This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

HA VPN over the Internet?

Posted on 08-23-2023 02:09 AM
Thomasaw
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi,

I have a trouble to build and connect between GCP and another cloud site.

[GCP]
 Cloud Router ---(BGP)--- HA VPN ---(Endpoint: Global IP)--- Internet
[Another Cloud]
 Internet --- VyOS(VPN/BGP)
*Not describing servers this time.

From VyOS, can ping to the endpoint ip on GCP.
Checking IKE and other vpn parameters, but at the same time, I think it has a trouble on network.
Actually, I could not find any good documents that illustrates a structure over the Internet.

Does anybody have tried a structure like that or have any ideas?

best regards,

Solved Solved
3 4 689
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
nestors
Staff
Reply posted on --/--/---- --:-- AM

VPC Firewall rules are of no use here, VPN is established using external IP address on both sides.

If you get "peer not responding" either there's a mismatch on the configuration regarding external IPs (in GCP or the other cloud) or you have incorrect parameters / secrets on the IKE parameters.

 

View solution in original post

Jump to Solution
4 REPLIES 4

Posted on --/--/---- --:-- AM
nestors
Staff
Reply posted on --/--/---- --:-- AM

Hi, 

you can check in https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies for different diagrams using VPN HA.

Jump to Solution

Posted on --/--/---- --:-- AM
Thomasaw
Bronze 5
Bronze 5
In response to nestors
Reply posted on --/--/---- --:-- AM

Hi, @nestors 

Thank you for giving me a document, from that, my structure seems to be good.
But I am still in trouble.

The ping from my cloud to GCP is OK.
Both my site and GCP send packets for VPN, but both sites say "peer not responding".
Also checked firewall rules and allow ESP, UDP/500, and UDP/4500.

https://cloud.google.com/network-connectivity/docs/vpn/support/troubleshooting
Log Explorer (on GCP) shows:
- ("initiating IKE_SA" OR "generating IKE_SA_INIT request")
- "establishing IKE_SA failed, peer not responding"
And there are no log messages like:
- ("generating IKE_AUTH request" OR "parsed IKE_AUTH response")
- and better

best regards,

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
nestors
Staff
Reply posted on --/--/---- --:-- AM

VPC Firewall rules are of no use here, VPN is established using external IP address on both sides.

If you get "peer not responding" either there's a mismatch on the configuration regarding external IPs (in GCP or the other cloud) or you have incorrect parameters / secrets on the IKE parameters.

 

Jump to Solution

Posted on --/--/---- --:-- AM
Thomasaw
Bronze 5
Bronze 5
In response to nestors
Reply posted on --/--/---- --:-- AM

Hi @nestors 


Thank you, I will have to check the rules of my cloud side.
There are other points to see on my cloud and GCP project.

I would inform you if I found some.

best regards,

Jump to Solution
0 Likes
Top Labels in this Space
Top Solution Authors
View all