--account <ACCOUNT> | Google Cloud Platform user account to use for invocation. Overrides the default *core/account* property value for this command invocation |
--billing-project <BILLING_PROJECT> | The Google Cloud Platform project that will be charged quota for operations performed in gcloud. If you need to operate on one project, but need quota against a different project, you can use this flag to specify the billing project. If both `billing/quota_project` and `--billing-project` are specified, `--billing-project` takes precedence. Run `$ gcloud config set --help` to see more information about `billing/quota_project` |
--configuration <CONFIGURATION> | The configuration to use for this command invocation. For more
information on how to use configurations, run:
`gcloud topic configurations`. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME environment
variable to set the equivalent of this flag for a terminal
session |
--description <DESCRIPTION> | An optional, textual description for the VPN tunnel |
--flags-file <YAML_FILE> | A YAML or JSON file that specifies a *--flag*:*value* dictionary.
Useful for specifying complex flag values with special characters
that work with any command interpreter. Additionally, each
*--flags-file* arg is replaced by its constituent flags. See
$ gcloud topic flags-file for more information |
--flatten <KEY> | Flatten _name_[] output resource slices in _KEY_ into separate records
for each item in each slice. Multiple keys and slices may be specified.
This also flattens keys for *--format* and *--filter*. For example,
*--flatten=abc.def* flattens *abc.def[].ghi* references to
*abc.def.ghi*. A resource record containing *abc.def[]* with N elements
will expand to N records in the flattened output. This flag interacts
with other flags that are applied in this order: *--flatten*,
*--sort-by*, *--filter*, *--limit* |
--format <FORMAT> | Set the format for printing command output resources. The default is a
command-specific human-friendly output format. The supported formats
are: `config`, `csv`, `default`, `diff`, `disable`, `flattened`, `get`, `json`, `list`, `multi`, `none`, `object`, `table`, `text`, `value`, `yaml`. For more details run $ gcloud topic formats |
--help | Display detailed help |
--ike-version <IKE_VERSION> | Internet Key Exchange protocol version number. Default is 2. _IKE_VERSION_ must be one of: *1*, *2* |
--impersonate-service-account <SERVICE_ACCOUNT_EMAIL> | For this gcloud invocation, all API requests will be made as the given service account instead of the currently selected account. This is done without needing to create, download, and activate a key for the account. In order to perform operations as the service account, your currently selected account must have an IAM role that includes the iam.serviceAccounts.getAccessToken permission for the service account. The roles/iam.serviceAccountTokenCreator role has this permission or you may create a custom role. Overrides the default *auth/impersonate_service_account* property value for this command invocation |
--interface <INTERFACE> | Numeric interface ID of the VPN gateway with which this VPN tunnel
is associated. This flag is required if the tunnel is being attached
to a Highly Available VPN gateway. This option is only available
for use with Highly Available VPN gateway and must be omitted if the
tunnel is going to be connected to a Classic VPN gateway. _INTERFACE_ must be one of: *0*, *1* |
--local-traffic-selector <CIDR> | Traffic selector is an agreement between IKE peers to permit traffic
through a tunnel if the traffic matches a specified pair of local and
remote addresses.
+
--local-traffic-selector allows to configure the local addresses that are
permitted. The value should be a comma separated list of CIDR formatted
strings. Example: 192.168.0.0/16,10.0.0.0/24.
+
Local traffic selector must be specified only for VPN tunnels that
do not use dynamic routing with a Cloud Router. Omit this flag when
creating a tunnel using dynamic routing, including a tunnel for a
Highly Available VPN gateway |
--log-http | Log all HTTP server requests and responses to stderr. Overrides the default *core/log_http* property value for this command invocation |
--peer-address <PEER_ADDRESS> | Valid IPV4 address representing the remote tunnel endpoint, the peer address must be specified when creating Classic VPN tunnels from Classic Target VPN gateway |
--peer-external-gateway <PEER_EXTERNAL_GATEWAY> | Peer side external VPN gateway representing the remote tunnel endpoint, this flag is used when creating HA VPN tunnels from Google Cloud to your external VPN gateway.Either --peer-external-gateway or --peer-gcp-gateway must be specified when creating VPN tunnels from High Available VPN gateway |
--peer-external-gateway-interface <PEER_EXTERNAL_GATEWAY_INTERFACE> | Interface ID of the external VPN gateway to which this VPN tunnel
is connected to.
