Can I connect my PC directly to the Google Cloud VPN

About

Asked 3/7, 2020 at 15:17 Answered 3/7, 2020 at 15:29

I run some web services running in Google Compute Engine. I want to secure them and make available only to my coallegues. I don't want to rely on web server security, so my idea was to configure a VPN with Google Cloud Platform.

My question may be silly, because I don't really know how VPN works. Is it possible to create a VPN in Google Cloud and connect to it directly from my laptop? I've tried to use "Hybrid Connectivity VPN" - but it allows only to connect to another VPN. When I make a tunnel, it asks me "Remote peer IP address". I don't have any on-premise VPN in my organization, also I am behind a NAT of my provider.

I know that that it could be possible in principle - once I've connected to VPN of my previous job. I've just used build-in Windows function "Add a VPN connection", inputed IP of the server and the secret. After that I could connect to the servers that were inside the corporate network.

Can I configure Google Cloud VPN to work in similar way?

Lusatian answered 3/7, 2020 at 15:17 Comment(0)

Client-to-gateway(road warrior) setup is not supported by CloudVPN. For client-to-gateway scenarios, you can install and configure an IPSec VPN software, like Strongswan on a GCE VM and configure it for remote access. Users can than connect to this VPN server through VPN client and, after a secure tunnel established they can connect to all other VMs which are deployed inside the same network. With this setup, you can also configure NAT gateway and remove the public IP from other VMs. Configuring a NAT gateway is described in this article.

https://serverfault.com/questions/818101/does-gcp-support-p2s

Bricker answered 3/7, 2020 at 15:29 Comment(9)

Trying to do this same thing for a very different reason. This is actually still very possible by creating a in house vpn (easy to do on windows server) on a different machine within your local net. You may want to do this if you are trying to do the same thing on behalf of an institution or are an institutions admin who has access to these kind of resources, you may see better RTT times if you do it this way. This comment is a much better approach though for pretty much any personal use. – Hypo 25/11, 2020 at 22:8

Am I the only one who is astonished that Google CloudVPN does not support client-to-gateway road warrior configuration? I mean this is how the a large chunk of the world does business in the post-COVID office-less world. – Algorithm 21/1, 2021 at 15:27

@Algorithm - CloudVPN is site-to-site. None of the enterprise cloud routers in AWS or Azure support client-to-site either. So, no this is not surprising. Client-to-site is implemented with a different type of router/gateway. – Chattel 8/10, 2021 at 19:49

@JohnHanley, Azure Point-to-Site VPN creates a point to side connection. learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about – Bricker 10/10, 2021 at 16:16

@Bricker - You got me on that one. The equivalent for Google Cloud would be to launch OpenVPN and connect using OpenVPN clients. That would duplicate Microsoft's Point-to-Site VPN (most features). However, Microsoft's product relies upon Active Directory, which poses challenges to the non-Microsoft world. Because of authentication requirements, most enterprise-class customers deploy their own solutions. – Chattel 10/10, 2021 at 16:35

@JohnHanley, with Azure Point-to-Site VPN, you can use Azure certificate authentication without using Azure AD. learn.microsoft.com/en-us/azure/vpn-gateway/… – Bricker 10/10, 2021 at 16:56

@John Hanley We ended up setting up StrongSwan/Charon VPN on one of our Linux VMs to create a road-warrior. It was a giant headache to get this working across Windows, MacOS, and Linux clients with all their idiosyncratic certificate requirements. And AWS and Azure should support this too-- the fact that they don't simply means they're all complicit in this stupidity. – Algorithm 14/10, 2021 at 11:37

@Algorithm - It means that there are not enough customers who want to pay for this feature/service. Not one of my customers use point-to-site. All use site-to-site VPNs. – Chattel 14/10, 2021 at 14:25

@JohnHanley: Anyone who has hyperscaler console access is a paying customer, or soon will be. No way to know if your customers are relevant here, maybe they already have their own road warrior VPNs. In that case, they won't be asking for this kind of functionality because all the networks (including cloud via site-to-site) are transparently accessible this way. – Lamarre 25/1, 2023 at 22:34

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags