Add a VPN tunnel  |  Google Cloud (2024)

Table of Contents
Add a tunnel from an HA VPN gateway to a peer VPN gateway Console Add a tunnel from an HA VPN gateway to another HA VPN gateway Console Add a tunnel to Classic VPN Console gcloud Check tunnel status What's next FAQs

This page describes how to add VPN tunnels to HA VPN orClassic VPN.

If you haven't set up your HA VPN gateway yet,see the following:

  • Create an HA VPN gateway to a peer VPN gateway
  • Create HA VPN gateways to connect VPC networks

  • Add an HA VPN gateway to HA VPN over Cloud Interconnect

Add a tunnel from an HA VPN gateway to a peer VPN gateway

To receive a 99.99% uptime SLA, configure a tunnel on eachHA VPN interface. This section includes thesteps to configure additional tunnels on the interface of anHA VPN gateway.

Configure additional HA VPN tunnels in the following circ*mstances:

  • If you configured an HA VPN gateway to a peerVPN gateway that has a single peer VPN interface.
  • If you previously set up a single tunnel on an HA VPNgateway for a peer VPN gateway that contains any number of interfaces, but you now wanta 99.99% uptime SLA for your HA VPN gateway.
  • If you deployed HA VPN over Cloud Interconnect and you need to addHA VPN tunnels to accommodate the increased capacityof a VLAN attachment.

To configure additional HA VPN tunnels, complete the following steps.

Permissions required for this task

To perform this task, you must have been granted the following permissionsor the following IAM roles.

Permissions

  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.vpnGateways.create
  • compute.vpnGateways.delete
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnGateways.use
  • compute.vpnGateways.setLabels
  • compute.externalVpnGateways.create
  • compute.externalVpnGateways.delete
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.externalVpnGateways.use
  • compute.externalVpnGateways.setLabels

Roles

  • roles/compute.networkAdmin

Console

  1. In the Google Cloud console, go to the VPN page.

    Go to VPN

  2. Click Create VPN tunnel.

  3. From the drop-down menu, select the gateway that requires the additionaltunnel, and then click Continue.

    See Also
    IPsec: The Complete Guide to How It Works and How to Use It | TwingateIKEv2 VPN Protocol Explained: What It Is and How It WorksHow to Configure a Site-to-Site IPsec IKEv1 VPN TunnelIPsec VPNs: What They Are and How to Set Them Up | Twingate

  4. Choose a Cloud Router. If you haven't configured aCloud Router, follow the steps for creating one in theCreate VPN tunnelsprocedure.

  5. For Peer VPN gateway, select On-prem or Non Google Cloud.

  6. For Peer VPN gateway name, choose the existing peer VPN gatewayresource that the new tunnel will use. To check existing peerVPN gateway names for this Cloud VPN gateway, underVPN gateway name near the top of the page, clickView all existing tunnels.

  7. You might receive a warning that a tunnel with the same peer VPN gatewayinterface is already associated with the same local Cloud VPNgateway interface. To fix this issue, underAssociated Cloud VPN gateway interface, selectthe other HA VPN interface.

  8. To finish configuring the tunnel, configure the remainder of the stepsas listed in theCreate VPN tunnelsprocedure.

Add a tunnel from an HA VPN gateway to another HA VPN gateway

This section includes the steps to configure a second tunnelon the second interface of an HA VPN gateway.

If you configured one tunnel on an HA VPN gateway toanother HA VPN gateway but want to receive a 99.99%uptime SLA, you must configure a second tunnel. Configure a tunnel on eachHA VPN interface on each side of anHA VPN-to-HA VPN gatewayconfiguration.

To configure a second tunnel, complete the following steps.

Permissions required for this task

To perform this task, you must have been granted the following permissionsor the following IAM roles.

Permissions

  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.vpnGateways.create
  • compute.vpnGateways.delete
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnGateways.use
  • compute.vpnGateways.setLabels
  • compute.externalVpnGateways.create
  • compute.externalVpnGateways.delete
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.externalVpnGateways.use
  • compute.externalVpnGateways.setLabels

Roles

  • roles/compute.networkAdmin

Console

  1. In the Google Cloud console, go to the VPN page.

    Go to VPN

    See Also
    Select a Mobile VPN Type

  2. Find the HA VPN that you want to add the tunnel to.

  3. Click Add VPN tunnel.

  4. Under Peer VPN gateway, select Google Cloud.

  5. Under Project, select a Google Cloud project that will containthe new gateway.

  6. For VPN gateway name, choose the other HA VPNgateway that the new tunnel connects to.

  7. Select Add the second VPN tunnel to an existing VPN tunnel for highavailability.

  8. Under Select existing VPN tunnel, make sure that the existing tunnelis selected. You can click a link to view all existing tunnelsnear the top of the same page.

