Delete a VPN tunnel

The following procedure applies to tunnels connected to either Classic VPN or HA VPN gateways.

To delete an existing Cloud VPN tunnel, complete the following steps.

To perform this task, you must have been granted the following permissions or the following IAM roles.

Permissions

Roles

To delete the tunnel, follow these steps:

In the Google Cloud console, go to the VPN page.

Go to VPN
Select the checkbox next to the VPN tunnel that you want to remove.
At the top of the page, click Delete.

When you use the Google Cloud console to delete a VPN tunnel, Google Cloud also deletes any Border Gateway Protocol (BGP) sessions associated with the VPN tunnel.
To confirm deletion, click Delete again.
Optional: To confirm that the BGP sessions associated with the VPN tunnel are deleted, go to the Cloud Router details page. For more information, see View Cloud Router details.

In the following commands, replace the following:

To delete the tunnel, follow these steps:

Identify the name and region of the VPN tunnel that you want to delete, and then use that information in the next step. To list all VPN tunnels in your project, run the following command:
```
gcloud compute vpn-tunnels list
   --project=PROJECT_ID
```
To delete the VPN tunnel, run the following command:
```
gcloud compute vpn-tunnels delete TUNNEL_NAME \
   --region=REGION \
   --project=PROJECT_ID
```
When you use Google Cloud CLI to delete a VPN tunnel, the command does not automatically delete the BGP sessions that are configured for the VPN tunnel.
Optional: To delete the BGP sessions associated with the VPN tunnel, use the gcloud compute routers remove-bgp-peer command. For instructions, see Remove a BGP session.

To verify that the BGP sessions are deleted, go to the Cloud Router details page in the Google Cloud console, or run the gcloud compute routers describe command for a Cloud Router. For instructions, see View Cloud Router details.

To delete the tunnel, follow these steps:

Make a DELETE request by using the vpnTunnels.delete method:
```
DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/vpnTunnels/TUNNEL_NAME
```
When you use the Cloud VPN API to delete a VPN tunnel, the API command does not delete any BGP sessions that are associated with the VPN tunnel.
Optional: To delete the BGP sessions associated with the VPN tunnel, use the routers.patch method to update the bgpPeers[] field. For instructions, see Remove a BGP session.

To verify that your BGP sessions are deleted, go to the Cloud Router details page in the Google Cloud console, or run the gcloud compute routers describe command for a Cloud Router. For instructions, see View Cloud Router details.

After deleting a VPN tunnel, consider the following:

Review your firewall rules and delete the rules that you no longer need.
If the tunnel used Classic VPN policy-based routing or was a route-based VPN, review the routes in your Google Cloud network. Delete any static routes that you no longer need.
If you used the Google Cloud console to delete the tunnel for a Classic VPN gateway, static routes that were automatically created should already be removed. If you used the Google Cloud CLI to remove the tunnel, or if you created custom static routes for it, delete those tunnels manually.
If no more tunnels exist for the associated VPN gateway, you can delete the VPN gateway.

What's next

To view Cloud Logging and Monitoring information, see View logs and metrics.
To use high-availability and high-throughput scenarios or multiple subnet scenarios, see Advanced configurations.
To help you solve common issues that you might encounter when using Cloud VPN, see Troubleshooting.