Cloud VPN supports the following ciphers and configuration parameters for peer VPN devices or VPN services. Cloud VPN automatically negotiates the connection as long as the peer side uses a supported Internet Key Exchange (IKE) cipher setting.
For configuration instructions, see Configure the peer VPN gateway.
Cloud VPN operates in IPsec ESP Tunnel Mode.
The following IKE ciphers are supported for Classic VPN and HA VPN.
IPv6 address support for HA VPN gateway interfaces is in Preview.
Proposal order
Cloud VPN can act as an initiator or a responder to IKE requests depending on the origin of traffic when a new security association (SA) is needed.
When Cloud VPN initiates a VPN connection, Cloud VPN proposes the algorithms in the order shown in the supported cipher tables for each cipher role. The peer side receiving the proposal selects an algorithm.
If the peer side initiates the connection, then Cloud VPN selects a cipher from the proposal by using the same order shown in the table for each cipher role.
Depending on which side is the initiator or the responder, the selected cipher can be different. For example, the selected cipher might even change over time as new security associations (SAs) are created during key rotation. Because a change in cipher selection can impact important tunnel characteristics such as performance or MTU, ensure that your cipher selection is stable. For more information about MTU, see MTU considerations.
To prevent frequent changes in cipher selection, configure your peer VPN gateway to propose and accept only one cipher for each cipher role. This cipher must be supported by both Cloud VPN and your peer VPN gateway. Do not provide a list of ciphers for each cipher role. This best practice ensures that both sides of your Cloud VPN tunnel always select the same IKE cipher during IKE negotiation.
For HA VPN tunnel pairs, configure both HA VPN tunnels on your peer VPN gateway to use the same cipher and IKE Phase 2 lifetime values.
IKE fragmentation
Cloud VPN supports IKE fragmentation as described by the IKEv2 fragmentation protocol (RFC 7383).
For best results, Google recommends that you enable IKE fragmentation, if it is not already enabled, on your peer VPN device.
If you don't have IKE fragmentation enabled, IKE packets from Google Cloud to the peer VPN device that are larger than the gateway MTU are dropped.
Some IKE messages can't be fragmented, including the following messages:
IKE_SA_INIT
IKE_SESSION_RESUME
For more information, see the Limitations section in RFC 7383.
Supported cipher tables
The following sections list the supported ciphers for HA VPN.
IKEv2 ciphers that use AEAD
The following ciphers use authenticated encryption with associated data (AEAD).
Phase 1
Cipher role | Cipher | Notes |
---|---|---|
Encryption & Integrity |
|
In this list, the first number is the size of the ICV parameter in bytes (octets), and the second is the key length in bits. Some documentation might express the ICV parameter (the first number) in bits instead (8 becomes 64, 12 becomes 96, and 16 becomes 128). |
Pseudo-Random Function (PRF) |
|
Many devices don't require an explicit PRF setting. |
Diffie-Hellman (DH) |
|
* The modp_8192 cipher is not supported for HA VPN
gateways with IPv6 interfaces (gatewayIpVersion=IPv6 ). |
Phase 1 lifetime | 36,000 seconds (10 hours) |
Phase 2
Cipher role | Cipher | Notes |
---|---|---|
Encryption & Integrity |
|
The first number in each algorithm is the size of the ICV parameter in bytes (octets), and the second is its key length in bits. Some documentation might express the ICV parameter (the first number) in bits instead (8 becomes 64, 12 becomes 96, 16 becomes 128). |
PFS Algorithm (required) |
|
* The modp_8192 cipher is not supported for HA VPN
gateways with IPv6 interfaces (gatewayIpVersion=IPv6 ). |
Diffie-Hellman (DH) | Refer to Phase 1. | If your VPN gateway requires DH settings for Phase 2, use the same settings that you used for Phase 1. |
Phase 2 lifetime | 10,800 seconds (3 hours) |
IKEv2 ciphers that don't use AEAD
Phase 1
Cipher role | Cipher | Notes |
---|---|---|
Encryption |
|
|
Integrity |
|
Documentation for your on-premises VPN gateway might use a slightly
different name for the algorithm. For example,
|
Pseudo-Random Function (PRF) |
|
Many devices don't require an explicit PRF setting. |
Diffie-Hellman (DH) |
|
* The modp_8192 cipher is not supported for HA VPN
gateways with IPv6 interfaces (gatewayIpVersion=IPv6 ). |
Phase 1 lifetime | 36,000 seconds (10 hours) |
Phase 2
Cipher role | Cipher | Notes |
---|---|---|
Encryption |
|
|
Integrity |
|
Documentation for your on-premises VPN gateway might use a slightly
different name for the algorithm. For example,
|
PFS Algorithm (required) |
|
* The modp_8192 cipher is not supported for HA VPN
gateways with IPv6 interfaces (gatewayIpVersion=IPv6 ). |
Diffie-Hellman (DH) | Refer to Phase 1. | If your VPN gateway requires DH settings for Phase 2, use the same settings that you used for Phase 1. |
Phase 2 lifetime | 10,800 seconds (3 hours) |
IKEv1 ciphers
Phase 1
Cipher role | Cipher |
---|---|
Encryption | AES-CBC-128 |
Integrity | HMAC-SHA1-96 |
Pseudo-Random Function (PRF)* | PRF-SHA1-96 |
Diffie-Hellman (DH) | modp_1024 (Group 2) |
Phase 1 lifetime | 36,600 seconds (10 hours, 10 minutes) |
*For more information about PRF in IKEv1, see RFC 2409.
Phase 2
Cipher role | Cipher |
---|---|
Encryption | AES-CBC-128 |
Integrity | HMAC-SHA1-96 |
PFS Algorithm (required) | modp_1024 (Group 2) |
Diffie-Hellman (DH) | If you need to specify DH for your VPN gateway, use the same setting that you used for Phase 1. |
Phase 2 lifetime | 10,800 seconds (3 hours) |
What's next
- To learn about the basic concepts of Cloud VPN, see the Cloud VPN overview.
- To help you solve common issues that you might encounter when using Cloud VPN, see Troubleshooting.