Adding a VPN tunnel

Required permissions

Project owners, editors, and IAM members with the Network Admin role can create new Cloud VPN tunnels.

Adding a VPN tunnel

Each Cloud VPN tunnel associated with a Cloud VPN gateway must connect to a unique on-premises VPN gateway, as identified by the on-premises gateway's IP address. If you need to create a second tunnel to the same on-premises gateway, you must create that tunnel from a different Cloud VPN gateway.

Console


  1. Go to the VPN page in the Google Cloud Platform Console.
    Go to the VPN page
  2. Click the Google VPN Gateways tab.
  3. Click the name of an existing VPN gateway.
  4. On the VPN gateway details page, in the Tunnels section, click Add VPN tunnel.
  5. Supply the following information:
    1. Provide a name for the tunnel.
    2. Enter the public IP address of the on-premises VPN gateway in the Remote peer IP address field.
    3. Choose an IKE version compatible with your on-premises VPN gateway.
    4. Provide the Shared secret (also known as the preshared key) for authentication. Refer to this page for suggestions about how to generate strong shared secrets.
    5. Click the appropriate Routing option.
      • Choose Dynamic (BGP) to use dynamic routing. Select or create a new Cloud Router from the Cloud router menu, then click the edit (pencil) button next to BGP session to define the BGP session parameters.
      • Choose Route-based to create a route based VPN. For Remote network IP ranges, supply the ranges of IP addresses used by the on-premises network.
      • Choose Policy-based to use policy based routing, and supply both the Remote network IP ranges and Local IP ranges. Use the Local subnetworks menu to choose IP ranges of subnets in a VPC network.
  6. Click Create.
  7. Set up the on-premises VPN gateway by configuring the corresponding tunnel.

gcloud


Follow the steps for creating a route based VPN gateway and tunnel, but start with Creating a VPN tunnel. If the new tunnel has the same CIDR block, you can skip to configuring the firewall rules.

Follow-up

Once the corresponding tunnel has been configured at your on-premises VPN gateway, check the status of the Cloud VPN tunnel.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...