Skip to main content
Version: 1.0.0

VPN Tunnel Route

VPN Tunnel Routes define routing rules for traffic flowing through VPN tunnels in Aruba Cloud. These routes control how network traffic is directed between your on-premises network and your VPC via a VPN tunnel by specifying cloud subnet and on-premises subnet CIDRs.

Commands

List VPN Tunnel Routes

List all routes for a specific VPN tunnel.

acloud network vpnroute list <vpn-tunnel-id> [flags]

Arguments:

  • vpn-tunnel-id - The ID of the VPN tunnel

Flags:

  • --project-id string - Project ID (uses context if not specified)

Example:

acloud network vpnroute list 1234567890abcdef

Output:

NAME            ID                        CLOUD SUBNET      ONPREM SUBNET     STATUS
route-1 1234567890abcdef123456 10.0.1.0/24 192.168.1.0/24 Active
route-2 1234567890abcdef123457 10.0.2.0/24 192.168.2.0/24 Active

Get VPN Tunnel Route Details

Get detailed information about a specific VPN tunnel route.

acloud network vpnroute get <vpn-tunnel-id> <route-id> [flags]

Arguments:

  • vpn-tunnel-id - The ID of the VPN tunnel
  • route-id - The ID of the route (supports auto-completion)

Flags:

  • --project-id string - Project ID (uses context if not specified)

Example:

acloud network vpnroute get 1234567890abcdef 1234567890abcdef123456

Output:

VPN Route Details:
==================
ID: 1234567890abcdef123456
URI: /projects/.../vpnroutes/1234567890abcdef123456
Name: route-1
Region: ITBG-Bergamo
Cloud Subnet: 10.0.1.0/24
OnPrem Subnet: 192.168.1.0/24
Creation Date: 06-08-2025 07:44:52
Created By: aru-297647
Tags: [vpn,route,production]
Status: Active

Create VPN Tunnel Route

Create a new route for a VPN tunnel.

acloud network vpnroute create <vpn-tunnel-id> [flags]

Required Flags:

  • --name string - VPN Route name
  • --region string - Region code (e.g., ITBG-Bergamo)
  • --cloud-subnet string - CIDR of the cloud subnet
  • --onprem-subnet string - CIDR of the on-prem subnet

Optional Flags:

  • --tags strings - Tags for the VPN route (comma-separated)
  • --project-id string - Project ID (uses context if not specified)
  • -v, --verbose - Show detailed debug information

Examples:

# Create a basic VPN route
acloud network vpnroute create 1234567890abcdef \
--name "route-1" \
--region ITBG-Bergamo \
--cloud-subnet "10.0.1.0/24" \
--onprem-subnet "192.168.1.0/24"

# Create VPN route with tags
acloud network vpnroute create 1234567890abcdef \
--name "production-route" \
--region ITBG-Bergamo \
--cloud-subnet "10.0.2.0/24" \
--onprem-subnet "192.168.2.0/24" \
--tags "vpn,production,network"

Output:

NAME            ID                        CLOUD SUBNET      ONPREM SUBNET     STATUS
route-1 1234567890abcdef123456 10.0.1.0/24 192.168.1.0/24 Active

Notes:

  • The VPN route will be in InCreation state initially
  • Use acloud network vpnroute get to check when it becomes Active

Update VPN Tunnel Route

Update an existing VPN tunnel route's properties.

acloud network vpnroute update <vpn-tunnel-id> <route-id> [flags]

Arguments:

  • vpn-tunnel-id - The ID of the VPN tunnel
  • route-id - The ID of the route (supports auto-completion)

Flags:

  • --name string - New name for the VPN route
  • --tags strings - New tags for the VPN route (comma-separated)
  • --cloud-subnet string - CIDR of the cloud subnet
  • --onprem-subnet string - CIDR of the on-prem subnet
  • --project-id string - Project ID (uses context if not specified)

Note: At least one field must be provided for update.

Examples:

# Update VPN route name
acloud network vpnroute update 1234567890abcdef 1234567890abcdef123456 \
--name "updated-route-1"

# Update cloud subnet
acloud network vpnroute update 1234567890abcdef 1234567890abcdef123456 \
--cloud-subnet "10.0.3.0/24"

# Update multiple fields
acloud network vpnroute update 1234567890abcdef 1234567890abcdef123456 \
--name "production-route" \
--cloud-subnet "10.0.2.0/24" \
--onprem-subnet "192.168.2.0/24" \
--tags "vpn,production,updated"

Output:

NAME            ID                        CLOUD SUBNET      ONPREM SUBNET     STATUS
production-route 1234567890abcdef123456 10.0.2.0/24 192.168.2.0/24 Active

Restrictions:

  • Cannot update VPN routes in InCreation state
  • Wait for the VPN route to reach Active state before updating

Delete VPN Tunnel Route

Delete a VPN tunnel route.

acloud network vpnroute delete <vpn-tunnel-id> <route-id> [flags]

Arguments:

  • vpn-tunnel-id - The ID of the VPN tunnel
  • route-id - The ID of the route (supports auto-completion)

Flags:

  • --project-id string - Project ID (uses context if not specified)
  • -y, --yes - Skip confirmation prompt

Examples:

# Delete with confirmation prompt
acloud network vpnroute delete 1234567890abcdef 1234567890abcdef123456

# Delete without confirmation
acloud network vpnroute delete 1234567890abcdef 1234567890abcdef123456 --yes

Confirmation Prompt:

Are you sure you want to delete VPN route 1234567890abcdef123456? This action cannot be undone.
Type 'yes' to confirm: yes

Output:

ID                              STATUS
1234567890abcdef123456 deleted

Notes:

  • Deletion cannot be undone
  • Ensure the VPN tunnel is not dependent on the route before deletion

Shell Auto-completion

VPN Route commands support hierarchical auto-completion: the first TAB completes VPN tunnel IDs, the second completes route IDs scoped to the selected tunnel.

