Method: externalVpnGateways.insert

Creates a ExternalVpnGateway in the specified project using the data included in the request.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



Project ID for this request.

Query parameters



An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.

For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.

The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

Request body

The request body contains data with the following structure:

JSON representation
  "description": string,
  "selfLink": string,
  "id": string,
  "creationTimestamp": string,
  "name": string,
  "redundancyType": enum,
  "interfaces": [
      "id": integer,
      "ipAddress": string
  "labels": {
    string: string,
  "labelFingerprint": string,
  "kind": string


An optional description of this resource. Provide this property when you create the resource.


string (uint64 format)

[Output Only] The unique identifier for the resource. This identifier is defined by the server.



[Output Only] Creation timestamp in RFC3339 text format.



[REQUIRED] Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.



Indicates the user-supplied redundancy type of this external VPN gateway.



A list of interfaces for this external VPN gateway.

If your peer-side gateway is an on-premises gateway and non-AWS cloud providers' gateway, at most two interfaces can be provided for an external VPN gateway. If your peer side is an AWS virtual private gateway, four interfaces should be provided for an external VPN gateway.


integer (uint32 format)

The numeric ID of this interface. The allowed input values for this id for different redundancy types of external VPN gateway:

  • FOUR_IPS_REDUNDANCY - 0, 1, 2, 3



IP address of the interface in the external VPN gateway. Only IPv4 is supported. This IP address can be either from your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine.


map (key: string, value: string)

Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Authorization requires the following IAM permission on the specified resource labels:

  • compute.externalVpnGateways.setLabels

string (bytes format)

A fingerprint for the labels being applied to this ExternalVpnGateway, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet.

To see the latest fingerprint, make a get() request to retrieve an ExternalVpnGateway.

A base64-encoded string.



[Output Only] Type of the resource. Always compute#externalVpnGateway for externalVpnGateways.

Response body

If successful, the response body contains data with the following structure:

Represents an Operation resource.

Google Compute Engine has three Operation resources:

You can use an operation resource to manage asynchronous API requests. For more information, read Handling API responses.

Operations can be global, regional or zonal.

  • For global operations, use the globalOperations resource.
  • For regional operations, use the regionOperations resource.
  • For zonal operations, use the zonalOperations resource.

For more information, read Global, Regional, and Zonal Resources.

JSON representation
  "id": string,
  "creationTimestamp": string,
  "name": string,
  "zone": string,
  "clientOperationId": string,
  "operationType": string,
  "targetLink": string,
  "targetId": string,
  "status": enum,
  "statusMessage": string,
  "user": string,
  "progress": integer,
  "insertTime": string,
  "startTime": string,
  "endTime": string,
  "error": {
    "errors": [
        "code": string,
        "location": string,
        "message": string
  "warnings": [
      "code": enum,