terraform-provider-google/website/docs/r/compute_vpn_tunnel.html.markdown

---
# ----------------------------------------------------------------------------
#
#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
#
# ----------------------------------------------------------------------------
#
#     This file is automatically generated by Magic Modules and manual
#     changes will be clobbered when the file is regenerated.
#
#     Please read more about how to change this file in
#     .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
layout: "google"
page_title: "Google: google_compute_vpn_tunnel"
sidebar_current: "docs-google-compute-vpn-tunnel"
description: |-
  VPN tunnel resource.
---

# google\_compute\_vpn\_tunnel

VPN tunnel resource.

To get more information about VpnTunnel, see:

* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels)
* How-to Guides
    * [Cloud VPN Overview](https://cloud.google.com/vpn/docs/concepts/overview)
    * [Networks and Tunnel Routing](https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing)

~> **Warning:** All arguments including the shared secret will be stored in the raw
state as plain-text.
[Read more about sensitive data in state](/docs/state/sensitive-data.html).

## Example Usage

```hcl
resource "google_compute_network" "network1" {
  name = "network1"
}

resource "google_compute_subnetwork" "subnet1" {
  name          = "subnet1"
  network       = "${google_compute_network.network1.self_link}"
  ip_cidr_range = "10.120.0.0/16"
  region        = "us-central1"
}

resource "google_compute_vpn_gateway" "target_gateway" {
  name    = "vpn1"
  network = "${google_compute_network.network1.self_link}"
  region  = "${google_compute_subnetwork.subnet1.region}"
}

resource "google_compute_address" "vpn_static_ip" {
  name   = "vpn-static-ip"
  region = "${google_compute_subnetwork.subnet1.region}"
}

resource "google_compute_forwarding_rule" "fr_esp" {
  name        = "fr-esp"
  ip_protocol = "ESP"
  ip_address  = "${google_compute_address.vpn_static_ip.address}"
  target      = "${google_compute_vpn_gateway.target_gateway.self_link}"
}

resource "google_compute_forwarding_rule" "fr_udp500" {
  name        = "fr-udp500"
  ip_protocol = "UDP"
  port_range  = "500-500"
  ip_address  = "${google_compute_address.vpn_static_ip.address}"
  target      = "${google_compute_vpn_gateway.target_gateway.self_link}"
}

resource "google_compute_forwarding_rule" "fr_udp4500" {
  name        = "fr-udp4500"
  ip_protocol = "UDP"
  port_range  = "4500-4500"
  ip_address  = "${google_compute_address.vpn_static_ip.address}"
  target      = "${google_compute_vpn_gateway.target_gateway.self_link}"
}

resource "google_compute_vpn_tunnel" "tunnel1" {
  name          = "tunnel1"
  peer_ip       = "15.0.0.120"
  shared_secret = "a secret message"

  target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway.self_link}"

  local_traffic_selector  = ["${google_compute_subnetwork.subnet1.ip_cidr_range}"]
  remote_traffic_selector = ["172.16.0.0/12"]

  depends_on = [
    "google_compute_forwarding_rule.fr_esp",
    "google_compute_forwarding_rule.fr_udp500",
    "google_compute_forwarding_rule.fr_udp4500",
  ]
}

resource "google_compute_route" "route1" {
  name       = "route1"
  network    = "${google_compute_network.network1.name}"
  dest_range = "15.0.0.0/24"
  priority   = 1000

  next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
}
```

## Argument Reference

The following arguments are supported:


* `name` -
  (Required)
  Name of the resource. The name must be 1-63 characters long, and
  comply with RFC1035. Specifically, the name must be 1-63
  characters long and match the regular expression
  `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character
  must be a lowercase letter, and all following characters must
  be a dash, lowercase letter, or digit,
  except the last character, which cannot be a dash.

* `target_vpn_gateway` -
  (Required)
  URL of the Target VPN gateway with which this VPN tunnel is
  associated.

* `peer_ip` -
  (Required)
  IP address of the peer VPN gateway. Only IPv4 is supported.

* `shared_secret` -
  (Required)
  Shared secret used to set the secure session between the Cloud VPN
  gateway and the peer VPN gateway.

- - -


* `description` -
  (Optional)
  An optional description of this resource.

* `router` -
  (Optional)
  URL of router resource to be used for dynamic routing.

* `ike_version` -
  (Optional)
  IKE protocol version to use when establishing the VPN tunnel with
  peer VPN gateway.
  Acceptable IKE versions are 1 or 2. Default version is 2.

* `local_traffic_selector` -
  (Optional)
  Local traffic selector to use when establishing the VPN tunnel with
  peer VPN gateway. The value should be a CIDR formatted string,
  for example `192.168.0.0/16`. The ranges should be disjoint.
  Only IPv4 is supported.

* `remote_traffic_selector` -
  (Optional)
  Remote traffic selector to use when establishing the VPN tunnel with
  peer VPN gateway. The value should be a CIDR formatted string,
  for example `192.168.0.0/16`. The ranges should be disjoint.
  Only IPv4 is supported.

* `labels` -
  (Optional)
  Labels to apply to this VpnTunnel.

* `region` -
  (Optional)
  The region where the tunnel is located.
* `project` - (Optional) The ID of the project in which the resource belongs.
    If it is not provided, the provider project is used.


## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:


* `creation_timestamp` -
  Creation timestamp in RFC3339 text format.

* `shared_secret_hash` -
  Hash of the shared secret.

* `label_fingerprint` -
  The fingerprint used for optimistic locking of this resource.  Used
  internally during updates.

* `detailed_status` -
  Detailed status message for the VPN tunnel.
* `self_link` - The URI of the created resource.


## Timeouts

This resource provides the following
[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:

- `create` - Default is 4 minutes.
- `update` - Default is 4 minutes.
- `delete` - Default is 4 minutes.

## Import

VpnTunnel can be imported using any of these accepted formats:

```
$ terraform import google_compute_vpn_tunnel.default projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}
$ terraform import google_compute_vpn_tunnel.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_vpn_tunnel.default {{name}}
```