0

I'm trying to use nmcli to configure a VPN in a remote machine.

The issue is that networking interfaces are google managed.

I've created a VPN connection with sudo nmcli connection add type vpn vpn-type openvpn ifname test-vpn vpn.data "ca = /home/myuser/ca.vpn.cer, connection-type = password, password-flags = 2, port = 443, proto-tcp = yes, remote = vpn.mycompany.com, username = myuser@company.com"

But when I try echo "vpn.secrets.password:mypass" > pass.txt; sudo nmcli connection up vpn-mangel-vpnt passwd-file pass.txt it raise Error: Connection activation failed: Could not find source connection.

I've tried to change /etc/NetworkManager/NetworkManager.conf to set ifupdown manage to true: enter image description here

And adding those lines in /etc/network/interfaces enter image description here

With that, the VPN connects (Wrong pass fails) but the VPN is not connected to machine network

After many attemps and error, deleting new interfaces that are dynamically created I finally got the vpn connected, and removing folders from run/interfaces I successfully connected to vpn and could check it with a ping. Some minutes later o lost the ssh connection. I've restarted the machine, but if I connect to the VPN lose the ssh connection. And I can't replicate in a new instance.

I don't have much idea about VPNs and Interfaces so could someone guide me in what look for?

enter image description here

Miguel Angel Alvarez Rodriguez
  • 55
  • 2
  • 7
  • Hello, a couple of questions, the GCE instance is where you configured the VPN using nmcli right?, are you using Cloud VPN in the remote site? if not, could you please confirm what kind of device is the remote peer?, currently there is a interoperability guide in GCP to use Cloud VPN with third party VPN tools, one of them is Strongwan, I share the [link] (https://cloud.google.com/community/tutorials/using-cloud-vpn-with-strongswan), I kindly suggest to evaluate this alternative, please let me know – arcabah Nov 02 '21 at 20:21
  • Hi, the VPN we want to connect is an external private VPN that we can connect with a local computer (user, password and CA certificate). We can connect in local using nmcli but same commands in a compute engine instance fails. We are not using Cloud VPN, as we would need admin access in the private VPN so buidl a VPN tunnel is not alternative. But thanks for the alternative. – Miguel Angel Alvarez Rodriguez Nov 04 '21 at 12:01

1 Answers1

0

Google Cloud Virtual Private Cloud (VPC) networks are by default isolated private networking domains. Networks have a global scope and contain regional subnets. VM instances within a VPC network can communicate among themselves using internal IP addresses as long as firewall rules permit. However, no internal IP address communication is allowed between networks, unless you set up mechanisms such as VPC Network Peering or Cloud VPN.

rriovall
  • 406
  • 3
  • 8