Scribd
Upload
102 views3 pages

GCP VPN Tunnel Lab

The document describes setting up VPN tunnels between two VPC networks in different regions (us-central1 and europe-west1) on GCP. It creates VPN gateways and forwarding rules for ESP, UDP 500 and UDP 4500 protocols. It then establishes VPN tunnels between the gateways with shared secrets and traffic selectors. Routes are added to route traffic between the VPC networks through the tunnels.

Uploaded by

navin_net
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
102 views3 pages

GCP VPN Tunnel Lab

The document describes setting up VPN tunnels between two VPC networks in different regions (us-central1 and europe-west1) on GCP. It creates VPN gateways and forwarding rules for ESP, UDP 500 and UDP 4500 protocols. It then establishes VPN tunnels between the gateways with shared secrets and traffic selectors. Routes are added to route traffic between the VPC networks through the tunnels.

Uploaded by

navin_net
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Server 1 10.5.4.2 34.67.152.

63
Server 2 10.1.3.2 35.189.230.241

gcloud config set project qwiklabs-gcp-00-40c792cf7c95


gcloud compute ssh --zone us-central1-b server-1
gcloud compute ssh --zone europe-west1-b server-2
vpn2 static ip 35.241.214.146
vpn1 static ip 35.188.86.138

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" target-vpn-gateways create


"vpn-1" --region "us-central1" --network "vpn-network-1"

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" forwarding-rules create


"vpn-1-rule-esp" --region "us-central1" --address "35.188.86.138" --ip-protocol
"ESP" --target-vpn-gateway "vpn-1"

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" forwarding-rules create


"vpn-1-rule-udp500" --region "us-central1" --address "35.188.86.138" --ip-protocol
"UDP" --ports "500" --target-vpn-gateway "vpn-1"

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" forwarding-rules create


"vpn-1-rule-udp4500" --region "us-central1" --address "35.188.86.138" --ip-protocol
"UDP" --ports "4500" --target-vpn-gateway "vpn-1"

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" vpn-tunnels create


"tunnelt1to2" --region "us-central1" --peer-address "35.241.214.146" --shared-
secret "gcprocks" --ike-version "2" --local-traffic-selector "0.0.0.0/0" --target-
vpn-gateway "vpn-1"

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" routes create "tunnelt1to2-


route-1" --network "vpn-network-1" --next-hop-vpn-tunnel "tunnelt1to2" --next-hop-
vpn-tunnel-region "us-central1" --destination-range "10.1.3.0/24"
===============
POST https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-00-
40c792cf7c95/regions/us-central1/targetVpnGateways
{
"name": "vpn-1",
"network": "projects/qwiklabs-gcp-00-40c792cf7c95/global/networks/vpn-network-1",
"region": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-central1"
}

POST https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-00-
40c792cf7c95/regions/us-central1/forwardingRules
{
"name": "vpn-1-rule-esp",
"IPProtocol": "ESP",
"IPAddress": "35.188.86.138",
"region": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-central1",
"target": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-
central1/targetVpnGateways/vpn-1"
}

POST https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-00-
40c792cf7c95/regions/us-central1/forwardingRules
{
"name": "vpn-1-rule-udp500",
"IPProtocol": "UDP",
"IPAddress": "35.188.86.138",
"region": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-central1",
"target": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-
central1/targetVpnGateways/vpn-1",
"portRange": "500"
}

POST https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-00-
40c792cf7c95/regions/us-central1/forwardingRules
{
"name": "vpn-1-rule-udp4500",
"IPProtocol": "UDP",
"IPAddress": "35.188.86.138",
"region": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-central1",
"target": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-
central1/targetVpnGateways/vpn-1",
"portRange": "4500"
}

POST https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-00-
40c792cf7c95/regions/us-central1/vpnTunnels
{
"kind": "compute#vpnTunnel",
"name": "tunnelt1to2",
"selfLink": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-
central1/vpnTunnels/tunnelt1to2",
"sharedSecret": "gcprocks",
"peerIp": "35.241.214.146",
"region": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-central1",
"ikeVersion": 2,
"targetVpnGateway": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-
central1/targetVpnGateways/vpn-1",
"localTrafficSelector": [
"0.0.0.0/0"
],
"remoteTrafficSelector": [
"0.0.0.0/0"
]
}

POST https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-00-
40c792cf7c95/global/routes
{
"kind": "compute#route",
"name": "tunnelt1to2-route-1",
"destRange": "10.1.3.0/24",
"nextHopVpnTunnel": "projects/qwiklabs-gcp-00-40c792cf7c95/regions/us-
central1/vpnTunnels/tunnelt1to2",
"network": "projects/qwiklabs-gcp-00-40c792cf7c95/global/networks/vpn-network-1",
"priority": 1000
}

===========================
gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" target-vpn-gateways create
"vpn-2" --region "europe-west1" --network "vpn-network-2"

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" forwarding-rules create


"vpn-2-rule-esp" --region "europe-west1" --address "35.241.214.146" --ip-protocol
"ESP" --target-vpn-gateway "vpn-2"
gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" forwarding-rules create
"vpn-2-rule-udp500" --region "europe-west1" --address "35.241.214.146" --ip-
protocol "UDP" --ports "500" --target-vpn-gateway "vpn-2"

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" forwarding-rules create


"vpn-2-rule-udp4500" --region "europe-west1" --address "35.241.214.146" --ip-
protocol "UDP" --ports "4500" --target-vpn-gateway "vpn-2"

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" vpn-tunnels create


"tunnelt2to1" --region "europe-west1" --peer-address "35.188.86.138" --shared-
secret "gcprocks" --ike-version "2" --local-traffic-selector "0.0.0.0/0" --target-
vpn-gateway "vpn-2"

gcloud compute --project "qwiklabs-gcp-00-40c792cf7c95" routes create "tunnelt2to1-


route-1" --network "vpn-network-2" --next-hop-vpn-tunnel "tunnelt2to1" --next-hop-
vpn-tunnel-region "europe-west1" --destination-range "10.5.4.0/24"

You might also like