/cnc/breakout/{cloudconnect_attachment_id}`](/developers/api/cloud-connect/get-cloud-connect-attachment-by-id). <Success> The created connection is available within 3-5 minutes. </Success>

Creates a Cloud Connect attachment via a specified VPN server. Currently two attachment types are available:

Static VPN (type 2): Basic IPSec VPN connection
Dynamic VPN with BGP (type 3): IPSec VPN with BGP routing. Requires asn (Autonomous System Number), otherwise dynamic routing is disabled. Optionally accepts inside_cidr for BGP tunnel interfaces.

The on_prem_cidr parameter specifies the CIDR ranges of your backend network (up to 3). The public_ip is the public IP address of your VPN server.

A psk (Pre-Shared Key) can be configured with 8-64 alphanumeric characters, periods (.), and underscores (_). It must not begin with 0. If left empty, it generates automatically and can be retrieved via GET /api/v1/cnc/breakout/{cloudconnect_attachment_id}.

The created connection is available within 3-5 minutes.

Authentication

AuthorizationBearer

An auth_token should be provided to authenticate a session.

To obtain an auth_token, see the /api/v1/authenticate POST request.

Request

This endpoint expects an object.

typeobjectRequired

Breakout type. Use 2 for Static VPN or 3 for Dynamic VPN with BGP.

namestringRequired

Display name for the Cloud Connect attachment.

public_ipstringRequired

Public IP address of your VPN server.

on_prem_cidrlist of stringsRequired

CIDR ranges of your backend network. You can configure up to 3 ranges.

descriptionstringOptional

Optional description for the attachment.

regionstringOptional

AWS region for the attachment (for example, eu-west-1).

pskstringOptional

Pre-shared key (PSK) for the VPN connection. If empty, AWS generates one automatically.

asnintegerOptional

Autonomous System Number (ASN) for BGP routing. <Info> Required for Dynamic VPN (type `3`)." </Info>

inside_cidrlist of stringsOptional

For Dynamic VPN only: /30 CIDR ranges for BGP tunnel interfaces (up to 3). If empty, AWS generates them automatically.

Response

Attachment created successfully. The Location header contains the URL of the new resource.

Errors

400

Bad Request Error

403

Forbidden Error

$	curl -X POST https://cdn.emnify.net/api/v1/cnc/breakout/vpn \
>	-H "Authorization: Bearer <token>" \
>	-H "Content-Type: application/json" \
>	-d '{
>	"type": {
>	"id": 2
>	},
>	"name": "Demo Attachment Static VPN",
>	"public_ip": "192.0.2.1",
>	"on_prem_cidr": [
>	"10.0.0.0/24"
>	],
>	"region": "eu-west-1",
>	"psk": "secret"
>	}'

$	curl -X POST https://cdn.emnify.net/api/v1/cnc/breakout/vpn \
>	-H "Authorization: Bearer <token>" \
>	-H "Content-Type: application/json" \
>	-d '{
>	"type": {
>	"id": 2
>	},
>	"name": "Demo Attachment Static VPN",
>	"public_ip": "192.0.2.1",
>	"on_prem_cidr": [
>	"10.0.0.0/24"
>	],
>	"region": "eu-west-1",
>	"psk": "secret"
>	}'