Delete a VPN gateway

The following procedures enable you to delete an HA VPN gateway or a Classic VPN gateway. HA VPN uses the vpn-gateways command option, and Classic VPN uses the target-vpn-gateways command option.

After you delete an HA VPN gateway, any peer gateway resources that you created still exist.

Before removing a Cloud VPN gateway, delete all associated VPN tunnels.

Delete an HA VPN gateway

To delete an existing HA VPN gateway, complete the following steps.

Permissions required for this task

To perform this task, you must have been granted the following permissions or the following IAM roles.

Permissions

compute.vpnGateways.get
compute.vpnGateways.list
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.use
compute.vpnGateways.setLabels
compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.use
compute.externalVpnGateways.setLabels

Roles

roles/compute.networkAdmin

Console

In the Google Cloud console, go to the VPN page.

Go to VPN
Find the row that contains the Gateway name that you want to delete.
Click the Gateway name.
On the Google VPN gateway details page, under VPN tunnels, select the checkboxes next to the tunnels that you want to delete.
To delete the tunnels, click Delete.
In the confirmation dialog box, click Delete.
To delete the gateway, at the top of the page, click Delete.
In the confirmation dialog box, click Delete.

gcloud

In the following commands, replace the following:

PROJECT_ID: the ID of your project
GATEWAY_NAME: the name of your VPN gateway
REGION: the region where your VPN gateway resides

To delete the gateway, follow these steps:

Identify the name and region of the VPN gateway that you want to delete, and then use that information in later steps. To list all VPN gateways, run the following command:
```
gcloud compute vpn-gateways list
   --project=PROJECT_ID
```
Determine if the VPN gateway has any VPN tunnels that need to be deleted. To list all tunnels associated with the gateway, run the following command:
```
gcloud compute vpn-gateways describe GATEWAY_NAME \
   --region=REGION \
   --project=PROJECT_ID \
   --format='flattened(tunnels)'
```
Delete each existing tunnel.

Delete the VPN gateway:

gcloud compute vpn-gateways delete GATEWAY_NAME \
   --region=REGION \
   --project=PROJECT_ID

API

To delete tunnels first, make a DELETE request by using the vpnTunnels.delete method:

DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/vpnTunnels/TUNNEL_NAME

Make a DELETE request by using the vpnGateways.delete method:

DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/vpnGateways/GATEWAY_NAME

Delete a Classic VPN gateway

To delete an existing Classic VPN gateway, complete the following steps.

Permissions required for this task

To perform this task, you must have been granted the following permissions or the following IAM roles.

Permissions

compute.vpnGateways.get
compute.vpnGateways.list
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.use
compute.vpnGateways.setLabels
compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.use
compute.externalVpnGateways.setLabels

Roles

roles/compute.networkAdmin

Console

In the Google Cloud console, go to the VPN page.

Go to VPN
Find the row that contains the Gateway name that you want to delete.
Click the Gateway name.
On the Google VPN gateway details page, under VPN tunnels, select the checkboxes next to the tunnels that you want to delete.
To delete the tunnels, click Delete.
In the confirmation dialog box, click Delete.
To delete the gateway, at the top of the page, click Delete.
In the confirmation dialog box, click Delete.

gcloud

In the following commands, replace the following:

PROJECT_ID: the ID of your project
GATEWAY_NAME: the name of your VPN gateway
REGION: the region where your VPN gateway resides
FR_NAME: the name of each forwarding rule

To delete the gateway, follow these steps:

Identify the name and region of the VPN gateway that you want to delete, and then use that information in later steps. To list all VPN gateways, run the following command:
```
gcloud compute target-vpn-gateways list
   --project=PROJECT_ID
```
Determine if the VPN gateway has any VPN tunnels that need to be deleted. To list all tunnels associated with the gateway, run the following command:
```
gcloud compute target-vpn-gateways describe GATEWAY_NAME \
   --region=REGION \
   --project=PROJECT_ID \
   --format='flattened(tunnels)'
```
Delete each existing tunnel.

Determine the names of the three forwarding rules associated with the target VPN gateway:

gcloud compute target-vpn-gateways describe GATEWAY_NAME \
   --region=REGION \
   --project=PROJECT_ID \
   --format='flattened(forwardingRules)'

Delete the forwarding rules; repeat this command for each forwarding rule:

gcloud compute forwarding-rules delete FR_NAME \
   --region=REGION \
   --project=PROJECT_ID

Delete the target VPN gateway:

gcloud compute target-vpn-gateways delete GATEWAY_NAME \
   --region=REGION \
   --project=PROJECT_ID

API

To delete tunnels first, make a DELETE request by using the vpnTunnels.delete method:

DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/vpnTunnels/TUNNEL_NAME

Make a DELETE request by using the targetVpnGateways.delete method:

DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/targetVpnGateways/GATEWAY_NAME

Recommended follow-up

After deleting a VPN gateway, consider doing the following:

Review your firewall rules and delete the rules that you no longer need.
For Classic VPN, you can delete the external IP address previously used by the VPN gateway.

What's next

To view Cloud Logging and Monitoring information, see View logs and metrics.
To use high-availability and high-throughput scenarios or multiple subnet scenarios, see Advanced configurations.
To help you solve common issues that you might encounter when using Cloud VPN, see Troubleshooting.