Represents a VPN gateway running in GCP. This virtual device is managed by Google, but used only by you. This type of VPN Gateway allows for the creation of VPN solutions with higher availability than classic Target VPN Gateways.
To get more information about HaVpnGateway, see:
resource "google_compute_ha_vpn_gateway" "ha_gateway1" {
region = "us-central1"
name = "ha-vpn-1"
network = google_compute_network.network1.id
}
resource "google_compute_network" "network1" {
name = "network1"
auto_create_subnetworks = false
}
resource "google_compute_ha_vpn_gateway" "ha_gateway1" {
region = "us-central1"
name = "ha-vpn-1"
network = google_compute_network.network1.id
stack_type = "IPV4_IPV6"
}
resource "google_compute_network" "network1" {
name = "network1"
auto_create_subnetworks = false
}
resource "google_compute_ha_vpn_gateway" "vpn-gateway" {
name = "test-ha-vpngw"
network = google_compute_network.network.id
vpn_interfaces {
id = 0
interconnect_attachment = google_compute_interconnect_attachment.attachment1.self_link
}
vpn_interfaces {
id = 1
interconnect_attachment = google_compute_interconnect_attachment.attachment2.self_link
}
}
resource "google_compute_interconnect_attachment" "attachment1" {
name = "test-interconnect-attachment1"
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
type = "PARTNER"
router = google_compute_router.router.id
encryption = "IPSEC"
ipsec_internal_addresses = [
google_compute_address.address1.self_link,
]
}
resource "google_compute_interconnect_attachment" "attachment2" {
name = "test-interconnect-attachment2"
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
type = "PARTNER"
router = google_compute_router.router.id
encryption = "IPSEC"
ipsec_internal_addresses = [
google_compute_address.address2.self_link,
]
}
resource "google_compute_address" "address1" {
name = "test-address1"
address_type = "INTERNAL"
purpose = "IPSEC_INTERCONNECT"
address = "192.168.1.0"
prefix_length = 29
network = google_compute_network.network.self_link
}
resource "google_compute_address" "address2" {
name = "test-address2"
address_type = "INTERNAL"
purpose = "IPSEC_INTERCONNECT"
address = "192.168.2.0"
prefix_length = 29
network = google_compute_network.network.self_link
}
resource "google_compute_router" "router" {
name = "test-router"
network = google_compute_network.network.name
encrypted_interconnect_router = true
bgp {
asn = 16550
}
}
resource "google_compute_network" "network" {
name = "test-network"
auto_create_subnetworks = false
}
The following arguments are supported:
name
-
(Required)
Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and
match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?
which means
the first character must be a lowercase letter, and all following
characters must be a dash, lowercase letter, or digit, except the last
character, which cannot be a dash.
network
-
(Required)
The network this VPN gateway is accepting traffic for.
description
-
(Optional)
An optional description of this resource.
stack_type
-
(Optional)
The stack type for this VPN gateway to identify the IP protocols that are enabled.
If not specified, IPV4_ONLY will be used.
Default value is IPV4_ONLY
.
Possible values are: IPV4_ONLY
, IPV4_IPV6
.
vpn_interfaces
-
(Optional)
A list of interfaces on this VPN gateway.
Structure is documented below.
region
-
(Optional)
The region this gateway should sit in.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The vpn_interfaces
block supports:
id
-
(Optional)
The numeric ID of this VPN gateway interface.
ip_address
-
(Output)
The external IP address for this VPN gateway interface.
interconnect_attachment
-
(Optional)
URL of the interconnect attachment resource. When the value
of this field is present, the VPN Gateway will be used for
IPsec-encrypted Cloud Interconnect; all Egress or Ingress
traffic for this VPN Gateway interface will go through the
specified interconnect attachment resource.
Not currently available publicly.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/regions/{{region}}/vpnGateways/{{name}}
self_link
- The URI of the created resource.This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.delete
- Default is 20 minutes.HaVpnGateway can be imported using any of these accepted formats:
projects/{{project}}/regions/{{region}}/vpnGateways/{{name}}
{{project}}/{{region}}/{{name}}
{{region}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import HaVpnGateway using one of the formats above. For example:
import {
id = "projects/{{project}}/regions/{{region}}/vpnGateways/{{name}}"
to = google_compute_ha_vpn_gateway.default
}
When using the terraform import
command, HaVpnGateway can be imported using one of the formats above. For example:
$ terraform import google_compute_ha_vpn_gateway.default projects/{{project}}/regions/{{region}}/vpnGateways/{{name}}
$ terraform import google_compute_ha_vpn_gateway.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_ha_vpn_gateway.default {{region}}/{{name}}
$ terraform import google_compute_ha_vpn_gateway.default {{name}}
This resource supports User Project Overrides.