--- title: Cloud VPN Tunnel description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > DDSQL Reference > Data Directory > Cloud VPN Tunnel --- # Cloud VPN Tunnel Cloud VPN Tunnel in Google Cloud securely connects your on-premises network to your Virtual Private Cloud (VPC) network through an encrypted IPsec tunnel. It allows private communication between resources across different networks as if they were on the same local network. This resource is commonly used for hybrid cloud setups, extending data centers to the cloud, or securely connecting multiple VPCs. ``` gcp.compute_vpn_tunnel ``` ## Fields | Title | ID | Type | Data Type | Description | | ------------------------------- | ---- | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | _key | core | string | | ancestors | core | array | | creation_timestamp | core | timestamp | Output only. [Output Only] Creation timestamp inRFC3339 text format. | | datadog_display_name | core | string | | description | core | string | An optional description of this resource. Provide this property when you create the resource. | | detailed_status | core | string | [Output Only] Detailed status message for the VPN tunnel. | | gcp_status | core | string | [Output Only] The status of the VPN tunnel, which can be one of the following: - PROVISIONING: Resource is being allocated for the VPN tunnel. - WAITING_FOR_FULL_CONFIG: Waiting to receive all VPN-related configs from the user. Network, TargetVpnGateway, VpnTunnel, ForwardingRule, and Route resources are needed to setup the VPN tunnel. - FIRST_HANDSHAKE: Successful first handshake with the peer VPN. - ESTABLISHED: Secure session is successfully established with the peer VPN. - NETWORK_ERROR: Deprecated, replaced by NO_INCOMING_PACKETS - AUTHORIZATION_ERROR: Auth error (for example, bad shared secret). - NEGOTIATION_FAILURE: Handshake failed. - DEPROVISIONING: Resources are being deallocated for the VPN tunnel. - FAILED: Tunnel creation has failed and the tunnel is not ready to be used. - NO_INCOMING_PACKETS: No incoming packets from peer. - REJECTED: Tunnel configuration was rejected, can be result of being denied access. - ALLOCATING_RESOURCES: Cloud VPN is in the process of allocating all required resources. - STOPPED: Tunnel is stopped due to its Forwarding Rules being deleted for Classic VPN tunnels or the project is in frozen state. - PEER_IDENTITY_MISMATCH: Peer identity does not match peer IP, probably behind NAT. - TS_NARROWING_NOT_ALLOWED: Traffic selector narrowing not allowed for an HA-VPN tunnel. Possible values: ['ALLOCATING_RESOURCES', 'AUTHORIZATION_ERROR', 'DEPROVISIONING', 'ESTABLISHED', 'FAILED', 'FIRST_HANDSHAKE', 'NEGOTIATION_FAILURE', 'NETWORK_ERROR', 'NO_INCOMING_PACKETS', 'PROVISIONING', 'REJECTED', 'STOPPED', 'WAITING_FOR_FULL_CONFIG']. Values descriptions: ['Cloud VPN is in the process of allocating all required resources (specifically, a borg task).', 'Auth error (e.g. bad shared secret).', 'Resources is being deallocated for the VPN tunnel.', 'Secure session is successfully established with peer VPN.', 'Tunnel creation has failed and the tunnel is not ready to be used.', 'Successful first handshake with peer VPN.', 'Handshake failed.', 'Deprecated, replaced by NO_INCOMING_PACKETS', 'No incoming packets from peer', 'Resource is being allocated for the VPN tunnel.', 'Tunnel configuration was rejected, can be result of being denylisted.', 'Tunnel is stopped due to its Forwarding Rules being deleted.', 'Waiting to receive all VPN-related configs from user. Network, TargetVpnGateway, VpnTunnel, ForwardingRule and Route resources are needed to setup VPN tunnel.'] | | id | core | string | [Output Only] The unique identifier for the resource. This identifier is defined by the server. | | ike_version | core | int64 | IKE protocol version to use when establishing the VPN tunnel with the peer VPN gateway. Acceptable IKE versions are 1 or 2. The default version is 2. | | kind | core | string | Output only. [Output Only] Type of resource. Always compute#vpnTunnel for VPN tunnels. | | labels | core | array | Labels for this resource. These can only be added or modified by thesetLabels method. Each label key/value pair must comply withRFC1035. Label values may be empty. | | local_traffic_selector | core | array | Local traffic selector to use when establishing the VPN tunnel with the peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges must be disjoint. Only IPv4 is supported for Classic VPN tunnels. This field is output only for HA VPN tunnels. | | name | core | string | Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply withRFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. | | organization_id | core | string | | parent | core | string | | peer_external_gateway | core | string | URL of the peer side external VPN gateway to which this VPN tunnel is connected. Provided by the client when the VPN tunnel is created. This field is exclusive with the field peerGcpGateway. | | peer_external_gateway_interface | core | int64 | The interface ID of the external VPN gateway to which this VPN tunnel is connected. Provided by the client when the VPN tunnel is created. Possible values are: `0`, `1`, `2`, `3`. The number of IDs in use depends on the external VPN gateway redundancy type. | | peer_gcp_gateway | core | string | URL of the peer side HA VPN gateway to which this VPN tunnel is connected. Provided by the client when the VPN tunnel is created. This field can be used when creating highly available VPN from VPC network to VPC network, the field is exclusive with the field peerExternalGateway. If provided, the VPN tunnel will automatically use the same vpnGatewayInterface ID in the peer Google Cloud VPN gateway. | | peer_ip | core | string | IP address of the peer VPN gateway. Only IPv4 is supported. This field can be set only for Classic VPN tunnels. | | project_id | core | string | | project_number | core | string | | region | core | string | [Output Only] URL of the region where the VPN tunnel resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body. | | region_id | core | string | | remote_traffic_selector | core | array | Remote traffic selectors to use when establishing the VPN tunnel with the peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported for Classic VPN tunnels. This field is output only for HA VPN tunnels. | | resource_name | core | string | | router | core | string | URL of the router resource to be used for dynamic routing. | | self_link | core | string | [Output Only] Server-defined URL for the resource. | | shared_secret_hash | core | string | Hash of the shared secret. | | tags | core | hstore_csv | | target_vpn_gateway | core | string | URL of the Target VPN gateway with which this VPN tunnel is associated. Provided by the client when the VPN tunnel is created. This field can be set only for Classic VPN tunnels. | | vpn_gateway | core | string | URL of the VPN gateway with which this VPN tunnel is associated. Provided by the client when the VPN tunnel is created. This must be used (instead of target_vpn_gateway) if a High Availability VPN gateway resource is created. | | vpn_gateway_interface | core | int64 | The interface ID of the VPN gateway with which this VPN tunnel is associated. Possible values are: `0`, `1`. | | zone_id | core | string |