GCP - VPN gateways

gistfile1.txt

gcloud config list project

gcloud compute target-vpn-gateways \
create vpn-1 \
--network vpn-network-1  \
--region us-east1

gcloud compute target-vpn-gateways \
create vpn-2 \
--network vpn-network-2  \
--region europe-west1

# To reserve a Static IP for the vpn-1 gateway, run the following command:
gcloud compute addresses create --region us-east1 vpn-1-static-ip

gcloud compute addresses list

export STATIC_IP_VPN_1=<Enter IP address for vpn-1 here>

To create ESP forwarding for vpn-1, run the following command:

gcloud compute \
forwarding-rules create vpn-1-esp \
--region us-east1  \
--ip-protocol ESP  \
--address $STATIC_IP_VPN_1 \
--target-vpn-gateway vpn-1

The forwarding rules forward traffic arriving on the external IP to the VPN gateway. It connects them together. Create three forwarding rules for the protocols necessary for VPN.

To create UDP500 forwarding for vpn-1, run the following command:

gcloud compute \
forwarding-rules create vpn-1-udp500  \
--region us-east1 \
--ip-protocol UDP \
--ports 500 \
--address $STATIC_IP_VPN_1 \
--target-vpn-gateway vpn-1


In the GCP Console, on the Products & Services menu (), click VPC network > External IP addresses.

At this point, the gateways are connected and communicating. But there is no method to direct traffic from one subnet to the other. You must establish static routes.

Task 7: Create static routes
To create a static route from Network-1 to Network-2, run the following command:
gcloud compute
routes create route1to2
--network vpn-network-1
--next-hop-vpn-tunnel tunnel1to2
--next-hop-vpn-tunnel-region us-east1
--destination-range 10.1.3.0/24

To create a static route from Network-2 to Network-1, run the following command:
gcloud compute
routes create route2to1
--network vpn-network-2
--next-hop-vpn-tunnel tunnel2to1
--next-hop-vpn-tunnel-region europe-west1
--destination-range 10.5.4.0/24

You set up virtual private networking (VPN) between two subnets in different regions.