Tunneling

Published April 5, 2023 | Last modified March 20, 2025

Objective

This guide provides instructions on how to configure a tunnel for your site. F5® Distributed Cloud Services support the IPsec tunnel type with Pre-Shared Key (PSK).

Tunnel configuration allows you to specify parameters for configuring static tunnels. Configuration involves specification of encapsulation and related parameters to be used for this tunnel's Payload traffic.

Prerequisites

Note: In case you do not have an account, see Create an Account.

  • One or more registered sites in the enterprise tenant.

Note: If you do not have a registered site, see How-to Create a Site.

Create a Tunnel

Perform the following steps to create a tunnel in F5 Distributed Cloud Console:

Step 1: Log into F5® Distributed Cloud Console, go to tunnels.
  • Open F5® Distributed Cloud Console > select Multi-Cloud Network Connect box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

Figure: Homepage

Figure: Homepage

Note: Confirm Namespace feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.

  • Select Networking in Manage section.

  • Select Tunnels to see a list of existing tunnels.

  • Select Add Tunnel button.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

Figure: Add Tunnel

Figure: Add Tunnel

  • In Metadata section:

    • Enter a unique name for the tunnel.

    • Optionally, set labels and description, as necessary.

  • In Tunnel Type section, select a tunnel type.

Note: Currently only IPSEC with PSK is supported.

Figure: Setup Tunnel

Figure: Setup Tunnel

Step 2: Configure Local IP Address selector.

In Type drop down menu select Local Interface or Local IP Address Type.

  • Local Interface: In Local Interface drop-down menu, select a network interface.

Note: Select + Add Item button as needed.

Figure: Local IP Address

Figure: Local IP Address

  • Local IP Address Type: In second Type drop-down menu, select Local IP Address Type or Auto IP:

    • Local IP Address Type:

      • Select IPv4 or IPv6 for address version, enter corresponding IP address in address box.

      • Select a local virtual network from the dropdown.

    • Auto IP: Select a local virtual network in drop-down menu.

Figure: IP Address

Figure: IP Address

Step 3: Configure Remote IP Address selector.

In Type drop-down menu, select Remote IP address or Remote Endpoints.

  • Remote IP Address: Select either IPv4 or IPv6 in address version, enter corresponding IP address into address box.
Figure: Remote IP Address

Figure: Remote IP Address

  • Remote Endpoints: Select + Add Item button to add remote endpoints. For each endpoint you add, follow these steps:

    • Enter node for the tunnel in Node box in form site:node (site is optional).

    • Select Configure, select either IPv4 or IPv6 for address version, enter corresponding IP address into address box.

Figure: Remote Endpoints

Figure: Remote Endpoints

Step 4: Enter tunnel parameters.
  • In Type select tunnel type in Tunnel Parameters section.

Note: Only IPSEC is currently supported, so there are no other choices.

  • Select Configure link in Ipsec PSK box.
Figure: Tunnel parameters

Figure: Tunnel parameters

  • In Secret Type drop-down menu, select Blindfold Secret or Clear Secret.
Figure: Secret Type

Figure: Secret Type

Blindfold Secret

This option will cause all traffic to be encrypted using F5 Distributed Cloud Blindfold in addition to the protocols and encryption used for IPSEC.

  • For the Policy dropdown, select between Built-in and Custom. Then select the appropriate policy in the associated drop down menu.

  • Choose the type of secret you will enter. If you have not already created a Blindfold Secret or want to create a new one, then choose between TEXT, otherwise choose Built-In

  • Text: Enter your cleartext secret and press Blindfold. You can use the Edit button to see and/or copy your encrypted Blindfold Secret.

  • Blindfold: Paste your existing Blindfold Secret into the text box.

  • For more information on Blindfold, see Secrets Management and Blindfold.

Clear Secret

This option will only use the protocols and encryption for IPSEC.

Choose between TEXT and base64(binary) for the type of secret you will enter. Then enter your secret in the format specified.

Step 5: Complete tunnel creation.

Select Save and Exit button.

Note: Tunnel configuration becomes effective only when you attach the tunnel to a tunnel interface.

Concepts

API References

On this page: