Can not establish VPN tunnel while using secondary...

amirkusedghi · 11-06-2023 12:22 AM

Hi all,

I do have a cluster with an auto-subnet VPC using a RFC1918 range as the primary IP range for pods. I have added a secondary IP range for the pods out of RFC1918 as the on-premise network that I want to connect through VPN tunnel has conflict with my primary range. However, even though I use the secondary ip range for the policy-based tunnel, I still receive an error indicating that the primary range has conflict with the target external network. Any idea how I can resolve this?
Thanks in advance!

Marvin_Lucero

Hi @amirkusedghi ,

You should have added the exact error message by attaching the screenshot or pasting it on your question. But it seems to me that you've encountered an IP range conflict issue while setting up a VPN tunnel between your GKE cluster and an on-premise network.

Consider checking the following as it might help you resolve the issue:

a. Are you using a Route-Based VPN?

- You can consider using a route-based VPN instead of policy-based if it fits your requirements. Route-based VPNs are more flexible when it comes to handling overlapping IP ranges.

b. Have you verified the secondary IP range configuration?

- Double-check your secondary IP range configuration in GKE. Make sure that you've correctly configured the secondary IP range for the pods, and it does not overlap with the on-premise network.

c. Have you reviewed your VPN configurations?

- Please review the configuration of your VPN tunnel. Make sure that you have correctly specified the secondary IP range for the GKE pods in the VPN configuration.

I recommend you to check your explorer logs on your console as it will provide the exact error message. From there, we can isolate and pin point the issue.

Can not establish VPN tunnel while using secondary IP range due to conflict of primary range