mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-14 23:17:15 +00:00
142 lines
4.5 KiB
Markdown
142 lines
4.5 KiB
Markdown
---
|
|
layout: "google"
|
|
page_title: "Google: google_compute_vpn_tunnel"
|
|
sidebar_current: "docs-google-compute-vpn-tunnel"
|
|
description: |-
|
|
Manages a VPN Tunnel to the GCE network
|
|
---
|
|
|
|
# google\_compute\_vpn\_tunnel
|
|
|
|
Manages a VPN Tunnel to the GCE network. For more info, read the
|
|
[documentation](https://cloud.google.com/compute/docs/vpn).
|
|
|
|
## Example Usage
|
|
|
|
```hcl
|
|
resource "google_compute_network" "network1" {
|
|
name = "network1"
|
|
}
|
|
|
|
resource "google_compute_subnetwork" "subnet1" {
|
|
name = "subnet1"
|
|
network = "${google_compute_network.network1.self_link}"
|
|
ip_cidr_range = "10.120.0.0/16"
|
|
region = "us-central1"
|
|
}
|
|
|
|
resource "google_compute_vpn_gateway" "target_gateway" {
|
|
name = "vpn1"
|
|
network = "${google_compute_network.network1.self_link}"
|
|
region = "${google_compute_subnetwork.subnet1.region}"
|
|
}
|
|
|
|
resource "google_compute_address" "vpn_static_ip" {
|
|
name = "vpn-static-ip"
|
|
region = "${google_compute_subnetwork.subnet1.region}"
|
|
}
|
|
|
|
resource "google_compute_forwarding_rule" "fr_esp" {
|
|
name = "fr-esp"
|
|
ip_protocol = "ESP"
|
|
ip_address = "${google_compute_address.vpn_static_ip.address}"
|
|
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
|
|
}
|
|
|
|
resource "google_compute_forwarding_rule" "fr_udp500" {
|
|
name = "fr-udp500"
|
|
ip_protocol = "UDP"
|
|
port_range = "500-500"
|
|
ip_address = "${google_compute_address.vpn_static_ip.address}"
|
|
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
|
|
}
|
|
|
|
resource "google_compute_forwarding_rule" "fr_udp4500" {
|
|
name = "fr-udp4500"
|
|
ip_protocol = "UDP"
|
|
port_range = "4500-4500"
|
|
ip_address = "${google_compute_address.vpn_static_ip.address}"
|
|
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
|
|
}
|
|
|
|
resource "google_compute_vpn_tunnel" "tunnel1" {
|
|
name = "tunnel1"
|
|
peer_ip = "15.0.0.120"
|
|
shared_secret = "a secret message"
|
|
|
|
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway.self_link}"
|
|
|
|
local_traffic_selector = ["${google_compute_subnetwork.subnet1.ip_cidr_range}"]
|
|
remote_traffic_selector = ["172.16.0.0/12"]
|
|
|
|
depends_on = [
|
|
"google_compute_forwarding_rule.fr_esp",
|
|
"google_compute_forwarding_rule.fr_udp500",
|
|
"google_compute_forwarding_rule.fr_udp4500",
|
|
]
|
|
}
|
|
|
|
resource "google_compute_route" "route1" {
|
|
name = "route1"
|
|
network = "${google_compute_network.network1.name}"
|
|
dest_range = "15.0.0.0/24"
|
|
priority = 1000
|
|
|
|
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
|
|
}
|
|
```
|
|
|
|
## Argument Reference
|
|
|
|
The following arguments are supported:
|
|
|
|
* `name` - (Required) A unique name for the resource, required by GCE. Changing
|
|
this forces a new resource to be created.
|
|
|
|
* `peer_ip` - (Required) The VPN gateway sitting outside of GCE. Changing this
|
|
forces a new resource to be created.
|
|
|
|
* `shared_secret` - (Required) A passphrase shared between the two VPN gateways.
|
|
Changing this forces a new resource to be created.
|
|
|
|
* `target_vpn_gateway` - (Required) A link to the VPN gateway sitting inside
|
|
GCE. Changing this forces a new resource to be created.
|
|
|
|
- - -
|
|
|
|
* `description` - (Optional) A description of the resource. Changing this forces
|
|
a new resource to be created.
|
|
|
|
* `ike_version` - (Optional) Either version 1 or 2. Default is 2. Changing this
|
|
forces a new resource to be created.
|
|
|
|
* `local_traffic_selector` - (Optional) Specifies which CIDR ranges are
|
|
announced to the VPN peer. Mandatory if the VPN gateway is attached to a
|
|
custom subnetted network. Refer to Google documentation for more
|
|
information.
|
|
|
|
* `remote_traffic_selector` - (Optional) Specifies which CIDR ranges the VPN
|
|
tunnel can route to the remote side. Mandatory if the VPN gateway is attached to a
|
|
custom subnetted network. Refer to Google documentation for more
|
|
information.
|
|
|
|
* `router` - (Optional) Name of a Cloud Router in the same region
|
|
to be used for dynamic routing. Refer to Google documentation for more
|
|
information.
|
|
|
|
* `project` - (Optional) The project in which the resource belongs. If it
|
|
is not provided, the provider project is used.
|
|
|
|
* `region` - (Optional) The region this tunnel should sit in. If not specified,
|
|
the project region will be used. Changing this forces a new resource to be
|
|
created.
|
|
|
|
## Attributes Reference
|
|
|
|
In addition to the arguments listed above, the following computed attributes are
|
|
exported:
|
|
|
|
* `detailed_status` - Information about the status of the VPN tunnel.
|
|
|
|
* `self_link` - The URI of the created resource.
|