Table: gcp_compute_vpn_tunnel - Query GCP Compute VPN Tunnels using SQL
Google Cloud Platform's VPN Tunnels are part of the Compute service, providing secure encrypted connections between your network and your cloud network. They are used to securely extend your private network into your Google Cloud Virtual Private Cloud network through an IPsec VPN connection. They provide an essential layer of security for your data.
Table Usage Guide
The gcp_compute_vpn_tunnel table provides insights into VPN tunnels within Google Cloud Platform's Compute service. As a network engineer, explore tunnel-specific details through this table, including the associated network, target VPN gateway, and routing configuration. Utilize it to uncover information about tunnels, such as their statuses, the IKE versions used, and the shared secrets for the tunnels.
Examples
VPN tunnel basic info
Explore the basic information about VPN tunnels to understand their configuration and security settings. This can be useful for network administrators to assess and manage the VPN infrastructure within their organization.
select name, id, peer_ip, shared_secret_hashfrom gcp_compute_vpn_tunnel;select name, id, peer_ip, shared_secret_hashfrom gcp_compute_vpn_tunnel;Get VPN gateway peer details
Determine the areas in which you can gain insights into the details of your VPN gateway peers. This can be beneficial in understanding the configuration and connectivity of your virtual private network.
select name, peer_ip, vpn_gateway_namefrom gcp_compute_vpn_tunnel;select name, peer_ip, vpn_gateway_namefrom gcp_compute_vpn_tunnel;Traffic selector info of each tunnel
This example helps you identify the traffic selectors for each VPN tunnel in your Google Cloud Platform. It's particularly useful for network administrators seeking to understand how traffic is being directed and managed within their VPN infrastructure.
select name, jsonb_array_elements_text(local_traffic_selector) as local_traffic_selector, jsonb_array_elements_text(remote_traffic_selector) as remote_traffic_selectorfrom gcp_compute_vpn_tunnel;select name, json_each.value as local_traffic_selector, json_each.value as remote_traffic_selectorfrom gcp_compute_vpn_tunnel, json_each(gcp_compute_vpn_tunnel.local_traffic_selector), json_each(gcp_compute_vpn_tunnel.remote_traffic_selector);Schema for gcp_compute_vpn_tunnel
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| creation_timestamp | timestamp with time zone | The creation timestamp of the resource. | |
| description | text | A user-specified, human-readable description of the vpn tunnel. | |
| detailed_status | text | Detailed status message for the VPN tunnel. | |
| id | bigint | The unique identifier for the resource. | |
| ike_version | bigint | Specifies the IKE protocol version to use when establishing the VPN tunnel with the peer VPN gateway. | |
| kind | text | The type of the resource. | |
| local_traffic_selector | jsonb | A list of local traffic selector to use when establishing the VPN tunnel with the peer VPN gateway. The value should be a CIDR formatted string. | |
| location | text | The GCP multi-region, region, or zone in which the resource is located. | |
| name | text | = | A friendly name that identifies the resource. |
| peer_external_gateway | text | The URL of the peer side external VPN gateway to which this VPN tunnel is connected. | |
| peer_external_gateway_interface | bigint | The interface ID of the external VPN gateway to which this VPN tunnel is connected. | |
| peer_gcp_gateway | text | The URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. | |
| peer_ip | inet | Specifies the IP address of the peer VPN gateway. | |
| project | text | The GCP Project in which the resource is located. | |
| region | text | The URL of the region where the VPN tunnel resides. | |
| remote_traffic_selector | jsonb | A list of remote traffic selector to use when establishing the VPN tunnel with the peer VPN gateway. The value should be a CIDR formatted string. | |
| router | text | The URL of the router resource to be used for dynamic routing. | |
| self_link | text | The server-defined URL for the resource. | |
| shared_secret | text | Specifies the shared secret, used to set the secure session between the Cloud VPN gateway and the peer VPN gateway. | |
| shared_secret_hash | text | Specifies the hash of the shared secret. | |
| status | text | !=, = | Specifies the current status of the vpn tunnel. |
| target_vpn_gateway | text | The URL of the Target VPN gateway with which this VPN tunnel is associated. | |
| title | text | Title of the resource. | |
| vpn_gateway | text | !=, = | The URL of the VPN gateway with which this VPN tunnel is associated. |
| vpn_gateway_interface | bigint | The interface ID of the VPN gateway with which this VPN tunnel is associated | |
| vpn_gateway_name | text | The URL of the VPN gateway with which this VPN tunnel is associated. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcpYou can pass the configuration to the command with the --config argument:
steampipe_export_gcp --config '<your_config>' gcp_compute_vpn_tunnel