Delete a VPN tunnel

The following procedure applies to tunnels connected to either Classic VPN or HA VPN gateways.

To delete an existing Cloud VPN tunnel, complete the following steps.

Console

To delete the tunnel, follow these steps:

  1. In the Google Cloud console, go to the VPN page.

    Go to VPN

  2. Select the checkbox next to the VPN tunnel that you want to remove.

  3. At the top of the page, click Delete.

    When you use the Google Cloud console to delete a VPN tunnel, Google Cloud also deletes any Border Gateway Protocol (BGP) sessions associated with the VPN tunnel.

  4. To confirm deletion, click Delete again.

  5. Optional: To confirm that the BGP sessions associated with the VPN tunnel are deleted, go to the Cloud Router details page. For more information, see View Cloud Router details.

gcloud

In the following commands, replace the following:

  • PROJECT_ID: the ID of your project
  • TUNNEL_NAME: the name of your tunnel
  • REGION: the region where your tunnel resides

To delete the tunnel, follow these steps:

  1. Identify the name and region of the VPN tunnel that you want to delete, and then use that information in the next step. To list all VPN tunnels in your project, run the following command:

    gcloud compute vpn-tunnels list
       --project=PROJECT_ID
    
  2. To delete the VPN tunnel, run the following command:

    gcloud compute vpn-tunnels delete TUNNEL_NAME \
       --region=REGION \
       --project=PROJECT_ID
    

    When you use Google Cloud CLI to delete a VPN tunnel, the command does not automatically delete the BGP sessions that are configured for the VPN tunnel.

  3. Optional: To delete the BGP sessions associated with the VPN tunnel, use the gcloud compute routers remove-bgp-peer command. For instructions, see Remove a BGP session.

    To verify that the BGP sessions are deleted, go to the Cloud Router details page in the Google Cloud console, or run the gcloud compute routers describe command for a Cloud Router. For instructions, see View Cloud Router details.

API

To delete the tunnel, follow these steps:

  1. Make a DELETE request by using the vpnTunnels.delete method:

    DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/vpnTunnels/TUNNEL_NAME
    

    When you use the Cloud VPN API to delete a VPN tunnel, the API command does not delete any BGP sessions that are associated with the VPN tunnel.

  2. Optional: To delete the BGP sessions associated with the VPN tunnel, use the routers.patch method to update the bgpPeers[] field. For instructions, see Remove a BGP session.

    To verify that your BGP sessions are deleted, go to the Cloud Router details page in the Google Cloud console, or run the gcloud compute routers describe command for a Cloud Router. For instructions, see View Cloud Router details.

After deleting a VPN tunnel, consider the following:

  • Review your firewall rules and delete the rules that you no longer need.

  • If the tunnel used Classic VPN policy-based routing or was a route-based VPN, review the routes in your Google Cloud network. Delete any static routes that you no longer need.

  • If you used the Google Cloud console to delete the tunnel for a Classic VPN gateway, static routes that were automatically created should already be removed. If you used the Google Cloud CLI to remove the tunnel, or if you created custom static routes for it, delete those tunnels manually.

  • If no more tunnels exist for the associated VPN gateway, you can delete the VPN gateway.

What's next