Hi fmugambi,

Welcome to Google Cloud Community!

To begin with, Google Cloud offers two types of Cloud VPN Gateway:

• HA VPN - HA VPN is a high-availability (HA) Cloud VPN solution that lets you securely connect your on-premises network to your VPC network through an IPsec VPN connection. Based on the topology and configuration, HA VPN can provide an SLA of 99.99% or 99.9% service availability.
  
  
• Classic VPN - Classic VPN gateways have a single interface, a single external IP address, and support tunnels that use static routing (policy based or route based). You can also configure dynamic routing (BGP) for Classic VPN, but only for tunnels that connect to third-party VPN gateway software running on Google Cloud VM instances.

For a production environment where uptime, reliability, and security are critical, HA VPN is generally the best choice. It provides redundancy, automatic failover, and better scalability, ensuring your connection to the on-premises client remains stable and resilient.

Regarding with your query, VPN gateway tunnel is specific to a VPC region, when you create a VPN tunnel, you choose the region where the VPN gateway will be located, and this directly impacts which VPC network within that region the tunnel can access; essentially, traffic will be routed through the VPN gateway in the selected region to reach the intended network.

For further reference, please see below documentations:

• HA VPN topologies
• Order of routes
• Network and tunnel routing
• Best Practices of Cloud VPN

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help