PCF IPsec Add-On v1.6

IPsec Add-on for PCF

Page last updated:

This guide describes the IPsec Add-on for PCF, which secures data transmissions inside Pivotal Cloud Foundry (PCF). Topics covered in this guide include IPsec Add-on for PCF installation and configuration, troubleshooting, and certificate rotation.

Your organization may require IPsec if you transmit sensitive data.


The IPsec Add-on for PCF provides security to the network layer of the OSI model with a strongSwan implementation of IPsec. The IPsec Add-on provides a strongSwan job to each BOSH-deployed virtual machine (VM).

IPsec encrypts IP data flow between hosts, between security gateways, and between security gateways and hosts. The IPsec Add-on for PCF secures network traffic within a Cloud Foundry deployment and provides internal system protection if a malicious actor breaches your firewall.

IPsec Implementation Details

The IPsec Add-on for PCF implements the following cryptographic suite:

Key Agreement (Diffie-Hellman) IKEv2 Main Mode
Bulk Encryption AES128GCM16
Hashing SHA2 256
Integrity/Authentication Tag 128 bit GHASH ICV
Digital Signing RSA 3072/4096
Peer Authentication Method Public/Private Key

Refer to the following topics for more information about the IPsec add-on:

Create a pull request or raise an issue on the source for this page in GitHub