Skip to content

Instantly share code, notes, and snippets.

@VladimirCores

VladimirCores/gist:166c11c45c6281af3eff6a23e02f8ca9

Created May 20, 2018 17:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save VladimirCores/166c11c45c6281af3eff6a23e02f8ca9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save VladimirCores/166c11c45c6281af3eff6a23e02f8ca9 to your computer and use it in GitHub Desktop.
Download ZIP
GCP - VPN gateways
Raw
gistfile1.txt
gcloud config list project
gcloud compute target-vpn-gateways \
create vpn-1 \
--network vpn-network-1 \
--region us-east1
gcloud compute target-vpn-gateways \
create vpn-2 \
--network vpn-network-2 \
--region europe-west1
# To reserve a Static IP for the vpn-1 gateway, run the following command:
gcloud compute addresses create --region us-east1 vpn-1-static-ip
gcloud compute addresses list
export STATIC_IP_VPN_1=<Enter IP address for vpn-1 here>
To create ESP forwarding for vpn-1, run the following command:
gcloud compute \
forwarding-rules create vpn-1-esp \
--region us-east1 \
--ip-protocol ESP \
--address $STATIC_IP_VPN_1 \
--target-vpn-gateway vpn-1
The forwarding rules forward traffic arriving on the external IP to the VPN gateway. It connects them together. Create three forwarding rules for the protocols necessary for VPN.
To create UDP500 forwarding for vpn-1, run the following command:
gcloud compute \
forwarding-rules create vpn-1-udp500 \
--region us-east1 \
--ip-protocol UDP \
--ports 500 \
--address $STATIC_IP_VPN_1 \
--target-vpn-gateway vpn-1
In the GCP Console, on the Products & Services menu (), click VPC network > External IP addresses.
@VladimirCores
Copy link
Author

VladimirCores commented May 20, 2018

To verify that the tunnels are created, run the following command:
gcloud compute vpn-tunnels list

@VladimirCores
Copy link
Author

VladimirCores commented May 20, 2018

At this point, the gateways are connected and communicating. But there is no method to direct traffic from one subnet to the other. You must establish static routes.

@VladimirCores
Copy link
Author

VladimirCores commented May 20, 2018

Task 7: Create static routes
To create a static route from Network-1 to Network-2, run the following command:
gcloud compute
routes create route1to2
--network vpn-network-1
--next-hop-vpn-tunnel tunnel1to2
--next-hop-vpn-tunnel-region us-east1
--destination-range 10.1.3.0/24

To create a static route from Network-2 to Network-1, run the following command:
gcloud compute
routes create route2to1
--network vpn-network-2
--next-hop-vpn-tunnel tunnel2to1
--next-hop-vpn-tunnel-region europe-west1
--destination-range 10.5.4.0/24

@VladimirCores
Copy link
Author

VladimirCores commented May 20, 2018

You set up virtual private networking (VPN) between two subnets in different regions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment