gcloud beta compute vpn-tunnels create

NAME: gcloud beta compute vpn-tunnels create - create a VPN tunnel
SYNOPSIS: gcloud beta compute vpn-tunnels createNAME--shared-secret=SHARED_SECRET(--peer-address=PEER_ADDRESS |--peer-external-gateway=PEER_EXTERNAL_GATEWAY |--peer-gcp-gateway=PEER_GCP_GATEWAY |--peer-gcp-gateway-region=PEER_GCP_GATEWAY_REGION)(--target-vpn-gateway=TARGET_VPN_GATEWAY |--target-vpn-gateway-region=TARGET_VPN_GATEWAY_REGION |--vpn-gateway=VPN_GATEWAY |--vpn-gateway-region=VPN_GATEWAY_REGION)[--description=DESCRIPTION][--ike-version=IKE_VERSION][--interface=INTERFACE][--local-traffic-selector=CIDR,[CIDR,…]][--peer-external-gateway-interface=PEER_EXTERNAL_GATEWAY_INTERFACE][--phase1-dh=GROUPS,[GROUPS,…]][--phase1-encryption=ALGORITHMS,[ALGORITHMS,…]][--phase1-integrity=ALGORITHMS,[ALGORITHMS,…]][--phase1-prf=PSEUDORANDOMFUNCTIONS,[…]][--phase2-encryption=ALGORITHMS,[ALGORITHMS,…]][--phase2-integrity=ALGORITHMS,[ALGORITHMS,…]][--phase2-pfs=ALGORITHMS,[ALGORITHMS,…]][--region=REGION][--remote-traffic-selector=CIDR,[CIDR,…]][--router=ROUTER][--router-region=ROUTER_REGION][GCLOUD_WIDE_FLAG …]
DESCRIPTION: (BETA)gcloud beta compute vpn-tunnels create is usedto create a Classic VPN tunnel between a target VPN gateway in Google CloudPlatform and a peer address; or create Highly Available VPN tunnel between HAVPN gateway and another HA VPN gateway, or Highly Available VPN tunnel betweenHA VPN gateway and an external VPN gateway.
POSITIONAL ARGUMENTS: NAME
Name of the VPN Tunnel to create.
REQUIRED FLAGS: --shared-secret=SHARED_SECRET
Shared secret consisting of printable characters. Valid arguments match theregular expression [ -~]+
Exactly one of these must be specified:
--peer-address=PEER_ADDRESS
Valid IPV4 address representing the remote tunnel endpoint, the peer addressmust be specified when creating Classic VPN tunnels from Classic Target VPNgateway
--peer-external-gateway=PEER_EXTERNAL_GATEWAY
Peer side external VPN gateway representing the remote tunnel endpoint, thisflag is used when creating HA VPN tunnels from Google Cloud to your external VPNgateway.Either --peer-external-gateway or --peer-gcp-gateway must be specifiedwhen creating VPN tunnels from High Available VPN gateway.
--peer-gcp-gateway=PEER_GCP_GATEWAY
Reference to the peer side Highly Available VPN gateway.
--peer-gcp-gateway-region=PEER_GCP_GATEWAY_REGION
Region of the VPN Gateway to operate on. Should be the same as region, if notspecified, it will be automatically set. Overrides the defaultcompute/region property value for this command invocation.
Exactly one of these must be specified:
--target-vpn-gateway=TARGET_VPN_GATEWAY
A reference to a Cloud VPN Classic Target VPN Gateway.
--target-vpn-gateway-region=TARGET_VPN_GATEWAY_REGION
Region of the Target VPN Gateway to operate on. Should be the same as region, ifnot specified, it will be automatically set. Overrides the defaultcompute/region property value for this command invocation.
--vpn-gateway=VPN_GATEWAY
Reference to a Highly Available VPN gateway.
--vpn-gateway-region=VPN_GATEWAY_REGION
Region of the VPN Gateway to operate on. Should be the same as region, if notspecified, it will be automatically set. Overrides the defaultcompute/region property value for this command invocation.
OPTIONAL FLAGS: --description=DESCRIPTION
An optional, textual description for the VPN tunnel.
--ike-version=IKE_VERSION
Internet Key Exchange protocol version number. Default is 2.IKE_VERSION must be one of:1,2.
--interface=INTERFACE
Numeric interface ID of the VPN gateway with which this VPN tunnel isassociated. This flag is required if the tunnel is being attached to a HighlyAvailable VPN gateway. This option is only available for use with HighlyAvailable VPN gateway and must be omitted if the tunnel is going to be connectedto a Classic VPN gateway.INTERFACE must be one of:0,1.
