2

Requirements

  1. I am trying to connect to a third party VPN from my back end on Google Cloud Platform.

  2. Since my IP has to be whitelisted by the third party, the source IP for all requests must be a single static IP address.

My plan so far...

Currently I plan to run a Kubernetes service that runs as a "proxy", such that the service is connected to the VPN and the rest of my back end can send requests to the proxy. Requests from my back end to the proxy service should obviously not run via the VPN, but requests from the proxy service to the third party should run on the VPN.

The challenge

I know how to reserve an IP address, but I don't even know where to begin to set up a VPN client.

Any help would be greatly appreciated!

Ismail Khan
  • 125
  • 6

1 Answers1

4

The VPN Interoperability Guides documentation offered by Google is a great place to start exploring the VPN connectivity with third party solutions.

The main idea is to make sure that your networks and subnets from each side of the VPN do not overlap. For instance, if you use 10.0.1.0/24 for your Kubernetes deployment, you cannot have the same 10.0.1.0/24 range on the remote side as well.

Once you have decided on the ranges to you use, you can set up the VPN. You can follow this how-to for more in-depth explanation on the parameters required.

Also make sure you review and modify the corresponding rules in the Firewall in both networks for the traffic to be allowed.

Uwe Keim
  • 2,370
  • 4
  • 29
  • 46
Ioan B
  • 56
  • 2
  • Cheers! Could you elaborate on "_if you use 10.0.1.0/24 for your Kubernetes deployment, you cannot have the same 10.0.1.0/24 range on the remote side as well_". Not sure what this means. Also, the inter-op guides are for Compute Engine. Is it possible to configure at the 'cluster' level, not the VM level? – Ismail Khan Aug 11 '18 at 06:52
  • When you establish a VPN with an external network, it will be done between 2 external IP addresses, but it will connect a local IP address range to a remote end IP address range. In Google Cloud this is created on a Project - Network level, and it is controlled by routes added in the Cloud Router. Avoiding overlapping internal IP address ranges is mandatory for VPN setup. – Ioan B Aug 14 '18 at 12:18
  • It turns out that the client I wish to connect to has reserved all possible private IPs (172.*, 192.*, 10.*), so there exists no internal IP range I can use.... Any way around this? – Ismail Khan Sep 25 '18 at 07:38