-1

I've a question, is possible establishing multi vpns tunnels with compute engine? I´m tried to mount several site-to-site VPNs tunnels between my instance on Google compute engine with external servers, i follow the steps in https://developers.google.com/compute/docs/networking#settingupvpn and i be able to connect my server on compute engine with other server on compute engine too, but i can not make a different tunnel with another server in a different port instead 4500, i use StrongSwan 4.5.2. please any help will be appreciated.

My ipsec.conf left and right side:

Leftside:

config setup
      nat-transversal=yes

conn myconn
    authby=psk
    auto=start
    esp=aes128-sha1!
    ike=aes128-sha1-modp1024!
    keyexchange=ikev2
    type=tunnel
    left=%any
    leftid=199.xxx.xxx.xxx
    leftsubnet=10.120.0.0/16
    leftauth=psk
    leftikeport=4500
    right=201.xxx.xxx.xxx
    rightsubnet=192.168.0.0/16
    rightauth=psk
    rightikeport=4500

right side:

config setup
    nat-transversal=yes

conn myconn
    authby=psk
    auto=start
    esp=aes128-sha1!
    ike=aes128-sha1-modp1024!
    keyexchange=ikev2
    type=tunnel
    left=%any
    leftid=201.xxx.xxx.xxx
    leftsubnet=192.168.0.0/16
    leftauth=psk
    leftikeport=4500
    right=199.xxx.xxx.xxx
    rightsubnet=10.120.0.0/16
    rightauth=psk
    rightikeport=4500

I want to make another connection with similar parameters but another right side public IP and another port, i include something like that in the ipsec.conf but the connection stays in sending initial packages.

John Saunders
  • 160,644
  • 26
  • 247
  • 397
dfbarretob
  • 1

1 Answers1

0

Did you make sure to open the firewall for the second VPN connection as described in step 6 of the documentation?

$ gcutil --project=myproject addfirewall allow-ipsec-nat --allowed_ip_sources <public-ip-of-your-local-vpn-gateway-machine>/32 \
         --allowed 'udp:4500' --network gce-network --target_tags vpn

since you state that you are not able to use another port than 4500, it sounds a lot like the according firwallrule is missing. Simply change the --allowed 'udp:4500' to the port you want to use.

Astrale Lichtgestalt
  • 1
  • Thanks for your suggestion, Yes i do, i open some ports and with differents protocols (e.g. udp:20000, tcp:15000) with the same source public ip that i use in the vpn in port 4500 (this vpn connection work fine) edit the local .conf file and in the other side server, i configure the strongswan .conf file to point the new port but ..... not work. Thanks again and sorry about my english – dfbarretob Oct 18 '13 at 14:32