GDC VPN은 사이트 간 IPsec VPN 연결만 지원합니다. IPsec은 IP 네트워크를 통한 통신을 보호하도록 설계된 프로토콜 모음입니다. SSL 및 VPN과 같은 다른 VPN 기술은 지원되지 않습니다.
피어 VPN 게이트웨이에는 정적 외부 IPv4 주소가 있어야 합니다. VPN을 구성하려면 이 IP 주소가 필요합니다.
피어 VPN 게이트웨이가 방화벽 규칙 뒤에 있으면 ESP (보안 페이로드 캡슐화) IPsec 프로토콜과 IKE (인터넷 키 교환) UDP 500 및 UDP 4500 트래픽을 모두 게이트웨이로 전달할 수 있도록 방화벽 규칙을 구성해야 합니다.
GDC VPN은 NAT-T (NAT-Traversal)를 위해 UDP 캡슐화를 사용한 일대일 NAT만 지원합니다. 피어 VPN 게이트웨이는 내부 비공개 IP가 아닌 정적 외부 IPv4 주소를 사용하여 자신을 식별하도록 구성되어야 합니다.
IPv6 트래픽은 지원되지 않습니다.
IPsec 및 IKE 지원
GDC VPN은 IKE 사전 공유 키(공유 비밀번호) 및 IKE 암호화를 사용하여 IKEv2를 지원합니다. GDC VPN은 인증에 대해서만 사전 공유 키를 지원합니다. GDC VPN 터널을 만들 때는 사전 공유 키를 지정합니다. 동종 앱 VPN 게이트웨이에서 터널을 만들 때 이와 동일한 사전 공유 키를 지정합니다. 자세한 내용은 PSK로 보안 비밀 만들기를 참고하세요.
GDC VPN은 인증과 함께 터널 모드의 ESP를 지원하지만 전송 모드의 AH 또는 ESP는 지원하지 않습니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[[["\u003cp\u003eGDC VPN utilizes IPsec to establish secure, site-to-site VPN connections between a peer network and a user's VM in a GDC zone.\u003c/p\u003e\n"],["\u003cp\u003eConfiguration of GDC VPN is managed using \u003ccode\u003eVPNGateway\u003c/code\u003e, \u003ccode\u003ePeerGateway\u003c/code\u003e, \u003ccode\u003eVPNBGPPeer\u003c/code\u003e, and \u003ccode\u003eVPNTunnel\u003c/code\u003e resources within the Networking API.\u003c/p\u003e\n"],["\u003cp\u003eThe supported specifications for GDC VPN include requiring a static external IPv4 address for the peer VPN gateway, as well as configuring firewalls to allow ESP, UDP 500, and UDP 4500 traffic.\u003c/p\u003e\n"],["\u003cp\u003eGDC VPN supports IKEv2 with a pre-shared key for authentication and ESP in tunnel mode with authentication.\u003c/p\u003e\n"],["\u003cp\u003eGDC VPN only supports one-to-one NAT using UDP encapsulation for NAT-T, and does not support IPv6, SSL, or other VPN technologies.\u003c/p\u003e\n"]]],[],null,["# Overview\n\nThis page provides an overview of the Google Distributed Cloud (GDC) air-gapped VPN feature and describes the supported specifications and tunneling protocols.\n\nGDC VPN securely extends a peer network to a user's\nvirtual machine (VM) in an organization of a GDC zone\nthrough an Internet Protocol Security (IPsec) VPN connection.\n\nConfigure the GDC VPN using the `VPNGateway`,\n`PeerGateway`, `VPNBGPPeer`, and `VPNTunnel` resources from the [Networking\nAPI](/distributed-cloud/hosted/docs/latest/gdch/apis/service/networking/v1/networking-v1).\n\nSpecifications\n--------------\n\nThe GDC VPN has the following specifications:\n\n- GDC VPN only supports site-to-site IPsec VPN connectivity. IPsec is a suite of protocols designed to secure communication over IP networks. Other VPN technologies, such as SSL and VPN are not supported.\n- The peer VPN gateway must have a static external IPv4 address. You need this IP address to configure VPN.\n- If your peer VPN gateway is behind a firewall rule, you must configure the firewall rule to pass both Encapsulating Security Payload (ESP) IPsec protocol and Internet Key Exchange (IKE) UDP 500 and UDP 4500 traffic to it.\n- GDC VPN only supports one-to-one NAT by using UDP encapsulation for NAT-Traversal (NAT-T). The peer VPN gateway must be configured to identify itself using its static external IPv4 address, not its internal private IP.\n- IPv6 traffic is not supported.\n\n### IPsec and IKE support\n\nGDC VPN supports IKEv2 by using an IKE pre-shared key\n(shared secret) and IKE ciphers. GDC VPN only supports a\npre-shared key for authentication. When you create the\nGDC VPN tunnel, specify a pre-shared key. When you\ncreate the tunnel at the peer VPN gateway, specify this same pre-shared key. For more information, see [Create the secret with a PSK](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/vpn/create-secret).\n\nGDC VPN supports ESP in tunnel mode with authentication, but does not support AH or ESP in transport mode.\n\nWhat's next\n-----------\n\n- [Create a VPN gateway and peer gateway](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/vpn/configure-the-gateways)"]]