This flag is required if the tunnel is being created from
a Highly Available VPN gateway to an External Vpn Gateway. _PEER_EXTERNAL_GATEWAY_INTERFACE_ must be one of: *0*, *1*, *2*, *3* |
--peer-gcp-gateway <PEER_GCP_GATEWAY> | Reference to the peer side Highly Available VPN Gateway |
--peer-gcp-gateway-region <PEER_GCP_GATEWAY_REGION> | Region of the VPN Gateway to operate on. Should be the same as region, if not specified, it will be automatically set. Overrides the default *compute/region* property value for this command invocation |
--project <PROJECT_ID> | The Google Cloud Platform project ID to use for this invocation. If
omitted, then the current project is assumed; the current project can
be listed using `gcloud config list --format='text(core.project)'`
and can be set using `gcloud config set project PROJECTID`.
+
`--project` and its fallback `core/project` property play two roles
in the invocation. It specifies the project of the resource to
operate on. It also specifies the project for API enablement check,
quota, and billing. To specify a different project for quota and
billing, use `--billing-project` or `billing/quota_project` property |
--quiet | Disable all interactive prompts when running gcloud commands. If input
is required, defaults will be used, or an error will be raised.
Overrides the default core/disable_prompts property value for this
command invocation. This is equivalent to setting the environment
variable `CLOUDSDK_CORE_DISABLE_PROMPTS` to 1 |
--region <REGION> | Region of the VPN Tunnel to create. If not specified, you may be prompted to select a region.
+
To avoid prompting when this flag is omitted, you can set the
``compute/region'' property:
+
$ gcloud config set compute/region REGION
+
A list of regions can be fetched by running:
+
$ gcloud compute regions list
+
To unset the property, run:
+
$ gcloud config unset compute/region
+
Alternatively, the region can be stored in the environment
variable ``CLOUDSDK_COMPUTE_REGION'' |
--remote-traffic-selector <CIDR> | Traffic selector is an agreement between IKE peers to permit traffic
through a tunnel if the traffic matches a specified pair of local and
remote addresses.
+
--remote-traffic-selector allows to configure the remote addresses that
are permitted. The value should be a comma separated list of CIDR
formatted strings. Example: 192.168.0.0/16,10.0.0.0/24.
+
Remote traffic selector must be specified for VPN tunnels that do
not use dynamic routing with a Cloud Router. Omit this flag when
creating a tunnel using dynamic routing, including a tunnel for a
Highly Available VPN gateway |
--router <ROUTER> | The Router to use for dynamic routing |
--router-region <ROUTER_REGION> | Region of the router to operate on. If not specified, you may be prompted to select a region.
+
To avoid prompting when this flag is omitted, you can set the
``compute/region'' property:
+
$ gcloud config set compute/region REGION
+
A list of regions can be fetched by running:
+
$ gcloud compute regions list
+
To unset the property, run:
+
$ gcloud config unset compute/region
+
Alternatively, the region can be stored in the environment
variable ``CLOUDSDK_COMPUTE_REGION'' |
--shared-secret <SHARED_SECRET> | Shared secret consisting of printable characters. Valid
arguments match the regular expression [ -~]+ |
--target-vpn-gateway <TARGET_VPN_GATEWAY> | A reference to a Cloud VPN Classic Target VPN Gateway |
--target-vpn-gateway-region <TARGET_VPN_GATEWAY_REGION> | Region of the Target VPN Gateway to operate on. Should be the same as region, if not specified, it will be automatically set. Overrides the default *compute/region* property value for this command invocation |
--trace-token <TRACE_TOKEN> | Token used to route traces of service requests for investigation of issues. Overrides the default *core/trace_token* property value for this command invocation |
--user-output-enabled | Print user intended output to the console. Overrides the default *core/user_output_enabled* property value for this command invocation. Use *--no-user-output-enabled* to disable |
--verbosity <VERBOSITY> | Override the default verbosity for this command. Overrides the default *core/verbosity* property value for this command invocation. _VERBOSITY_ must be one of: *debug*, *info*, *warning*, *error*, *critical*, *none* |
--vpn-gateway <VPN_GATEWAY> | Reference to a Highly Available VPN Gateway |
--vpn-gateway-region <VPN_GATEWAY_REGION> | Region of the VPN Gateway to operate on. Should be the same as region, if not specified, it will be automatically set. Overrides the default *compute/region* property value for this command invocation |