Checking VPN Tunnel Status

Tunnel status

The GCP Console and gcloud allow you to check the operational state of your Cloud VPN tunnels.

Console


  1. Go to the Google VPN Tunnels tab on the VPN page in the Google Cloud Platform Console.
    Go to the VPN tunnels tab
  2. A list of tunnels is presented. The status for each is shown in the Status tab.
  3. Click the name of a tunnel to view the VPN tunnel details page. A more descriptive status message is shown below the name of the tunnel.

gcloud


In the following commands, replace [PROJECT_ID] with the ID of your project.

  1. Identify the name and region of the VPN tunnel whose status you need to check. Once you identify the VPN tunnel, replace [NAME] and [REGION] with its name and region in the next step. You can identify the tunnel using either of these methods:

    • To list all VPN tunnels in your project:

      gcloud compute vpn-tunnels list --project [PROJECT_ID]
      

    • If you know the name of the VPN gateway that contains the tunnel, you can retrieve the list of its associated tunnels by using this command, replacing [GW_NAME] with the name of the gateway and [REGION] with its region (the same region of the tunnel):

      gcloud compute target-vpn-gateways describe [GW_NAME] \
      --region [REGION] \
      --project [PROJECT_ID] \
      --format='flattened(tunnels)'
      

  2. Describe the tunnel to determine its status using the following command. The basic status message and a more detailed message are returned.:

    gcloud compute vpn-tunnels describe [NAME] \
    --region [REGION] \
    --project [PROJECT_ID] \
    --format='flattened(status,detailedStatus)'
    

Status messages

Status Detailed Status Message Notes
Allocating resources Allocating resources. VPN tunnel will start soon. This is the initial state for a newly-created Cloud VPN tunnel.
Waiting for full config Waiting for route configuration. Routes or routing configuration is being prepared.
First Handshake Handshake with peer broken for unknown reason. Trying again soon. Phase 1 (IKE SA) negotiation with the on-premises VPN is in progress. It might have failed at least once.
Established Tunnel is up and running. The tunnel is up, and routes have been configured.
No Incoming Packets No incoming packets from peer No traffic is being received from the on-premises VPN gateway.

Monitoring

The GCP Console provides basic monitoring for Cloud VPN tunnels. You can create more detailed monitoring using Stackdriver Monitoring.

Console


  1. Go to the Google VPN Tunnels tab on the VPN page in the Google Cloud Platform Console.
    Go to the VPN tunnels tab
  2. Click the name of a tunnel to view the VPN tunnel details page. On that page, click the Monitoring tab.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...