  9. Specify a tunnel Name.

  10. Specify the same IKE version in use by the tunnel on the other gateway.

  11. Specify an IKE pre-shared key by using your pre-shared key(shared secret), which must correspond with the pre-shared key for thepartner tunnel that you create on your peer gateway. If you haven'tconfigured a pre-shared key on your peer VPN gateway and want to generateone, click Generate and copy. Make sure that you record thepre-shared key in a secure location because it cannot be retrievedafter you create your VPN tunnels.

  12. Click Create and continue.

  13. Configure and save a BGP session. Otherwise, you can do this laterby following the steps in theCreate BGP sessionsprocedure.

  14. Check the Summary and reminder page for configuration information,and then click OK.

Add a tunnel to Classic VPN

Each Cloud VPN tunnel associated with a Classic VPNgateway must connect to a unique peer VPN gateway, as identified by thepeer gateway's IP address. If you need to create a second tunnel to the samepeer gateway, you must create that tunnel from a different Cloud VPNgateway.

To configure a second tunnel, complete the following steps.

Permissions required for this task

To perform this task, you must have been granted the following permissionsor the following IAM roles.

Permissions

  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.vpnGateways.create
  • compute.vpnGateways.delete
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnGateways.use
  • compute.vpnGateways.setLabels
  • compute.externalVpnGateways.create
  • compute.externalVpnGateways.delete
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.externalVpnGateways.use
  • compute.externalVpnGateways.setLabels

Roles

  • roles/compute.networkAdmin

Console

  1. In the Google Cloud console, go to the VPN page.

    Go to VPN

  2. Click the Google VPN gateways tab.

  3. Click the name of an existing VPN gateway.

  4. On the VPN gateway details page, in the Tunnels section, clickAdd VPN tunnel.

  5. Supply the following information:

    1. In the Name field, enter a name for the tunnel.
    2. In the Remote peer IP address field, enter the external IPaddress of the peer VPN gateway.
    3. Choose an IKE version compatible with your peer VPN gateway.
    4. Provide the IKE pre-shared key (shared secret) forauthentication. For suggestions, seeGenerate a strong pre-shared key.
    5. Click the appropriateRouting option:
      • To use dynamic routing, click Dynamic (BGP). On theCloud Router menu, select or create a newCloud Router. To define the BGP session parameters, in theBGP session field, clickeditEdit.Each BGP IP address range for each BGP session must beunique among all Cloud Routers in all regions of aVirtual Private Cloud (VPC) network.
      • To use route-based VPN, click Route-based. In theRemote network IP ranges field, supplythe ranges of IP addresses used by the peer network.
      • To use policy-based routing, click Policy-based. Supply boththe Remote network IP ranges and the Local IP ranges. Inthe Local subnetworks menu, select IP ranges of subnets in aVPC network.

  6. Click Create.

  7. Complete your configuration by following the steps inConfigure the peer VPN gateway.

gcloud

Follow the steps for creating a route-based VPN gateway and tunnel,but start in the sectionCreate the Cloud VPN tunnel.

If the new tunnel has the same CIDR block, you can skip toConfigure firewall rules.

Check tunnel status

After you configure an HA VPN orClassic VPN tunnel,check its status.

What's next

  • To view Cloud Logging and Monitoring information, seeView logs and metrics.
  • To use high-availability and high-throughput scenarios or multiplesubnet scenarios, seeAdvanced configurations.
  • To help you solve common issues that you might encounter when usingCloud VPN, see Troubleshooting.
Add a VPN tunnel  |  Google Cloud (2024)

FAQs

Add a VPN tunnel  |  Google Cloud? ›

In the Google Cloud console, go to the VPN page. Click Create VPN tunnel. From the drop-down menu, select the gateway that requires the additional tunnel, and then click Continue. Choose a Cloud Router.

Read On
How do I add a VPN tunnel? ›

  1. Overview.
  2. Step 1: Create a VPN Gateway.
  3. Step 2: Create a Customer Gateway.
  4. Step 3: Create a VPN Tunnel.
  5. Step 4: Load the Configuration of the Local Gateway.
  6. Step 5: Configure a Routing Table.
  7. Step 6: Activate a VPN Tunnel.
Jan 9, 2024

Discover More Details
What is cloud VPN tunnel? ›

A cloud virtual private network (cloud VPN) is a form of technology designed to help users access their organization's applications, data, and files through a website or an application. Unlike traditional or static VPNs, a cloud VPN provides a secure connection that can be rapidly deployed globally.

Continue Reading
How to create a VPN cloud? ›

In the Google Cloud console, go to the VPN page. If you are creating a gateway for the first time, click Create VPN connection. Select the VPN setup wizard. Select the Classic VPN option button.

See Details
How is a VPN tunnel created? ›

To make VPN tunneling work, first, you have to get a VPN service. Once you connect to the desired server, a VPN tunnel will be established. Without it, your ISP sees everything you do online, but this is impossible after you connect to a VPN server. That's because of the encryption and hidden IP address.

