-
-
Save VladimirCores/166c11c45c6281af3eff6a23e02f8ca9 to your computer and use it in GitHub Desktop.
| gcloud config list project | |
| gcloud compute target-vpn-gateways \ | |
| create vpn-1 \ | |
| --network vpn-network-1 \ | |
| --region us-east1 | |
| gcloud compute target-vpn-gateways \ | |
| create vpn-2 \ | |
| --network vpn-network-2 \ | |
| --region europe-west1 | |
| # To reserve a Static IP for the vpn-1 gateway, run the following command: | |
| gcloud compute addresses create --region us-east1 vpn-1-static-ip | |
| gcloud compute addresses list | |
| export STATIC_IP_VPN_1=<Enter IP address for vpn-1 here> | |
| To create ESP forwarding for vpn-1, run the following command: | |
| gcloud compute \ | |
| forwarding-rules create vpn-1-esp \ | |
| --region us-east1 \ | |
| --ip-protocol ESP \ | |
| --address $STATIC_IP_VPN_1 \ | |
| --target-vpn-gateway vpn-1 | |
| The forwarding rules forward traffic arriving on the external IP to the VPN gateway. It connects them together. Create three forwarding rules for the protocols necessary for VPN. | |
| To create UDP500 forwarding for vpn-1, run the following command: | |
| gcloud compute \ | |
| forwarding-rules create vpn-1-udp500 \ | |
| --region us-east1 \ | |
| --ip-protocol UDP \ | |
| --ports 500 \ | |
| --address $STATIC_IP_VPN_1 \ | |
| --target-vpn-gateway vpn-1 | |
| In the GCP Console, on the Products & Services menu (), click VPC network > External IP addresses. |
Create the tunnels between the VPN gateways. After the tunnels exist, create a static route to enable traffic to be forwarded into the tunnel. If this is successful, you can ping a local VM in one location on its internal IP from a VM in a different location.
To create the tunnel for traffic from Network-1 to Network-2, run the following command:
gcloud compute
vpn-tunnels create tunnel1to2
--peer-address $STATIC_IP_VPN_2
--region us-east1
--ike-version 2
--shared-secret gcprocks
--target-vpn-gateway vpn-1
--local-traffic-selector 0.0.0.0/0
--remote-traffic-selector 0.0.0.0/0
To create the tunnel for traffic from Network-2 to Network-1, run the following command:
(COPY FROM EDIT)
gcloud compute
vpn-tunnels create tunnel2to1
--peer-address $STATIC_IP_VPN_1
--region europe-west1
--ike-version 2
--shared-secret gcprocks
--target-vpn-gateway vpn-2
--local-traffic-selector 0.0.0.0/0
--remote-traffic-selector 0.0.0.0/0
To verify that the tunnels are created, run the following command:
gcloud compute vpn-tunnels list
At this point, the gateways are connected and communicating. But there is no method to direct traffic from one subnet to the other. You must establish static routes.
Task 7: Create static routes
To create a static route from Network-1 to Network-2, run the following command:
gcloud compute
routes create route1to2
--network vpn-network-1
--next-hop-vpn-tunnel tunnel1to2
--next-hop-vpn-tunnel-region us-east1
--destination-range 10.1.3.0/24
To create a static route from Network-2 to Network-1, run the following command:
gcloud compute
routes create route2to1
--network vpn-network-2
--next-hop-vpn-tunnel tunnel2to1
--next-hop-vpn-tunnel-region europe-west1
--destination-range 10.5.4.0/24
You set up virtual private networking (VPN) between two subnets in different regions.
gcloud compute target-vpn-gateways list