Adding a VPN tunnel to HA VPN
- For a tunnel from an HA VPN gateway to a peer gateway, see Creating an HA VPN to a peer VPN gateway.
- For a tunnel from an HA VPN to another HA VPN gateway, see Creating HA VPN GCP-to-GCP gateways.
Adding a VPN tunnel to Classic VPN
Each Cloud VPN tunnel associated with a Classic VPN gateway must connect to a unique peer VPN gateway, as identified by the peer gateway's IP address. If you need to create a second tunnel to the same peer gateway, you must create that tunnel from a different Cloud VPN gateway.
Project owners, editors, and IAM members with the Network Admin role can create new Cloud VPN tunnels.
- Go to the VPN page in the Google Cloud Platform Console.
Go to the VPN page
- Click the Google VPN Gateways tab.
- Click the name of an existing VPN gateway.
- On the VPN gateway details page, in the Tunnels section, click Add VPN tunnel.
- Supply the following information:
- Provide a name for the tunnel.
- Enter the public IP address of the peer VPN gateway in the Remote peer IP address field.
- Choose an IKE version compatible with your peer VPN gateway.
- Provide the Shared secret (also known as the preshared key) for authentication. Refer to this page for suggestions about how to generate strong shared secrets.
- Click the appropriate Routing option.
- Choose Dynamic (BGP) to use dynamic routing. Select or create a new Cloud Router from the Cloud router menu, then click the edit (pencil) button next to BGP session to define the BGP session parameters.
- Choose Route-based to create a route based VPN. For Remote network IP ranges, supply the ranges of IP addresses used by the peer network.
- Choose Policy-based to use policy based routing, and supply both the Remote network IP ranges and Local IP ranges. Use the Local subnetworks menu to choose IP ranges of subnets in a VPC network.
- Click Create.
- Set up the peer VPN gateway by configuring the corresponding tunnel.
Once the corresponding tunnel has been configured at your peer VPN gateway, check the status of the Cloud VPN tunnel.