This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How Can I Update Encryption and Deffie Hellman Groups for VPN in GCP?

Posted on 10-10-2023 05:10 PM
jotaemec41
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

So, I've got a VPN set up at the moment that's connected to the client's VPN and it's all good. Now, the client wants to tweak the encryption method to AES256 and Deffie Hellman groups to 19.

Is it doable? 'Cause I can't make those advanced changes through the GUI. Is there a way to make these tweaks in GCP?

As of now, I haven't run any tests because I'm not sure what steps to take. My concern is also whether, if the client makes these changes, will GCP automatically adjust and synchronize with the modifications made to the client's VPN?

1 2 1,357
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
VannGuce
Staff
Reply posted on --/--/---- --:-- AM

Hi,

I believe there is no option to modify these ciphers. However, if the cipher role (Diffie-Hellman (DH) and Encryption) supported the cipher you want to place (AES256 and Deffie Hellman groups to 19) from Cloud VPN then there is a possibility. Just expect that there will be an interruption that will happen in your vpn set up if you change the cipher from the on-premise end.

However, if the cipher that you want to change is not supported in Cloud VPN then definitely it will not work. To check or to double check if the “AES256 and Deffie Hellman groups 19” are supported, you may visit this link[1] to see the supported IKE Cipher. I suggest also check this link[2] to see the updated changes in IKE Cipher.

[1]https://cloud.google.com/network-connectivity/docs/vpn/concepts/supported-ike-ciphers
[2]https://cloud.google.com/network-connectivity/docs/vpn/deprecations/cipher-changes#deprecated-config...

Posted on --/--/---- --:-- AM
jotaemec41
Bronze 3
Bronze 3
In response to VannGuce
Reply posted on --/--/---- --:-- AM

Hey VannGuce, thanks for the quick response!

So, does that mean my Google Cloud VPN is gonna sync up and handle the settings from my client's VPN automatically?

I checked the links you shared, they've got good info. It does lay out that Cloud VPN is indeed DH 19 compatible. Just a lingering doubt on how to make my VPN grab that config.

Cheers!

Top Labels in this Space
Top Solution Authors
View all