NAME

gcloud compute vpn-tunnels create - create a VPN tunnel

SYNOPSIS

gcloud compute vpn-tunnels create NAME --shared-secret=SHARED_SECRET (--peer-address=PEER_ADDRESS | --peer-external-gateway=PEER_EXTERNAL_GATEWAY | --peer-gcp-gateway=PEER_GCP_GATEWAY | --peer-gcp-gateway-region=PEER_GCP_GATEWAY_REGION) (--target-vpn-gateway=TARGET_VPN_GATEWAY | --target-vpn-gateway-region=TARGET_VPN_GATEWAY_REGION | --vpn-gateway=VPN_GATEWAY | --vpn-gateway-region=VPN_GATEWAY_REGION) [--description=DESCRIPTION] [--ike-version=IKE_VERSION] [--interface=INTERFACE] [--local-traffic-selector=CIDR,[CIDR,...]] [--peer-external-gateway-interface=PEER_EXTERNAL_GATEWAY_INTERFACE] [--region=REGION] [--remote-traffic-selector=CIDR,[CIDR,...]] [--router=ROUTER] [--router-region=ROUTER_REGION] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

gcloud compute vpn-tunnels create is used to create a Classic VPN tunnel between a target VPN gateway in Google Cloud Platform and a peer address; or create Highly Available VPN tunnel between HA VPN gateway and another HA VPN gateway, or Highly Available VPN tunnel between HA VPN gateway and an external VPN gateway.

POSITIONAL ARGUMENTS

NAME

Name of the VPN Tunnel to create.

REQUIRED FLAGS

--shared-secret=SHARED_SECRET

Shared secret consisting of printable characters. Valid arguments match the regular expression [ -~]+

Exactly one of these must be specified:
--peer-address=PEER_ADDRESS

Valid IPV4 address representing the remote tunnel endpoint, the peer address must be specified when creating Classic VPN tunnels from Classic Target VPN gateway

--peer-external-gateway=PEER_EXTERNAL_GATEWAY

Peer side external VPN gateway representing the remote tunnel endpoint, this flag is used when creating HA VPN tunnels from Google Cloud to your external VPN gateway.Either --peer-external-gateway or --peer-gcp-gateway must be specified when creating VPN tunnels from High Available VPN gateway.

--peer-gcp-gateway=PEER_GCP_GATEWAY

Reference to the peer side Highly Available VPN gateway.

--peer-gcp-gateway-region=PEER_GCP_GATEWAY_REGION

Region of the VPN Gateway to operate on. Should be the same as region, if not specified, it will be automatically set. Overrides the default compute/region property value for this command invocation.

Exactly one of these must be specified:
--target-vpn-gateway=TARGET_VPN_GATEWAY

A reference to a Cloud VPN Classic Target VPN Gateway.

--target-vpn-gateway-region=TARGET_VPN_GATEWAY_REGION

Region of the Target VPN Gateway to operate on. Should be the same as region, if not specified, it will be automatically set. Overrides the default compute/region property value for this command invocation.

--vpn-gateway=VPN_GATEWAY

Reference to a Highly Available VPN gateway.

--vpn-gateway-region=VPN_GATEWAY_REGION

Region of the VPN Gateway to operate on. Should be the same as region, if not specified, it will be automatically set. Overrides the default compute/region property value for this command invocation.

OPTIONAL FLAGS

--description=DESCRIPTION

An optional, textual description for the VPN tunnel.

--ike-version=IKE_VERSION

Internet Key Exchange protocol version number. Default is 2. IKE_VERSION must be one of: 1, 2.

--interface=INTERFACE

Numeric interface ID of the VPN gateway with which this VPN tunnel is associated. This flag is required if the tunnel is being attached to a Highly Available VPN gateway. This option is only available for use with Highly Available VPN gateway and must be omitted if the tunnel is going to be connected to a Classic VPN gateway. INTERFACE must be one of: 0, 1.

--local-traffic-selector=CIDR,[CIDR,...]

Traffic selector is an agreement between IKE peers to permit traffic through a tunnel if the traffic matches a specified pair of local and remote addresses.

--local-traffic-selector allows to configure the local addresses that are permitted. The value should be a comma separated list of CIDR formatted strings. Example: 192.168.0.0/16,10.0.0.0/24.

Local traffic selector must be specified only for VPN tunnels that do not use dynamic routing with a Cloud Router. Omit this flag when creating a tunnel using dynamic routing, including a tunnel for a Highly Available VPN gateway.

--peer-external-gateway-interface=PEER_EXTERNAL_GATEWAY_INTERFACE

Interface ID of the external VPN gateway to which this VPN tunnel is connected to. This flag is required if the tunnel is being created from a Highly Available VPN gateway to an External Vpn Gateway. PEER_EXTERNAL_GATEWAY_INTERFACE must be one of: 0, 1, 2, 3.

--region=REGION

Region of the VPN Tunnel to create. If not specified, you might be prompted to select a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set the compute/region property:

$ gcloud config set compute/region REGION

A list of regions can be fetched by running:

$ gcloud compute regions list

To unset the property, run:

$ gcloud config unset compute/region

Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION.

--remote-traffic-selector=CIDR,[CIDR,...]

Traffic selector is an agreement between IKE peers to permit traffic through a tunnel if the traffic matches a specified pair of local and remote addresses.

--remote-traffic-selector allows to configure the remote addresses that are permitted. The value should be a comma separated list of CIDR formatted strings. Example: 192.168.0.0/16,10.0.0.0/24.

Remote traffic selector must be specified for VPN tunnels that do not use dynamic routing with a Cloud Router. Omit this flag when creating a tunnel using dynamic routing, including a tunnel for a Highly Available VPN gateway.

--router=ROUTER

The Router to use for dynamic routing.

--router-region=ROUTER_REGION

Region of the router to operate on. If not specified, you might be prompted to select a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set the compute/region property:

$ gcloud config set compute/region REGION

A list of regions can be fetched by running:

$ gcloud compute regions list

To unset the property, run:

$ gcloud config unset compute/region

Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

These variants are also available:

$ gcloud alpha compute vpn-tunnels create

$ gcloud beta compute vpn-tunnels create