Hello, 

I have a specific use case where we need to establish a connection to a remote site using a VPN on port 84. I have set up the classic VPN and static route as per the instructions in the Google documentation. In addition to connecting to the remote site, we also need the VM to have internet access for all our other API requests and to reach other services like Cloud Run and a database located in a different VPC.To achieve this, I created a VM with two network interfaces. The first network interface is in the Default VPC, which has access to the internet gateway and other services. The second network interface is in an isolated VPC and is connected to a static route to the VPN for access to the remote site through the classic VPN. ( I tried to swaped the interfaces too)

The problem I am facing is that regardless of which interface is set as the primary for the VM (default vpc or isolate vpc), all traffic is routed through that interface. For example, if the primary interface (nic0) is connected to the isolated network, all the traffic goes through the VPN, resulting in loss of access to internet. On the other hand, if nic0 is connected to the isolated VPC, everything goes through the VPN, and ignore nic1, which is connected to the default VPC. Also, if we swap the network and connect nic0 to the default VPC and nic1 to isolate VPC overriding the rules we defined using the command for nic1. then everything goes to IGW and ignores the iptable rule which has a static route with a priority of 0 

$ sudo iptables -t nat -A POSTROUTING --destination ExternalIP -j SNAT --to-source source external IP address in in the isolate vpc 

Now, my question is, is this use case achievable with this? If not, how can we have access to VPN for only one IP address and one port and route everything else through IGW?