Find Out More
Is Google Cloud VPN free? ›

You will incur Google Cloud VPN charges for 3 different items: Cloud VPN gateway charge (time-based) Number of non-tunnel external IP addresses assigned to a VPN gateway (time-based) Data transfer charges for IPsec egress traffic (usage-based)

Tell Me More
What is the difference between a VPN and a VPN tunnel? ›

What is a VPN tunnel? A VPN is a secure, encrypted connection over a publicly shared network. Tunneling is the process by which VPN packets reach their intended destination, which is typically a private network. Many VPNs use the IPsec protocol suite.

Show Me More
How do I create a VPN tunnel in Google cloud? ›

  1. In the Google Cloud console, go to the VPN page. ...
  2. Click Create VPN tunnel.
  3. From the drop-down menu, select the gateway that requires the additional tunnel, and then click Continue.
  4. Choose a Cloud Router. ...
  5. For Peer VPN gateway, select On-prem or Non Google Cloud.

Explore More
Do I need a VPN tunnel? ›

You may need a VPN if you intend to access a virtual server or create a private network that can also access the internet safely. A private VPN is ideal for certain situations, like establishing secure connections between a router and other devices in a home or organization.

Continue Reading
Is it safe to use VPN tunnel? ›

When you connect to the internet with a VPN, your data packets go through an encrypted and secure tunnel. This protects your browsing activity, masks your IP address, and redirects your data to a VPN server. You can also remotely access your data in a safe way.

Show Me More

Can I create my own VPN network? ›

Yes, making your own VPN can be cheaper than subscribing to a commercial VPN service. However, there are some factors to consider before making your own VPN, such as the cost of the hardware, the time required to set it up, and the level of security and privacy you need.

Read The Full Story
How does cloud VPN work? ›

Cloud VPN securely extends your peer network to your Virtual Private Cloud (VPC) network through an IPsec VPN connection. The VPN connection encrypts traffic traveling between the networks, with one VPN gateway handling encryption and the other handling decryption. This process protects your data during transmission.

See Details
How can I create a free VPN? ›

Create a VPN on Your Router
  1. Download custom firmware. Confirm compatibility between your router and preferred firmware, and then download it.
  2. Connect your computer to your router. Do this via a wired connection. ...
  3. Log into your router. ...
  4. Install the firmware. ...
  5. Reboot the router. ...
  6. Set up your VPN. ...
  7. Check if your VPN works.

Get More Info Here
What is an example of a VPN tunnel? ›

PPTP (Point-to-Point Tunneling Protocol)

L2TP is an VPN example that's been built on PPTP. Pro: Highly efficient protocol on most devices. Con: Because it's been around so long, hackers have discovered PPTP's vulnerabilities, making it a less secure VPN protocol.

Continue Reading
How do you detect a VPN tunnel? ›

VPNs can be detected through simple mechanisms like comparing the actual browser timezone with the target server's exit node or by using databases that store information about whether a given IP address belongs to the VPN.

View More
Which are the two main types of VPN tunnels? ›

Remote access VPN connects individual users to a remote network, while site-to-site VPN connects two entire networks together.

View Details
What is a VPN tunnel between two locations? ›

Since they create “tunnels” between two networks, site-to-site VPNs go directly from one location to another, and the only people who can see the data being transferred are users logged onto the network. The VPN uses gateways at each location which encrypt all traffic that passes through them.

See More
Can you have multiple VPN tunnels? ›

A double VPN uses multiple VPNs in a chain arrangement by routing through more than one VPN server. This strategy provides greater security for a VPN connection because of the double encryption. This arrangement is also referred to as a double VPN, doublehop VPN or multihop VPN.

Learn More
Top Articles
GRE Tunnels for Layer 3 VPNs | Junos OS
Crypto.com x Unstoppable Domains: Web3 Domain Flash Offer Campaign | Crypto.com
2010 Gmc Acadia Serpentine Belt Diagram
Chs.mywork
Latest Posts
Payment Processing: Understanding Its Definition and Importance
7 ways to improve Node.js performance at scale - LogRocket Blog
Article information

Author: Rev. Porsche Oberbrunner

Last Updated:

Views: 6544

Rating: 4.2 / 5 (73 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Rev. Porsche Oberbrunner

Birthday: 1994-06-25

Address: Suite 153 582 Lubowitz Walks, Port Alfredoborough, IN 72879-2838

Phone: +128413562823324

Job: IT Strategist

Hobby: Video gaming, Basketball, Web surfing, Book restoration, Jogging, Shooting, Fishing

Introduction: My name is Rev. Porsche Oberbrunner, I am a zany, graceful, talented, witty, determined, shiny, enchanting person who loves writing and wants to share my knowledge and understanding with you.