1. GCP Side of the VPN Tunnel
How to configure the GCP side of your VPN tunnel between GCP and Orka.
Quick navigation
You are here in the workflow: GCP-Orka Connections | 1. GCP Side of the VPN Tunnel | 2. GCP VPN Tunnel Configuration File | 3. Orka Side of the VPN Tunnel | 4. Verifying the GCP VPN Tunnel | GCP. VPN Tunnel Troubleshooting
On this page, jump to: Step 1: Log in to GCP | Step 2: Create the VPN connection | Step 3a: Create gateway and tunnel | Step 3b: Add a new tunnel to an existing gateway | Step 4: Ensure that the GCP firewall allows ingress traffic
You need:
- The IP address for the
FW1-Outside
network from your IP Plan.- The CIDR notation for the
Private-1
network from your IP Plan. Most likely:10.221.188.0/24
or10.10.10.0/24
.
To establish a stable, persistent connection between a Google Cloud Platform (GCP) private cloud and your Orka environment, you need to configure a policy-based IPsec site-to-site VPN between the two clouds.
Currently, you can create only a classic VPN connection with policy-based routing from GCP to Orka. It consists of one tunnel and one interface and does not provide high availability. For more information about this option, see Google Cloud Documentation: Classic VPN.
Step 1: Log in to GCP
- Log in to the GCP console with your credentials.
- In the toolbar at the top, make sure that you're working with the correct project.
Step 2: Create the VPN connection
- From the GCP console sidebar, scroll to the Networking section and select Hybrid Connectivity > VPN.
Classic VPN connections in GCP consist of a gateway and tunnel. You can create a gateway and a tunnel at once or you can add a new tunnel to an existing gateway.
Step 3a: Create gateway and tunnel
If you don't have a classic VPN gateway that you want to use, complete the following steps.
- If you don't have any VPNs created yet, click Create VPN connection.
- If you have one or more VPNs created, click + VPN SETUP WIZARD.
- Select Classic VPN and click Continue.
The High-availability (HA) VPN is currently not supported as an option. For more information about the available options, see Google Cloud Documentation: Choosing a VPN option. - In the Google Compute Engine VPN gateway section, provide Name and Description.
- For Network, select the GCP network that needs to be able to access Orka.
- Select Region.
For more information about this setting, see Google Cloud Documentation: Regions and Zones. - Select or create a reserved IP address for the connection.
You will need this IP address when you configure the Orka side of the tunnel. - In the Tunnels section, provide Name and Description.
- For Remote peer IP address, provide the IP address for the
FW1-Outside
network from your IP Plan. - For IKE version, verify that IKEv2 is selected.
- Provide or generate an IKE pre-shared key.
IMPORTANT
Keep a record of the pre-shared key. You will need it later.
- For Routing options, select Policy-based.
- For Remote network IP ranges, provide the IP range in CIDR notation for the
Private-1
network from your IP Plan. - (Optional) Select one or more GCP subnetworks to reduce latency between your GCP private cloud and your Orka private cloud.
For more information, see Google Cloud Documentation: Networks and subnets. - (Optional) Provide one or more IP ranges within your GCP local network that needs to access Orka.
- Click Done.
- Click Create.
After the creation is complete, the VPN tunnel status is: First handshake
.
Example: Create gateway and tunnel
This image shows a sample configuration for the VPN gateway and tunnel.
Step 3b: Add a new tunnel to an existing gateway
If you have an existing classic VPN gateway that you want to use for the connection, complete the following steps.
- Select Cloud VPN Tunnels and click Create VPN tunnel.
- Select the VPN gateway that you want to use and click Continue.
IMPORTANT
Make sure that you have selected a classic VPN gateway. High-availability gateways are not supported.
- Provide Name.
- (Optional) Provide Description.
- For Remote peer IP address, provide the IP address for the
FW1-Outside
network from your IP Plan. - For IKE version, verify that IKEv2 is selected.
- Provide or generate an IKE pre-shared key.
IMPORTANT
Keep a record of the pre-shared key. You will need it later.
- For Routing options, select Policy-based.
- For Remote network IP ranges, provide the IP range in CIDR notation for the
Private-1
network from your IP Plan. - (Optional) Select one or more GCP subnetworks to reduce latency between your GCP private cloud and your Orka environment.
For more information, see Google Cloud Documentation: Networks and subnets. - (Optional) Provide one or more IP ranges within your GCP local network that needs to access Orka.
- Click Create.
After the creation is complete, the VPN tunnel status is: First handshake
.
Example: Create the VPN gateway and tunnel
This image shows a sample configuration for the VPN connection.
Step 4: Ensure that the GCP firewall allows ingress traffic
Based on your requirements, you might need to enable ingress traffic from Orka to GCP in the GCP firewall. For more information, see Google Cloud Documentation: Configuring firewall rules > Example configurations.
What's next
Updated 11 months ago