Managing VPNs

This page describes how to add and delete tunnels and delete gateways.

Adding a tunnel to an existing gateway

Google Cloud VPN does not support multiple tunnels between the same two gateways. Additional tunnels must point to different gateways.

Console


  1. Go to the VPN page.
  2. Select an existing VPN.
  3. Click Edit.
  4. Click the + button.
  5. Enter a Peer IP address, IKE version, Shared secret, and Remote network IP range as described in Creating a VPN.
  6. Click Save.
  7. Set up the other side of your tunnel per the instructions in Set up the peer VPN gateway.
  8. Confirm that the tunnel is up as described in Check the status of your tunnel.

gcloud


Follow the steps for creating a VPN gateway and tunnel, but start with step 7, Create the VPN tunnel. If the new tunnel has the same CIDR block, you can skip step 9, Adding firewall rules.

Deleting a tunnel

Console


  1. Go to the VPN page.
  2. Click an existing VPN.
  3. Click Edit.
  4. Place your cursor over the tunnel you wish to delete. A trashcan icon appears.
  5. Click the trash can icon.
  6. Click Save.

gcloud


To delete an existing tunnel from a VPN gateway, do the following:

  1. If desired, delete all routes. Run the following command once for each route. You do not have to delete the routes first, or at all, but your network will continue forwarding packets to the external IP until you do.

    gcloud compute --project PROJECT_ID routes delete ROUTE
    
  2. Delete the tunnel.

    gcloud compute --project PROJECT_ID vpn-tunnels delete tunnel1 \
        --region us-central1
    

Deleting a gateway

Console


  1. Go to the VPN page.
  2. Click the Configure link under FIREWALL RULES for the gateway you wish to delete.
  3. Delete any firewall rules associated with the VPN gateway.
  4. Select Networking > VPN again.
  5. Select the checkbox next to the VPN Gateway you wish to delete.
  6. Click Delete.
  7. In the confirmation box, click Delete.

gcloud


To delete an existing VPN gateway using 'gcloud compute', you must also delete resources associated with the gateway.

  1. Delete all tunnels. Follow the instructions in Deleting a Tunnel for each tunnel.
  2. Delete the ESP, UDP:500, and UDP:4500 forwarding rules.

    gcloud compute --project PROJECT_ID forwarding-rules delete fr-esp \
        --region us-central1
    
    gcloud compute --project PROJECT_ID forwarding-rules delete fr-udp500 \
        --region us-central1
    
    gcloud compute --project PROJECT_ID forwarding-rules delete fr-udp4500 \
        --region us-central1
    
  3. Delete the firewall rule that allowed TCP, UDP, and ICMP traffic.

    gcloud compute --project PROJECT_ID firewall-rules delete vpnrule1
    
  4. Delete the gateway itself.

    gcloud compute --project PROJECT_ID target-vpn-gateways delete vpn1 \
        --region us-central1
    

What's next

Send feedback about...

Compute Engine Documentation