Skip to content

net-vpn-dynamic

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History
 
 

net-vpn-dynamic

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

Cloud VPN Dynamic Module

Example

This example shows how to configure a single VPN tunnel using a couple of extra features

  • custom advertisement on the tunnel's BGP session; if custom advertisement is not needed, simply set the bgp_peer_options attribute to null
  • internally generated shared secret, which can be fetched from the module's random_secret output for reuse; a predefined secret can be used instead by assigning it to the shared_secret attribute
module "vm" {
  source     = "./fabric/modules/compute-vm"
  project_id = "my-project"
  zone       = "europe-west1-b"
  name       = "my-vm"
  network_interfaces = [{
    nat        = true
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
  }]
  service_account = {
    auto_create = true
  }
}

module "vpn-dynamic" {
  source     = "./fabric/modules/net-vpn-dynamic"
  project_id = "my-project"
  region     = "europe-west1"
  network    = var.vpc.name
  name       = "gateway-1"
  router_config = {
    asn = 64514
  }
  tunnels = {
    remote-1 = {
      bgp_peer = {
        address = "169.254.139.134"
        asn     = 64513
        custom_advertise = {
          all_subnets          = true
          all_vpc_subnets      = false
          all_peer_vpc_subnets = false
          ip_ranges = {
            "192.168.0.0/24" = "Advertised range description"
          }
        }
      }
      bgp_session_range = "169.254.139.133/30"
      peer_ip           = module.vm.external_ip
    }
  }
}
# tftest modules=2 resources=12

Variables

name description type required default
name VPN gateway name, and prefix used for dependent resources. string
network VPC used for the gateway and routes. string
project_id Project where resources will be created. string
region Region used for resources. string
router_config Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. object({…})
gateway_address Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false. string null
gateway_address_create Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable. bool true
tunnels VPN tunnel configurations. map(object({…})) {}

Outputs

name description sensitive
address VPN gateway address.
gateway VPN gateway resource.
id Fully qualified VPN gateway id.
name VPN gateway name.
random_secret Generated secret.
router Router resource (only if auto-created).
router_name Router name.
self_link VPN gateway self link.
tunnel_names VPN tunnel names.
tunnel_self_links VPN tunnel self links.
tunnels VPN tunnel resources.