VPN configuration across the VPCs on GCP
VPN configuration across the VPCs on GCP
03 September 2020
VPC provides global, scalable, and flexible networking functionalities for you to compute resources on Google Cloud Platforms such as Compute Engine VMs, GKE(Google Kubernetes Engine) clusters, and the App Engine flexible environment. On the other hand, VPN provides Hybrid network connectivity between VPCs and on-premises networks.
How to setup VPN Configuration?
Let’s consider an example of two VPC networks here. The configuration of VPN connectivity across the VPCs can be divided into two simple steps:
- Configure a VPN gateway from both the directions for VPCs
- Configure a VPN tunnel from both the directions for VPCs
Configure a VPN gateway from both the directions for VPCs
- Go to VPN – Navigation Menu > Hybrid Connectivity > VPN
- Click Classic VPN (For dynamic and static routing)
- Click Continue.
- Specify the following gateway settings:
- Name – Name your VPN Gateway (Name cannot be changed later)
- Network – Specify one of the existing VPC network
- Region – As Cloud VPN gateways and tunnels are regional objects, please choose the region where the gateway will be located. Resources in different regions can use this tunnel for egress traffic according to routes. ( For best performance results, please create the VPN gateways in the same regions)
- IP address – Choose an regional external IP address. Create another one doesn’t exist (Choosing a static external IP would be a best practice)
Configure a VPN tunnel from both the directions for VPCs
- On the VPN connection page, scroll down and configure the following:
- Name – Name your VPN Tunnel (Name cannot be changed later)
- Remote peer IP address – Enter public IP address of the peer VPN gateway.
- IKE version – Choose the IKE version compatible with peer VPN gateway
- Shared secret – Provide authentication key and share it with your peer. This Shared secret key should match the secret key while configuring the other part of VPN gateway
- For Policy based tunnel (You can refer to the configure route based tunnels for more information)
- Select Policy-based for Routing options.
- For Remote network IP ranges, enter a list of the IP ranges used by the peer network separated by spaces.
- For Local IP ranges, you can use either of options:
- Choose an existing local IP range from Local subnetworks menu
- Enter a list of IP ranges used in your VPC network separated by spaces.
Test if VPN connection is configured correctly
- Log in or SSH into a VM instance from either of VPC networks
- Use “Ping <Internal_IP of other VPC’s VM>” command and ensure that there is zero packet drop