Configuring VPN gateways on the VMware Engine network

A VPN gateway lets you remotely connect to the Google Cloud VMware Engine network from a client computer.

  • To establish point-to-site connections from your computer to your private cloud, use a VPN gateway on VMware Engine as described on this page. You can create only one point-to-site VPN gateway per region.

  • To establish a connection from your on-premises network, use Cloud VPN or Cloud Interconnect.

Automatic addition of users

A point-to-site VPN gateway lets you define an automatic addition policy for new users. By default, all owners and contributors of the subscription have access to the VMware Engine portal. Users are created only when the portal is launched for the first time. Selecting Automatically add rules enables any new user to access the network using a point-to-site VPN connection.

Set up a point-to-site VPN gateway

  1. Access the Google Cloud VMware Engine portal and select Network.
  2. Select VPN gateway.
  3. Click New VPN gateway.
  4. For Gateway configuration, specify the following settings, then click Next.
    • Enter a name to identify the gateway.
    • Select the location where your VMware Engine service is hosted.
    • Specify the client subnet for the point-to-site gateway. The DHCP address to your device is provided by the client subnet.
  5. For Users, specify the following settings, then click Next.
    • To automatically allow all current and future users to access the private cloud through the point-to-site gateway, select Automatically add all users. When you select this option, all users in the user list are automatically selected. You can override the automatic option by clearing the checkbox for individual users in the list.
    • To select individual users, select their checkboxes in the user list.
  6. The Subnets section lets you specify management and user subnets for the gateway.
    • The Automatically add options set the global policy for the gateway. The settings apply to the current gateway. You can override the settings in the Select area.
    • Select Add management subnets of private clouds.
    • To add all user-defined subnets, click Add user-defined subnets.
    • The Select settings override the global settings under Automatically add.
  7. Click Next to review the settings. Click the Edit icons to make any changes.
  8. Click Create to create the VPN gateway.

Client subnet and protocols for point-to-site VPN gateways

The point-to-site VPN gateway allows TCP and UDP connections. Choose the protocol to use when you connect from your computer by selecting the TCP or UDP configuration.

The configured client subnet is used for both TCP and UDP clients. The CIDR prefix is divided into two subnets, one for TCP and one for UDP clients. Choose the prefix mask based on the number of VPN users who will connect concurrently.

The following table lists the number of concurrent client connections by prefix mask.

Prefix mask /24 /25 /26 /27 /28
Number of concurrent TCP connections 124 60 28 12 4
Number of concurrent UDP connections 124 60 28 12 4

What's next