Deleting a Cloud VPN tunnel

This procedure applies to tunnels connected to either Classic VPN or HA VPN gateways.

Required permissions

Project owners, editors, and IAM members with the Network Admin role can delete Cloud VPN tunnels.

Deleting a VPN tunnel

To delete an existing Cloud VPN tunnel, do the following:


  1. Go to the VPN tunnels page.
  2. Place a check in the box next to the VPN tunnel you need to remove.
  3. At the top of the screen, click Delete.
  4. Click Delete again when asked to confirm.


In the following commands, replace [PROJECT_ID] with the ID of your project.

  1. Identify the name and region of the VPN tunnel you need to remove. To list all VPN tunnels in your project:

     gcloud compute vpn-tunnels list --project [PROJECT_ID]

    Once you identify the VPN tunnel, replace [NAME] and [REGION] with its name and region in the following steps.

  2. Delete the tunnel using this command:

     gcloud compute vpn-tunnels delete [NAME] \
       --region [REGION] \
       --project [PROJECT_ID]

After deleting a VPN tunnel, consider the following:

  • Review your firewall rules and delete the rules that you no longer need.

  • If the tunnel used policy based routing or was a route based VPN, you should review the routes in your GCP network and delete any static routes that you no longer need.

  • If you used the GCP Console to delete the tunnel, static routes that were automatically created should already be removed. If you used gcloud to remove the tunnel, or if you created custom static routes for it, you will need to delete those manually.

  • If no more tunnels exist for the associated VPN gateway, you can delete the VPN gateway as well.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...