--local-traffic-selector=CIDR,[CIDR,…]
Traffic selector is an agreement between IKE peers to permit traffic through atunnel if the traffic matches a specified pair of local and remote addresses.
--local-traffic-selector allows to configure the local addresses that arepermitted. The value should be a comma separated list of CIDR formatted strings.Example: 192.168.0.0/16,10.0.0.0/24.
Local traffic selector must be specified only for VPN tunnels that do not usedynamic routing with a Cloud Router. Omit this flag when creating a tunnel usingdynamic routing, including a tunnel for a Highly Available VPN gateway.
--peer-external-gateway-interface=PEER_EXTERNAL_GATEWAY_INTERFACE
Interface ID of the external VPN gateway to which this VPN tunnel is connectedto. This flag is required if the tunnel is being created from a Highly AvailableVPN gateway to an External Vpn Gateway.PEER_EXTERNAL_GATEWAY_INTERFACE must be one of:0,1,2,3.
--phase1-dh=GROUPS,[GROUPS,…]
Phase 1 Diffie-Hellman groups.
--phase1-encryption=ALGORITHMS,[ALGORITHMS,…]
Phase 1 encryption algorithms.
--phase1-integrity=ALGORITHMS,[ALGORITHMS,…]
Phase 1 integrity algorithms.
--phase1-prf=PSEUDORANDOMFUNCTIONS,[…]
Phase 1 pseudorandom functions.
--phase2-encryption=ALGORITHMS,[ALGORITHMS,…]
Phase 2 encryption algorithms.
--phase2-integrity=ALGORITHMS,[ALGORITHMS,…]
Phase 2 integrity algorithms.
--phase2-pfs=ALGORITHMS,[ALGORITHMS,…]
Phase 2 perfect forward secerecy algorithms.
--region=REGION
Region of the VPN Tunnel to create. If not specified, you might be prompted toselect a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set thecompute/region property:
gcloudconfigsetcompute/regionREGION
A list of regions can be fetched by running:
gcloudcomputeregionslist
To unset the property, run:
gcloudconfigunsetcompute/region
Alternatively, the region can be stored in the environment variableCLOUDSDK_COMPUTE_REGION.
--remote-traffic-selector=CIDR,[CIDR,…]
Traffic selector is an agreement between IKE peers to permit traffic through atunnel if the traffic matches a specified pair of local and remote addresses.
--remote-traffic-selector allows to configure the remote addresses that arepermitted. The value should be a comma separated list of CIDR formatted strings.Example: 192.168.0.0/16,10.0.0.0/24.
Remote traffic selector must be specified for VPN tunnels that do not usedynamic routing with a Cloud Router. Omit this flag when creating a tunnel usingdynamic routing, including a tunnel for a Highly Available VPN gateway.
--router=ROUTER
Router to use for dynamic routing.
--router-region=ROUTER_REGION
Region of the router to operate on. If not specified, you might be prompted toselect a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set thecompute/region property:
gcloudconfigsetcompute/regionREGION
A list of regions can be fetched by running:
gcloudcomputeregionslist
To unset the property, run:
gcloudconfigunsetcompute/region
Alternatively, the region can be stored in the environment variableCLOUDSDK_COMPUTE_REGION.
GCLOUD WIDE FLAGS: These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.
Run$gcloud help for details.
NOTES: This command is currently in beta and might change without notice. Thesevariants are also available:
gcloudcomputevpn-tunnelscreate
gcloudalphacomputevpn-tunnelscreate

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-19 UTC.

Movatterモバイル変換

gcloud beta compute vpn-tunnels create Stay organized with collections Save and categorize content based on your preferences.

gcloud beta compute vpn-tunnels create