# Cloud VPN
resource "google_compute_vpn_gateway" "gw" {
  name    = var.name
  network = var.network_name
  region  = var.region
}

resource "google_compute_address" "vpn_ip" {
  count = var.vpn_external_ip != null ? 0 : 1

  name         = "${var.name}-ip"
  region       = var.region
  address_type = "EXTERNAL"
}

data "google_compute_address" "vpn_ip" {
  count = var.vpn_external_ip != null ? 1 : 0

  name   = var.vpn_external_ip
}

resource "google_compute_forwarding_rule" "gw_fw_esp" {
  name        = "fwd-esp"
  ip_protocol = "ESP"
  ip_address  = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address
  target      = google_compute_vpn_gateway.gw.id
}

resource "google_compute_forwarding_rule" "gw_fw_udp_500" {
  name        = "fwd-udp-500"
  ip_protocol = "UDP"
  ip_address  = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address
  port_range  = "500"
  target      = google_compute_vpn_gateway.gw.id
}

resource "google_compute_forwarding_rule" "gw_fw_udp_4500" {
  name        = "fwd-udp-4500"
  ip_protocol = "UDP"
  ip_address  = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address
  port_range  = "4500"
  target      = google_compute_vpn_gateway.gw.id
}