This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Classic VPN Traffic selector with Public IP

Posted on 09-29-2023 08:18 AM
Govanni
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

In my setup I have a Classic VPN where I need to configure the remote IP range as a public IP (A.A.A.A) and the local IP range as a Public IP (B.B.B.B). Creating this VPN works like a charm, but then the routing seems to give me some issues.

That public IP on the local side is not part of my local GCP network, which has a 10.x.x.x range. So I can create a route to direct all that traffic to a particular instance, which still works.

But then I don't seem to get packets back into that VPN tunnel. Packets which are created with in the VM have a src IP A.A.A.A and dst IP B.B.B.B, and eventhough I created a route with destination B.B.B.B to the VPN, that packet is not getting through. It seems as if the packet is going to the default gateway directly to the internet instead. 

Anyone any idea how I can make sure the packets whith a src as public ip still are routed the way I want, through the VPN tunnel?

Appreciate any feedback!

1 2 667
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
VannGuce
Staff
Reply posted on --/--/---- --:-- AM

Hi,

Can you answer the following questions below in order for the community to dig deeper in this concern.


Is there any documentation that you are following? If yes, please share it with us.
Do a ping test and share the result, especially the error message.
Perform a connectivity test, you can use this link[1] as a guidance.
What routing option are you using?

Regarding GCP,s Classic VPN there are three kinds of Classic VPN that you use depending on your goal. There is a connection to a remote[2] site, dynamic routing[3] and static routing[4]. You can choose any of these documentation shares that will best fit in your need.

[1]https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/how-to/running-connecti...
[2]https://cloud.google.com/network-connectivity/docs/vpn/tutorials/configure-vpn-between-onprem-cloud
[3]https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-vpn-dynamic-routes
[4]https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-static-vpns

Posted on --/--/---- --:-- AM
Govanni
Bronze 1
Bronze 1
In response to VannGuce
Reply posted on --/--/---- --:-- AM

Hi, Thanks for your reply.

First to answer your questions:

- It's hard to pinpoint any specific documentation which I've followed, as there were many that led me to the situation I am right now.
- I'm using Policy based routing
- Ping now works, see below what changed

Your document [2] however is like basically what I tried for the last couple of days.
The only thing that allowed me to pass data back through my tunnel for now, was to 'REMOVE' the assignment of the Public Ip to my VM instance. 
So the public ip is reserved, but not assigned to any instance... which doens't make scense to me. Assigning the public IP back to the instance, breaks my tunnel immediatelly.  Any ideas what I am missing?

 

0 Likes
Top Labels in this Space
Top Solution Authors
View all