VPN tunnel resource.
To get more information about VpnTunnel, see:
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "tunnel-1"
peer_ip = "15.0.0.120"
shared_secret = "a secret message"
target_vpn_gateway = google_compute_vpn_gateway.target_gateway.id
depends_on = [
google_compute_forwarding_rule.fr_esp,
google_compute_forwarding_rule.fr_udp500,
google_compute_forwarding_rule.fr_udp4500,
]
labels = {
foo = "bar"
}
}
resource "google_compute_vpn_gateway" "target_gateway" {
name = "vpn-1"
network = google_compute_network.network1.id
}
resource "google_compute_network" "network1" {
name = "network-1"
}
resource "google_compute_address" "vpn_static_ip" {
name = "vpn-static-ip"
}
resource "google_compute_forwarding_rule" "fr_esp" {
name = "fr-esp"
ip_protocol = "ESP"
ip_address = google_compute_address.vpn_static_ip.address
target = google_compute_vpn_gateway.target_gateway.id
}
resource "google_compute_forwarding_rule" "fr_udp500" {
name = "fr-udp500"
ip_protocol = "UDP"
port_range = "500"
ip_address = google_compute_address.vpn_static_ip.address
target = google_compute_vpn_gateway.target_gateway.id
}
resource "google_compute_forwarding_rule" "fr_udp4500" {
name = "fr-udp4500"
ip_protocol = "UDP"
port_range = "4500"
ip_address = google_compute_address.vpn_static_ip.address
target = google_compute_vpn_gateway.target_gateway.id
}
resource "google_compute_route" "route1" {
name = "route1"
network = google_compute_network.network1.name
dest_range = "15.0.0.0/24"
priority = 1000
next_hop_vpn_tunnel = google_compute_vpn_tunnel.tunnel1.id
}
The following arguments are supported:
name
-
(Required)
Name of the resource. The name must be 1-63 characters long, and
comply with RFC1035. Specifically, the name must be 1-63
characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character
must be a lowercase letter, and all following characters must
be a dash, lowercase letter, or digit,
except the last character, which cannot be a dash.
shared_secret
-
(Required)
Shared secret used to set the secure session between the Cloud VPN
gateway and the peer VPN gateway.
Note: This property is sensitive and will not be displayed in the plan.
description
-
(Optional)
An optional description of this resource.
target_vpn_gateway
-
(Optional)
URL of the Target VPN gateway with which this VPN tunnel is
associated.
vpn_gateway
-
(Optional)
URL of the VPN gateway with which this VPN tunnel is associated.
This must be used if a High Availability VPN gateway resource is created.
This field must reference a google_compute_ha_vpn_gateway
resource.
vpn_gateway_interface
-
(Optional)
The interface ID of the VPN gateway with which this VPN tunnel is associated.
peer_external_gateway
-
(Optional)
URL of the peer side external VPN gateway to which this VPN tunnel is connected.
peer_external_gateway_interface
-
(Optional)
The interface ID of the external VPN gateway to which this VPN tunnel is connected.
peer_gcp_gateway
-
(Optional)
URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.
If provided, the VPN tunnel will automatically use the same vpn_gateway_interface
ID in the peer GCP VPN gateway.
This field must reference a google_compute_ha_vpn_gateway
resource.
router
-
(Optional)
URL of router resource to be used for dynamic routing.
peer_ip
-
(Optional)
IP address of the peer VPN gateway. Only IPv4 is supported.
ike_version
-
(Optional)
IKE protocol version to use when establishing the VPN tunnel with
peer VPN gateway.
Acceptable IKE versions are 1 or 2. Default version is 2.
local_traffic_selector
-
(Optional)
Local traffic selector to use when establishing the VPN tunnel with
peer VPN gateway. The value should be a CIDR formatted string,
for example 192.168.0.0/16
. The ranges should be disjoint.
Only IPv4 is supported.
remote_traffic_selector
-
(Optional)
Remote traffic selector to use when establishing the VPN tunnel with
peer VPN gateway. The value should be a CIDR formatted string,
for example 192.168.0.0/16
. The ranges should be disjoint.
Only IPv4 is supported.
labels
-
(Optional)
Labels to apply to this VpnTunnel.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
region
-
(Optional)
The region where the tunnel is located. If unset, is set to the region of target_vpn_gateway
.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}
tunnel_id
-
The unique identifier for the resource. This identifier is defined by the server.
creation_timestamp
-
Creation timestamp in RFC3339 text format.
shared_secret_hash
-
Hash of the shared secret.
label_fingerprint
-
The fingerprint used for optimistic locking of this resource. Used
internally during updates.
detailed_status
-
Detailed status message for the VPN tunnel.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
self_link
- The URI of the created resource.This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.VpnTunnel can be imported using any of these accepted formats:
projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}
{{project}}/{{region}}/{{name}}
{{region}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import VpnTunnel using one of the formats above. For example:
import {
id = "projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}"
to = google_compute_vpn_tunnel.default
}
When using the terraform import
command, VpnTunnel can be imported using one of the formats above. For example:
$ terraform import google_compute_vpn_tunnel.default projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}
$ terraform import google_compute_vpn_tunnel.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_vpn_tunnel.default {{region}}/{{name}}
$ terraform import google_compute_vpn_tunnel.default {{name}}
This resource supports User Project Overrides.