Project owners, editors, and IAM members with the Network Admin role can create new Cloud VPN tunnels.
Adding a VPN tunnel
Each Cloud VPN tunnel associated with a Cloud VPN gateway must connect to a unique on-premises VPN gateway, as identified by the on-premises gateway's IP address. If you need to create a second tunnel to the same on-premises gateway, you must create that tunnel from a different Cloud VPN gateway.
- Go to the VPN page in the Google Cloud Platform Console.
Go to the VPN page
- Click the Google VPN Gateways tab.
- Click the name of an existing VPN gateway.
- On the VPN gateway details page, in the Tunnels section, click Add VPN tunnel.
- Supply the following information:
- Provide a name for the tunnel.
- Enter the public IP address of the on-premises VPN gateway in the Remote peer IP address field.
- Choose an IKE version compatible with your on-premises VPN gateway.
- Provide the Shared secret (also known as the preshared key) for authentication. Refer to this page for suggestions about how to generate strong shared secrets.
- Click the appropriate Routing option.
- Choose Dynamic (BGP) to use dynamic routing. Select or create a new Cloud Router from the Cloud router menu, then click the edit (pencil) button next to BGP session to define the BGP session parameters.
- Choose Route-based to create a route based VPN. For Remote network IP ranges, supply the ranges of IP addresses used by the on-premises network.
- Choose Policy-based to use policy based routing, and supply both the Remote network IP ranges and Local IP ranges. Use the Local subnetworks menu to choose IP ranges of subnets in a VPC network.
- Click Create.
- Set up the on-premises VPN gateway by configuring the corresponding tunnel.
Once the corresponding tunnel has been configured at your on-premises VPN gateway, check the status of the Cloud VPN tunnel.
- Learn about the basic concepts of Cloud VPN
- Create a custom Virtual Private Cloud network
- Set up different types of Cloud VPN
- Maintain VPN tunnels and gateways
- See Advanced Configurations for information on high-availability, high-throughput scenarios, or multiple subnet scenarios.
- Get troubleshooting help