Deleting a Cloud VPN gateway

The following procedures enable you to delete a Classic VPN or an HA VPN gateway. HA VPN uses the vpn-gateways command option and Classic VPN uses the target-vpn-gateways command option.

After you delete an HA VPN gateway, any peer gateway resources that you have created still exist.

Permissions required for this task

To perform this task, you must have been granted the following permissions or the following IAM roles.

Permissions

compute.vpnGateways.get
compute.vpnGateways.list
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.use
compute.vpnGateways.setLabels
compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.use
compute.externalVpnGateways.setLabels

Roles

roles/compute.networkAdmin

Deleting an HA VPN gateway

To delete an existing HA VPN gateway, do the following:

console

Go to the VPN page in the Google Cloud Console.
Go to the VPN page
Find the row containing the Gateway name you want to delete.
Click the Gateway name.
On the Google VPN gateway details screen, under VPN tunnels, check the box for the tunnels you want to delete.
Click the Delete button.
Click Delete in the confirmation dialog box.
Click the Delete button at the top of the screen to delete the gateway.
Click Delete in the confirmation dialog box.

gcloud

In the following commands, replace PROJECT_ID with the ID of your project.

Identify that the name and region of the VPN gateway that you want to delete. You can list all VPN gateways with the following command. Once you identify the VPN gateway, replace NAME and REGION with its name and region in the following steps.
```
 gcloud compute vpn-gateways list --project PROJECT_ID
```
Determine if the VPN gateway has any VPN tunnels that need to be removed. Use the following command to list all tunnels associated with it:
```
 gcloud compute vpn-gateways describe NAME \
   --region REGION \
   --project PROJECT_ID \
   --format='flattened(tunnels)'
```
Delete each existing tunnel.

Delete the VPN gateway.

 gcloud compute vpn-gateways delete NAME \
   --region REGION \
   --project PROJECT_ID

api

To delete tunnels first, make a DELETE request with the vpnTunnels.delete method.

  DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/vpnTunnels/TUNNEL_NAME

Make a DELETE request with the vpnGateways.delete method.

  DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/vpnGateways/GATEWAY_NAME

Deleting a Classic VPN gateway

To delete an existing Classic VPN gateway, do the following:

Console

Go to the VPN page in the Google Cloud Console.
Go to the VPN page
Find the row containing the Gateway name you want to delete.
Click on the Gateway name.
On the Google VPN gateway details screen, under VPN tunnels, check the box for the tunnels you want to delete.
Click the Delete button.
Click Delete in the confirmation dialog box.
Click the Delete button at the top of the screen to delete the gateway.
Click Delete in the confirmation dialog box.

gcloud

In the following commands, replace PROJECT_ID with the ID of your project.

Identify the name and region of the VPN gateway you need to remove. You can list all VPN gateways with the following command. Once you identify the VPN gateway, replace NAME and REGION with its name and region in the following steps.
```
 gcloud compute target-vpn-gateways list --project PROJECT_ID
```

Determine if the VPN gateway has any VPN tunnels that need to be removed. Use the following command to list all tunnels associated with it:

 gcloud compute target-vpn-gateways describe NAME \
   --region REGION \
   --project PROJECT_ID \
   --format='flattened(tunnels)'

Delete each existing tunnel.

Determine the names of the three forwarding rules associated with the target VPN gateway.

 gcloud compute target-vpn-gateways describe NAME \
   --region REGION \
   --project PROJECT_ID \
   --format='flattened(forwardingRules)'

Delete the forwarding rules. Repeat this command, replacing FR_NAME with the name of each forwarding rule:
```
 gcloud compute forwarding-rules delete FR_NAME \
   --region REGION \
   --project PROJECT_ID
```

Delete the target VPN gateway.

 gcloud compute target-vpn-gateways delete NAME \
   --region REGION \
   --project PROJECT_ID

api

To delete tunnels first, make a DELETE request with the vpnTunnels.delete method.

  DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/vpnTunnels/TUNNEL_NAME

Make a DELETE request with the targetVpnGateways.delete method.

  DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/targetVpnGateways/GATEWAY_NAME

Recommended follow-up

After deleting a VPN gateway, consider doing the following:

Review your firewall rules and delete the rules that you no longer need.
For Classic VPN, you can delete the external IP address previously used by the VPN gateway.

Deleting a Cloud VPN gateway

Permissions required for this task

Deleting an HA VPN gateway

console

gcloud

api

Deleting a Classic VPN gateway

Console

gcloud

api

Recommended follow-up

What's next