This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Routing problem when setting up ipsec

Posted on 02-11-2024 11:49 PM
MachielR
New Member
Reply posted on --/--/---- --:-- AM

Good day everyone

I hope this post finds everyone well.

I need some assistance with a routing problem I am experiencing while setting up an IPsec vpn.

Let me first mention that we did try to make use of GCP cloud vpn, however the client's devices did not support some of the algorithms required by GCP so we were forced to move this to a linux instance.

We created a linux instance, using strongswan and got the vpn up and running.

Usually we then add routes to the routing table to force the endpoints to be routed via the vpn gateway that was created, however, in this case it turns out that the client is making use of internal ip range 10.132.0.0/24 which is also an ip range for VPC. This results in us not being able to add the routes via the console.

 

We attempted to add static routes on Linux level, directly on the server, but this is also proving a challenge as it is not allowing me to add the gateway server as the next hop.

 

Is there anyone that can possibly provide me with some advice on how to get this routing resolved as the ipsec connection is required for a DR site we need to setup.

 

Any help would be greatly appreciated.

2 1 308
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @MachielR ,

One possible I am seeing is to change the IP range of your VPC to avoid the overlap. But, if you will not consider this, you can try:

  1. Create a new subnet within your VPC, with a different IP range that doesn't conflict with your client's internal IP range. For example, you could create a subnet with an IP range of 10.133.0.0/24.

  2. Create a new VM instance in the new subnet, and use this VM instance as the VPN gateway.

  3. Configure the VPN client to connect to the new VM instance as the VPN gateway.

  4. Add routes to the routing table on the new VM instance, to force the endpoints to be routed via the VPN gateway.

This is the example how to create the new subnet and VM :

# Create a new subnet with IP range 10.133.0.0/24
gcloud compute networks subnets create my-new-subnet \
  --network my-vpc \
  --range 10.133.0.0/24 \
  --region us-central1

# Create a new VM instance in the new subnet
gcloud compute instances create my-new-vpn-gateway \
  --image-family ubuntu-1804 \
  --image-project ubuntu-os-cloud \
  --subnet my-new-subnet \
 --zone us-central1-a

Let me know if this helps. 

Top Labels in this Space
Top Solution Authors
View all