I've installed Strongswan on 2 Google Debian instances in separate projects (actually separate accounts) so there's no route between them on the internal ip's. Ultimately I need to allow VPN connection from outside the Google cloud. I'm pretty much there but can't get a ping to work, and I'm thinking it's due to a route/gateway problem as GC only has a single eth interface which has the internal ip assigned to it.
How do I set up the routing for this? And anything else that may help.
Each VPC network belongs to and is contained entirely in a GCP Project. Hence your projects have different networks.
Only VMs in the same network can communicate using their Internal IP address. VMs that are not in the same network must communicate using their External IP addresses even though they are in the same region.
The External IP address is unknown to the OS so you cannot see it bound to the OS network interface. Instead, the External IP address is mapped (via NAT) to the VM's Internal address transparently by VPC.
To connect two VPC networks you can use:
VPC Peering allows to establish a peering relationship between two VPCs so that they can exchange traffic.
Shared VPC can share a network or individual subnets, with other GCP projects; and it can use IAM to control who can interact with what.
For routing you may rely on Cloud Router. It lets other networks connected via VPN over the Internet and your Google VPC exchange route information using BGP protocol.