# First argument — shows available VPN tunnel IDs
acloud network vpnroute create <TAB>
acloud network vpnroute list <TAB>
acloud network vpnroute get <TAB>

# Second argument — shows route IDs for the given VPN tunnel
acloud network vpnroute get <vpn-tunnel-id> <TAB>
acloud network vpnroute update <vpn-tunnel-id> <TAB>
acloud network vpnroute delete <vpn-tunnel-id> <TAB>

Auto-completion shows route IDs with their names:

1234567890abcdef123456    route-1
1234567890abcdef123457 route-2

The create and list commands only complete the first argument (VPN tunnel ID).

VPN Route Properties

Cloud Subnet

The cloud subnet CIDR represents the network range in your VPC that should be accessible through the VPN tunnel.

Examples:

  • 10.0.1.0/24 - Specific subnet in VPC
  • 10.0.0.0/16 - Entire VPC network range

On-Premises Subnet

The on-premises subnet CIDR represents the network range in your on-premises infrastructure that should be accessible through the VPN tunnel.

Examples:

  • 192.168.1.0/24 - Specific on-premises subnet
  • 192.168.0.0/16 - Entire on-premises network range

VPN Route States

VPN routes can be in the following states:

StateDescriptionCan Update?Can Delete?
InCreationVPN route is being created❌ No❌ No
ActiveVPN route is ready to use✅ Yes✅ Yes

Common Workflows

Setting Up VPN Routes

# 1. Create VPN tunnel (if not exists)
VPN_TUNNEL_ID=$(acloud network vpntunnel create \
--name "prod-vpn-tunnel" \
--region ITBG-Bergamo | grep "ID:" | awk '{print $2}')

# 2. Wait for tunnel to be Active
while true; do
STATUS=$(acloud network vpntunnel get $VPN_TUNNEL_ID | grep "Status:" | awk '{print $2}')
if [ "$STATUS" = "Active" ]; then
break
fi
echo "Waiting for VPN tunnel to become Active... (current: $STATUS)"
sleep 5
done

# 3. Create routes for different subnets
acloud network vpnroute create $VPN_TUNNEL_ID \
--name "vpc-subnet-1" \
--region ITBG-Bergamo \
--cloud-subnet "10.0.1.0/24" \
--onprem-subnet "192.168.1.0/24"

acloud network vpnroute create $VPN_TUNNEL_ID \
--name "vpc-subnet-2" \
--region ITBG-Bergamo \
--cloud-subnet "10.0.2.0/24" \
--onprem-subnet "192.168.2.0/24"

# 4. List all routes
acloud network vpnroute list $VPN_TUNNEL_ID

Updating VPN Routes

VPN_TUNNEL_ID="1234567890abcdef"
ROUTE_ID="1234567890abcdef123456"

# Update cloud subnet
acloud network vpnroute update $VPN_TUNNEL_ID $ROUTE_ID \
--cloud-subnet "10.0.3.0/24"

# Update on-premises subnet
acloud network vpnroute update $VPN_TUNNEL_ID $ROUTE_ID \
--onprem-subnet "192.168.3.0/24"

# Update name and tags
acloud network vpnroute update $VPN_TUNNEL_ID $ROUTE_ID \
--name "updated-route" \
--tags "vpn,production,updated"

Best Practices

  1. Use Descriptive Names

    --name "vpc-subnet-1-to-onprem"
    --name "production-vpn-route"
  2. Tag Your Routes

    --tags "vpn,production,network"
    --tags "vpn,development,test"
  3. Plan Subnet Mappings

    • Ensure cloud and on-premises subnets don't overlap
    • Use clear naming conventions for route identification
  4. Wait for Active State

    # Check status before updating
    acloud network vpnroute get <vpn-tunnel-id> <route-id>
    # Ensure Status is "Active"
    acloud network vpnroute update <vpn-tunnel-id> <route-id> --name "new-name"

Troubleshooting

"Cannot update VPN route while in InCreation state"

Problem: Trying to update a VPN route that hasn't finished creating.

Solution:

# Check current status
acloud network vpnroute get <vpn-tunnel-id> <route-id>

# Wait for Status to become "Active"
# Then retry the update
acloud network vpnroute update <vpn-tunnel-id> <route-id> --name "new-name"

"Error: at least one field must be provided for update"

Problem: Update command called without any changes.

Solution:

# Provide at least one field to update
acloud network vpnroute update <vpn-tunnel-id> <route-id> --name "new-name"
# or
acloud network vpnroute update <vpn-tunnel-id> <route-id> --tags tag1,tag2