Google Cloud VPN - Site-to-Site and Client VPNs


Google Cloud VPN offers secure and scalable ways to connect your on-premises network to Google Cloud. It comes in two flavors: Site-to-Site VPN and Client VPN. Site-to-Site VPN is used for connecting on-premises data centers to GCP, while Client VPN is ideal for remote workers and mobile devices.

Site-to-Site VPN

Site-to-Site VPN establishes a secure connection between your on-premises network and your GCP VPC. Here's how you can configure a Site-to-Site VPN using gcloud CLI:

    gcloud compute vpn-gateways create my-gateway --network=my-vpc-network --region=us-central1
gcloud compute vpn-tunnels create my-tunnel --region=us-central1 --peer-address= --shared-secret= --ike-version=2

Client VPN

Client VPN provides a secure and easy-to-use method for remote workers to connect to your GCP VPC. You can configure Client VPN as follows:

    gcloud compute target-vpn-gateways create my-client-gateway --network=my-vpc-network --region=us-central1
gcloud compute forwarding-rules create my-esp-rule --region=us-central1 --target-vpn-gateway=my-client-gateway --ip-protocol=ESP --ports=*
gcloud compute forwarding-rules create my-udp500-rule --region=us-central1 --target-vpn-gateway=my-client-gateway --ip-protocol=UDP --ports=500
gcloud compute forwarding-rules create my-udp4500-rule --region=us-central1 --target-vpn-gateway=my-client-gateway --ip-protocol=UDP --ports=4500


Google Cloud VPN provides versatile solutions for secure connectivity, whether you need to connect your data center to GCP (Site-to-Site VPN) or provide remote workers with secure access to your VPC (Client VPN). With easy-to-use CLI commands, you can set up and manage VPN configurations in your Google Cloud environment.

For detailed documentation and additional configurations, refer to the Google Cloud VPN documentation.