0

I am quite confused as to how to connect my company's internet with GCP through VPN. My main question is, where do I get my VPN Gateway?

I am not an admin, so what tasks would require admin permissions?

Does anyone know what prerequisites I must complete before being able to set up this VPN?

DUDANF
  • 2,618
  • 1
  • 12
  • 42
  • 1
    Setting up and installing a VPN for Google Cloud requires advanced networking experience. VPNs are an art all to themselves. Google requires site-to-site network routing. You can purchase a VPN device anywhere, but you must select a device that is supported by Google Cloud. Start by using a product such as OpenVPN which is software based and is available for free in Google Cloud Marketplace. OpenVPN is point-to-site but will help you get some experience with VPNs. – John Hanley Nov 04 '19 at 14:50
  • But the entire purpose of using a VPN is to connect my on-prem with GCP. I don't think OpenVPN would let me accomplish that? Also, isn't GCP software based? I'm assuming any hardware will be handled on there end, and I simply need to authenticate the service with our on-prem router? Though I'm uncertain and may very well be incorrect. – DUDANF Nov 04 '19 at 15:07
  • I did read your comment. What I meant was that from my pov, I have to set up two tunnels, which connect into the cloud router, and VPN gateway in GCP. So even though it is like flying a plane, GCP handles the heavy lifting, and I simply give "attach" it to my on-prem. Anyway, from your comments this seems like a task i shouldn't attempt with my level of experience. – DUDANF Nov 04 '19 at 15:26
  • 1
    GCP does not handle anything for you. Selecting and configuring the router is your responsibility and there are a number of configuration options, a number of routing options, etc. As I mentioned, this requires advanced networking skills for VPNs and Google Cloud networking. If terms like pre-shared keys, IKE, BGP, ASN, IPsec, AES, SA, PFS, etc are foreign to you, you cannot configure a site-to-site VPN in Google Cloud even with a written cookbook. – John Hanley Nov 04 '19 at 15:35
  • 1
    Here is a link to a Google Cloud supported device. Read thru this: https://cloud.google.com/files/CloudVPNGuide-UsingCloudVPNwithFortinetFortiGate300C.pdf – John Hanley Nov 04 '19 at 15:41
  • 1
    This link is for debugging: https://cloud.google.com/vpn/docs/support/troubleshooting – John Hanley Nov 04 '19 at 15:41
  • Just for the sake of my knowledge, GCP sets up a Cloud Router when setting up a VPN. I'm assuming the task is to connect that "cloud router" to an on-prem router (like the one you posted in the comments) am I correct? – DUDANF Nov 04 '19 at 15:44
  • 1
    I prefer to use Cisco equipment as I know them well. Google publishes a list of guides to help with VPN hardware selection: https://cloud.google.com/vpn/docs/how-to/interop-guides – John Hanley Nov 04 '19 at 15:44
  • Thank you for providing me with so much detail. Much obliged! – DUDANF Nov 04 '19 at 15:45
  • If you are purchasing hardware, try to select a local company. They will often add configuration and setup as part of the package at very little cost. – John Hanley Nov 04 '19 at 15:47

0 Answers0