» google_compute_vpn_tunnel

VPN tunnel resource.

To get more information about VpnTunnel, see:

API documentation
How-to Guides
- Cloud VPN Overview
- Networks and Tunnel Routing

Warning: All arguments including the shared secret will be stored in the raw state as plain-text. Read more about sensitive data in state.

» Example Usage - Vpn Tunnel Basic

resource "google_compute_vpn_tunnel" "tunnel1" {
  name          = "tunnel1"
  peer_ip       = "15.0.0.120"
  shared_secret = "a secret message"

  target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway.self_link}"

  depends_on = [
    "google_compute_forwarding_rule.fr_esp",
    "google_compute_forwarding_rule.fr_udp500",
    "google_compute_forwarding_rule.fr_udp4500",
  ]
}

resource "google_compute_vpn_gateway" "target_gateway" {
  name    = "vpn1"
  network = "${google_compute_network.network1.self_link}"
}

resource "google_compute_network" "network1" {
  name       = "network1"
}

resource "google_compute_address" "vpn_static_ip" {
  name   = "vpn-static-ip"
}

resource "google_compute_forwarding_rule" "fr_esp" {
  name        = "fr-esp"
  ip_protocol = "ESP"
  ip_address  = "${google_compute_address.vpn_static_ip.address}"
  target      = "${google_compute_vpn_gateway.target_gateway.self_link}"
}

resource "google_compute_forwarding_rule" "fr_udp500" {
  name        = "fr-udp500"
  ip_protocol = "UDP"
  port_range  = "500"
  ip_address  = "${google_compute_address.vpn_static_ip.address}"
  target      = "${google_compute_vpn_gateway.target_gateway.self_link}"
}

resource "google_compute_forwarding_rule" "fr_udp4500" {
  name        = "fr-udp4500"
  ip_protocol = "UDP"
  port_range  = "4500"
  ip_address  = "${google_compute_address.vpn_static_ip.address}"
  target      = "${google_compute_vpn_gateway.target_gateway.self_link}"
}

resource "google_compute_route" "route1" {
  name       = "route1"
  network    = "${google_compute_network.network1.name}"
  dest_range = "15.0.0.0/24"
  priority   = 1000

  next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
}

» Example Usage - Vpn Tunnel Beta

resource "google_compute_vpn_tunnel" "tunnel1" {
  provider = "google-beta"
  name          = "tunnel1"
  peer_ip       = "15.0.0.120"
  shared_secret = "a secret message"

  target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway.self_link}"

  depends_on = [
    "google_compute_forwarding_rule.fr_esp",
    "google_compute_forwarding_rule.fr_udp500",
    "google_compute_forwarding_rule.fr_udp4500",
  ]

  labels = {
    foo = "bar"
  }
}

resource "google_compute_vpn_gateway" "target_gateway" {
  provider = "google-beta"
  name    = "vpn1"
  network = "${google_compute_network.network1.self_link}"
}

resource "google_compute_network" "network1" {
  provider = "google-beta"
  name       = "network1"
}

resource "google_compute_address" "vpn_static_ip" {
  provider = "google-beta"
  name   = "vpn-static-ip"
}

resource "google_compute_forwarding_rule" "fr_esp" {
  provider = "google-beta"
  name        = "fr-esp"
  ip_protocol = "ESP"
  ip_address  = "${google_compute_address.vpn_static_ip.address}"
  target      = "${google_compute_vpn_gateway.target_gateway.self_link}"
}

resource "google_compute_forwarding_rule" "fr_udp500" {
  provider = "google-beta"
  name        = "fr-udp500"
  ip_protocol = "UDP"
  port_range  = "500"
  ip_address  = "${google_compute_address.vpn_static_ip.address}"
  target      = "${google_compute_vpn_gateway.target_gateway.self_link}"
}

resource "google_compute_forwarding_rule" "fr_udp4500" {
  provider = "google-beta"
  name        = "fr-udp4500"
  ip_protocol = "UDP"
  port_range  = "4500"
  ip_address  = "${google_compute_address.vpn_static_ip.address}"
  target      = "${google_compute_vpn_gateway.target_gateway.self_link}"
}

resource "google_compute_route" "route1" {
  provider = "google-beta"
  name       = "route1"
  network    = "${google_compute_network.network1.name}"
  dest_range = "15.0.0.0/24"
  priority   = 1000

  next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
}

provider "google-beta"{
  region = "us-central1"
  zone   = "us-central1-a"
}

» Argument Reference

The following arguments are supported:

name - (Required) Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
target_vpn_gateway - (Required) URL of the Target VPN gateway with which this VPN tunnel is associated.
peer_ip - (Required) IP address of the peer VPN gateway. Only IPv4 is supported.
shared_secret - (Required) Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.

description - (Optional) An optional description of this resource.
router - (Optional) URL of router resource to be used for dynamic routing.
ike_version - (Optional) IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2.
local_traffic_selector - (Optional) Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported.
remote_traffic_selector - (Optional) Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported.
region - (Optional) The region where the tunnel is located. If unset, is set to the region of target_vpn_gateway.
project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

creation_timestamp - Creation timestamp in RFC3339 text format.
shared_secret_hash - Hash of the shared secret.
detailed_status - Detailed status message for the VPN tunnel.
self_link - The URI of the created resource.

» Timeouts

This resource provides the following Timeouts configuration options:

create - Default is 4 minutes.
delete - Default is 4 minutes.

» Import

VpnTunnel can be imported using any of these accepted formats:

$ terraform import google_compute_vpn_tunnel.default projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}
$ terraform import google_compute_vpn_tunnel.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_vpn_tunnel.default {{name}}

If you're importing a resource with beta features, make sure to include -provider=google-beta as an argument so that Terraform uses the correct provider to import your resource.