I want to be able to connect from on premises database to google cloud.
I have VPC set, external IP address and VPN but not connected yet.
Is there something I missed? Do I have to create a compute engine first?
I would recommend you to first read this link which is the cloud VPN overview to mainly understand the type of VPN that you are creating for this setup and then setup your VPN.
In this other link you will find some guides to setup the VPN with devices such as Cisco or even other cloud providers. I hope you find this links useful since your question doesn't have much information to better understand if you have any error message or kind of peer device you're using for this set up
Cheers
Related
I'm having an issue configuring a site to site vpn from GCP to Fortigate.
I'm configuring a 1 tunnel HA VPN as a test before building in production.
My fortigate is behind an external fireawll, IPSEC vpn is configure with NAT.
According to debugs on the Fortigate, Phase 1 and Phase 2 are negotiated and established, Fortigate sends AUTH_RESPONSE and gets reply from the GCP side saying AUTHENTICATION_FAILED.
The status on GCP side is showing:
First Handshake. Allocating resources. VPN tunnel will start soon.
Has anyone any ideas why im getting AUTHENTICATION_FAILED on GCP side?
Thanks
Gerard
Not knowing exactly what the issue may be I would suggest looking at these two Google Public documents. This link describes how to use HA VPN with Fortigate, and this link is a setup guide. Within these two documents you should be able to configure your authentication to work with GCP.
Yes, this has been a known issue for quite some time. FortiOS 6.4.6 did add a field called "Local ID" to override the default IP address, but unfortunately it incorrectly sets the identity type as FQDN and Google will reject the VPN session for that reason. I reported this to FortiGate over a year ago and they were unwilling to accept it as a bug, instead saying I needed to sign a large contract and then make a feature request.
Currently, the only workaround is to give the FortiGate a public IP address. Or, use AWS as they'll accept the private IP.
AWS and network noob. I've been asked to migrate QuickBooks Desktop Enterprise to AWS. This seems easy in principle but I'm finding a lot of conflicting and confusing information on how best to do it. The requirements are:
Setup a Windows Server using AWS EC2
QuickBooks will be installed on the server, including a file share that users will map to.
Configure VPN connectivity so that the EC2 instance appears and behaves as if it were on prem.
Allow additional off site VPN connectivity as needed for ad hoc remote access
Cost is a major consideration, which is why I am doing this instead of getting someone who knows this stuff.
The on-prem network is very small - one Win2008R2 server (I know...) that hosts QB now and acts as a file server, 10-15 PCs/printers and a Netgear Nighthawk router with a static IP.
My approach was to first create a new VPC with a private subnet that will contain the EC2 instance and setup a site-to-site VPN connection with the Nighthawk for the on-prem users. I'm unclear as to if I also need to create security group rules to only allow inbound traffic (UDP,TCP file sharing ports) from the static IP or if the VPN negates that need.
I'm trying to test this one step at a time and have an instance setup now. I am remote and am using my current IP address in the security group rules for the test (no VPN yet). I setup the file share but I am unable to access it from my computer. I can RDP and ping it and have turned on the firewall rules to allow NB and SMB but still nothing. I just read another thread that says I need to setup a storage gateway but before I do that, I wanted to see if that is really required or if there's another/better approach. I have to believe this is a common requirement but I seem to be missing something.
This is a bad approach for QuickBooks. Intuit explicitly recommends against using QuickBooks with a file share via VPN:
Networks that are NOT recommended
Virtual Private Network (VPN) Connects computers over long distances via the Internet using an encrypted tunnel.
From here: https://quickbooks.intuit.com/learn-support/en-us/configure-for-multiple-users/recommended-networks-for-quickbooks/00/203276
The correct approach here is to host QuickBooks on the EC2 instance, and let people RDP (remote desktop) into the EC2 Windows server to use QuickBooks. Do not let them install QuickBooks on their client machines and access the QuickBooks data file over the VPN link. Make them RDP directly to the QuickBooks server and access it from there.
Currently my projects in Cloud Run that make external requests come out with random IP from Google IP's pool.
A new micro-service that I am developing that needs to make an external request on a critical external micro-service that is limited by IP.
Google Cloud Platform has any solution to channel the output from a specific IP to the outside? Some kind of proxy for these kinds of needs?
Thanks
As clarified in this other case here, there is no way to directly setup a static or specific IP for outbound requests for Cloud Run. The only possibility as clarified in this answer from a Google's developer, unless Cloud Run starts supporting Cloud NAT or Serverless VPC Access, you won't be able to achieve such configuration.
There are some workarounds.
One of them would be to create a SOCKS proxy by running a ssh client that routes the traffic through a GCE VM instance that has a static external IP address. More details here.
Another solution is to send your outbound requests through a proxy that has a static IP. You can get details here.
Both these two were provided by developers from Google, so they should be good to go and use it.
I have configured Cloud VPN Classic to on-prem Firewall using Fortigate. I'm using default supported IKE Ciphers and I've confirmed both sides are correct configuration.
But when I checked on Google there errors shown "Handshake with peer broken for unknown reason. Trying again soon"
Does anyone have a suggestion/help on this?
I was troubleshooting these issues almost a month, still didn't find the solution on this case.
I have monitored VPN whole day, I found it will state active/up at certain time, but then it will inactive.
"Handshake with peer broken for unknown reason. Trying again soon"
As there is no information about the specific Fortinet devise you are using in your on-prem network, I'm sharing with you this Google Cloud VPN interop Guide to use Cloud VPN with Fortinet where you should find the correct configuration for GCP connectivity.
Additionally, I have found this Cloud VPN troubleshooting Google documentation which can help you monitor and solve issues with Cloud VPN.
I hope the provided documentation helps you troubleshoot your issue and to have the expected connectivity results.
So my partner builds an API on top .NET and uses a local server to put the project. so to connect the API endpoint I need to create a VPN before I can access the API,
I've done connect from my PC to my partner local server, if in windows 7
create a Workplace then filled Internet Address, destination Name, Username and Password.
So how can I do this from GCP till I can access my partner local server from GCP ?
Don't ask me why not just upload your partner api project to gcp.
thanks..
Have you tried to: just do it?
Just
Create a tunnel from a GCP Compute Instance (Virtual Machine with HTTP/HTTPS) to your partners local server on prefered port?
GCP offers VPN Products - https://cloud.google.com/vpn/docs/concepts/overview - maybe they will help you.
Based on your question, there are a few solutions available. I’ll provide two solutions which may help you.
If you would like to set up an internal path from your GCP instance to your partner’s local server, maybe you should look into this following quickstart on VPNs.
However if you’re looking to use an external path to connect your GCP instance to your partner’s local server, try exposing your partner’s server IP externally and configure a load balancer to it.