Hi,
Hope you all are doing great.
I have successfully setup a VPN between GCP and on-prem and asked the client to whitelist the subnet range I am using. I am not able to hit their private IPs.
Architecture: We have everything deployed in Cloud Run/Cloud Function and using serverless connector for egress traffic.
Now, if I enable egress traffic in Cloud Run to direct flow through VPC and select the subnet that is whitelisted then I am able to hit their private IP. I cannot go with this because Cloud Function does not offer to flow traffic through VPC. 
I am suspecting if this is related to connector IP range that it uses. 
Can it be the reason that connector uses IP range while flowing traffic through tunnel?
I am not sure how connector behaves. If this is the case, I can ask end customer to whitelist IP range being used by connector.
Any help will be appreciated.