The following best practices can be helpful when planning for and configuring Cloud VPN.
Use separate Google Cloud projects for networking resources
To make configuration of Identity and Access Management roles and permissions easier, keep your Cloud VPN and Cloud Router resources in a project separate from your other Google Cloud resources wherever possible.
Routing and failover
Choose dynamic routing
Choose a Cloud VPN gateway that uses dynamic routing and the Border Gateway Protocol (BGP). Google recommends using HA VPN and deploying on-premises devices that support BGP.
Use an active/passive tunnel configuration
Use HA VPN and an active/passive tunnel configuration wherever possible.
For more information, see the preferred routing option in the Cloud VPN overview.
Security
Set up firewall rules for your VPN gateways
Create secure firewall rules for traffic that travels over Cloud VPN. To do this, see Firewall rules in Google Cloud.
Use strong pre-shared keys
Google recommends generating a strong pre-shared key for your Cloud VPN tunnels.
What's next
- Learn about the basic concepts of Cloud VPN
- Learn about advanced configurations, including high-availability, high-throughput scenarios, or multiple subnet scenarios.
- Create a custom Virtual Private Cloud network
- Maintain VPN tunnels and gateways
- View logs and monitoring metrics
- Get troubleshooting help