3

Environment: Google Cloud w/ GSuite Requirement: Users on Windows/Linux/Android/iOS need to be able to VPN into VPC of a Google Project. Ideally integrate with the user accounts in GSuite (Cloud Identity)

GCloud: "Cloud VPN only supports site-to-site IPsec VPN connectivity, subject to the requirements listed in this section. It does not support client-to-gateway (road warrior) scenarios. In other words, Cloud VPN doesn't support use cases where client computers need to "dial in" to a VPN using client VPN software."

https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview#vpn-types

Therefore Cloud VPN does NOT appear to be a valid option.

Other Hyperscalers appear to address this need, but not Google.

Azure: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.azurevpnclient AWS: https://aws.amazon.com/vpn/client-vpn-download/

Frank
  • 361
  • 1
  • 7
NFN_NLN
  • 81
  • 4
  • So how about installing a different VPN software (non-Googlish) on a dedicated GCE instance inside your VPC? Recommendations about choosing the exact solution are out of scope of this site, this is why I am posting this as a comment and not an answer. – kubanczyk Nov 08 '20 at 14:45
  • 1
    Google Market Place seems to push OpenVPN Access. You need an OpenVPN subscription and GSuite Business Plus subscription to integrate via LDAP (if you don't want to manage a local user database as well). It seems cumbersome compared to the other hyperscalers. I just wanted to ensure there wasn't a more elegant solution from Google. – NFN_NLN Nov 09 '20 at 03:45
  • What do you want to connect to? Perhaps the IAP (Identity-Aware-Proxy) is something that you can use? This works for http(s) and ssh. For ssh: maybe use reverse tunnels? – ppuschmann Nov 18 '20 at 17:45
  • Correct, Cloud VPN allows you to connect on-premise networks to your VPC. In order to create a VPN gateway for client (that supports G Suite), you can use a third-party solution, for example [OpenVPN](https://openvpn.net/vpn-server-resources/configuring-google-secure-ldap-with-openvpn-access-server/). If you think this is an option that should be implemented, feel free to follow this documentation: [Report issues and request features with issue trackers](https://cloud.google.com/support/docs/issue-trackers) and submit a **Feature Request**. – Serhii Rohoza Feb 09 '21 at 09:44

0 Answers0