--- # ---------------------------------------------------------------------------- # # *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** # # ---------------------------------------------------------------------------- # # This file is automatically generated by Magic Modules and manual # changes will be clobbered when the file is regenerated. # # Please read more about how to change this file in # .github/CONTRIBUTING.md. # # ---------------------------------------------------------------------------- layout: "google" page_title: "Google: google_compute_vpn_tunnel" sidebar_current: "docs-google-compute-vpn-tunnel" description: |- VPN tunnel resource. --- # google\_compute\_vpn\_tunnel VPN tunnel resource. To get more information about VpnTunnel, see: * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels) * How-to Guides * [Cloud VPN Overview](https://cloud.google.com/vpn/docs/concepts/overview) * [Networks and Tunnel Routing](https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing) ~> **Warning:** All arguments including the shared secret will be stored in the raw state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
Open in Cloud Shell
## Example Usage - Vpn Tunnel Basic ```hcl resource "google_compute_vpn_tunnel" "tunnel1" { name = "tunnel1" peer_ip = "15.0.0.120" shared_secret = "a secret message" target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway.self_link}" depends_on = [ "google_compute_forwarding_rule.fr_esp", "google_compute_forwarding_rule.fr_udp500", "google_compute_forwarding_rule.fr_udp4500", ] } resource "google_compute_vpn_gateway" "target_gateway" { name = "vpn1" network = "${google_compute_network.network1.self_link}" } resource "google_compute_network" "network1" { name = "network1" } resource "google_compute_address" "vpn_static_ip" { name = "vpn-static-ip" } resource "google_compute_forwarding_rule" "fr_esp" { name = "fr-esp" ip_protocol = "ESP" ip_address = "${google_compute_address.vpn_static_ip.address}" target = "${google_compute_vpn_gateway.target_gateway.self_link}" } resource "google_compute_forwarding_rule" "fr_udp500" { name = "fr-udp500" ip_protocol = "UDP" port_range = "500" ip_address = "${google_compute_address.vpn_static_ip.address}" target = "${google_compute_vpn_gateway.target_gateway.self_link}" } resource "google_compute_forwarding_rule" "fr_udp4500" { name = "fr-udp4500" ip_protocol = "UDP" port_range = "4500" ip_address = "${google_compute_address.vpn_static_ip.address}" target = "${google_compute_vpn_gateway.target_gateway.self_link}" } resource "google_compute_route" "route1" { name = "route1" network = "${google_compute_network.network1.name}" dest_range = "15.0.0.0/24" priority = 1000 next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}" } ```
Open in Cloud Shell
## Example Usage - Vpn Tunnel Beta ```hcl resource "google_compute_vpn_tunnel" "tunnel1" { provider = "google-beta" name = "tunnel1" peer_ip = "15.0.0.120" shared_secret = "a secret message" target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway.self_link}" depends_on = [ "google_compute_forwarding_rule.fr_esp", "google_compute_forwarding_rule.fr_udp500", "google_compute_forwarding_rule.fr_udp4500", ] labels = { foo = "bar" } } resource "google_compute_vpn_gateway" "target_gateway" { provider = "google-beta" name = "vpn1" network = "${google_compute_network.network1.self_link}" } resource "google_compute_network" "network1" { provider = "google-beta" name = "network1" } resource "google_compute_address" "vpn_static_ip" { provider = "google-beta" name = "vpn-static-ip" } resource "google_compute_forwarding_rule" "fr_esp" { provider = "google-beta" name = "fr-esp" ip_protocol = "ESP" ip_address = "${google_compute_address.vpn_static_ip.address}" target = "${google_compute_vpn_gateway.target_gateway.self_link}" } resource "google_compute_forwarding_rule" "fr_udp500" { provider = "google-beta" name = "fr-udp500" ip_protocol = "UDP" port_range = "500" ip_address = "${google_compute_address.vpn_static_ip.address}" target = "${google_compute_vpn_gateway.target_gateway.self_link}" } resource "google_compute_forwarding_rule" "fr_udp4500" { provider = "google-beta" name = "fr-udp4500" ip_protocol = "UDP" port_range = "4500" ip_address = "${google_compute_address.vpn_static_ip.address}" target = "${google_compute_vpn_gateway.target_gateway.self_link}" } resource "google_compute_route" "route1" { provider = "google-beta" name = "route1" network = "${google_compute_network.network1.name}" dest_range = "15.0.0.0/24" priority = 1000 next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}" } provider "google-beta"{ region = "us-central1" zone = "us-central1-a" } ``` ## Argument Reference The following arguments are supported: * `name` - (Required) Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. * `target_vpn_gateway` - (Required) URL of the Target VPN gateway with which this VPN tunnel is associated. * `peer_ip` - (Required) IP address of the peer VPN gateway. Only IPv4 is supported. * `shared_secret` - (Required) Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway. - - - * `description` - (Optional) An optional description of this resource. * `router` - (Optional) URL of router resource to be used for dynamic routing. * `ike_version` - (Optional) IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. * `local_traffic_selector` - (Optional) Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. * `remote_traffic_selector` - (Optional) Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. * `region` - (Optional) The region where the tunnel is located. If unset, is set to the region of `target_vpn_gateway`. * `project` - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. ## Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: * `creation_timestamp` - Creation timestamp in RFC3339 text format. * `shared_secret_hash` - Hash of the shared secret. * `detailed_status` - Detailed status message for the VPN tunnel. * `self_link` - The URI of the created resource. ## Timeouts This resource provides the following [Timeouts](/docs/configuration/resources.html#timeouts) configuration options: - `create` - Default is 4 minutes. - `delete` - Default is 4 minutes. ## Import VpnTunnel can be imported using any of these accepted formats: ``` $ terraform import google_compute_vpn_tunnel.default projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}} $ terraform import google_compute_vpn_tunnel.default {{project}}/{{region}}/{{name}} $ terraform import google_compute_vpn_tunnel.default {{name}} ``` -> If you're importing a resource with beta features, make sure to include `-provider=google-beta` as an argument so that Terraform uses the correct provider to import your resource.