How to Configure VPN in GCP

Introduction to GCP VPN

Google Cloud VPN (Virtual Private Network) enables secure communication between your on-premises network or another cloud provider’s network and your Google Cloud resources. By encrypting traffic between these environments, GCP VPN ensures secure data transmission over the public internet.

GCP offers two types of VPN: Classic VPN and HA VPN (Highly Available VPN). Each type caters to different use cases, providing flexibility for organizations to choose the solution that best fits their needs.

Types of VPN in Google Cloud Platform

Google Cloud supports two primary types of VPNs, each designed for specific use cases:

1. Classic VPN

Classic VPN is a simpler VPN solution that supports policy-based routing. It uses a single tunnel and is ideal for smaller, less complex networking scenarios.

• Routing: Policy-based
• Redundancy: No high availability
• Use Case: Smaller networks with limited connectivity requirements

2. High-Availability (HA) VPN

HA VPN is designed for high availability and reliability. It uses multiple tunnels with dynamic routing (BGP) and provides better redundancy.

• Routing: Dynamic (BGP)
• Redundancy: Supports multiple tunnels for failover
• Use Case: Enterprise-level networks requiring maximum uptime

Prerequisites

Before setting up a VPN in GCP, ensure the following:

1. 1. Google Cloud Project: A project created in GCP.
   2. VPC Network: A configured Virtual Private Cloud network.
   3. Subnets: Subnetworks set up in the VPC.
   4. On-Premises Gateway: A compatible VPN gateway in your on-premises environment.
   5. IP Address: Reserve static external IP addresses for the VPN gateway.
   6. Firewall Rules: Proper firewall rules to allow traffic on required ports.

Step 1: VPC Network Setup

To start, you need to configure a Virtual Private Cloud (VPC) network in GCP.

1. Go to the VPC Network section in the Google Cloud Console.
2. Create a new VPC network or use an existing one:
   • Name: Enter a name for the VPC.
   • Mode: Choose Custom for better control over subnets.
3. Add Subnets:
   • Assign an IP range for each subnet based on your requirements.
4. Click Create to finalize the setup.

Step 2: Classic VPN Configuration

Follow these steps to configure a Classic VPN in GCP:

1. Navigate to Hybrid Connectivity → VPN in the GCP Console.
2. Click Create VPN Connection.
3. Choose Classic VPN:
   • Gateway Name: Enter a name for the gateway.
   • Network: Select the appropriate VPC network.
   • Region: Choose the region for the gateway.
   • IP Address: Reserve or select a static external IP.
4. Configure VPN Tunnels:
   • Provide the Peer IP Address of your on-premises VPN gateway.
   • Enter a Shared Secret (used for authentication).
   • Configure routing options (static or dynamic routing).
5. Click Create to establish the connection.

https://linuxcloudservers.com/wp-content/uploads/2024/12/vp.png

Step 3: HA VPN Configuration

For high availability, configure HA VPN with these steps:

1. Go to the VPN section in the Google Cloud Console.
2. Click Create VPN Connection and select HA VPN.

1. Configure the HA VPN Gateway:
   • Name: Enter a name for the gateway.
   • Network: Select your VPC network.
   • Region: Choose a region for the gateway.
   • IP Address: Reserve or select static IPs for the two interfaces.
2. Create Tunnels:
   • Configure two VPN tunnels for redundancy:
     • Interface 0 and Interface 1.
   • Specify the Peer Gateway IP and Shared Secret for each tunnel.
3. Choose routing options:
   • Static routing or BGP (Border Gateway Protocol) for dynamic routing.
4. Click Create to set up the HA VPN connection.

Step 4: Configuring Firewall Rules

To allow traffic through the VPN, set up the necessary firewall rules:

1. Navigate to VPC Network → Firewall in the Google Cloud Console.
2. Click Create Firewall Rule.
3. Configure the rule:
   • Name: Provide a descriptive name.
   • Target Tags: Specify tags to apply the rule to specific instances.
   • Source Ranges: Enter the IP ranges of your on-premises network.
   • Protocols and Ports: Allow the required protocols (e.g., TCP, UDP, ICMP).
4. Click Create to apply the rule.

Step 5: Testing the VPN Connection

Verify the VPN tunnel status in the GCP console and ensure BGP routes are correctly advertised.

• Ping Test:
  • SSH into a VM instance in your VPC.
  • Ping a resource in your on-premises network to verify connectivity.
  bash

  ping <on-premises-resource-ip>

• Data Transfer Test:
  • Transfer data between the two environments to check performance and reliability.
• Monitor Logs:
  • Use Cloud Logging to review VPN logs and identify potential issues.
  • Navigate to Logging → Logs Explorer and filter by VPN-related logs.

Conclusion

Google Cloud VPN is a powerful tool for securely connecting on-premises networks with Google Cloud environments. By choosing the appropriate VPN type (Classic or HA VPN) and following the configuration steps, you can ensure secure and reliable connectivity for your workloads. Regular monitoring and testing will help maintain optimal performance and availability.

To learn more about GCP VPN, visit the GCP VPN Documentation.