0

I'm not an expert in networking so excuse the bad wording.

I have a Google App Engine service running in Google cloud (Standard environment). I need this service to access a VPN (i.e. ip-addresses in that VPN setup). How can I set this up with an IPSEC tunnel? I've looked a bit at Google VPN but it most seems how to setup a VPN Server, I want to be the client to an external VPN network so my App Engine service can access computers on that VPN.

Thanks

secret_cinema
  • 145
  • 8
  • App Engine Standard or Flexible? Where are you connecting to? More details are required in your question. – John Hanley Mar 19 '20 at 17:34
  • Standard environment, added to question. – secret_cinema Mar 19 '20 at 18:09
  • Unless you add a VPN client within your application, AE Standard does not provide VPN features. This means using a client library to implement a VPN. Since you have provided no other details, there is no real answer yet. Google Cloud does not offer VPN features for AE Standard. – John Hanley Mar 19 '20 at 18:23
  • Just to be sure to understand. The VPN that you want to reach has a public IP. You have a private key (or a private certificate) for being authenticated on the VPN. Am I correct? Which is your dev language? – guillaume blaquiere Mar 19 '20 at 20:56
  • @guillaumeblaquiere This is correct. I develop the service in java (1.8) – secret_cinema Mar 20 '20 at 06:47
  • I think you can achieve this, but you have to code all by yourselves: VPN connection establishment, and when you reach a VM through the VPN you have to route the request into the VPN manually. Lots of work! Why you can'y use Cloud VPN to establish a permanent connection and then simply forward your request trough this connection? – guillaume blaquiere Mar 20 '20 at 12:53
  • Please take a look at this post, I think that it would be helpful for you, https://stackoverflow.com/questions/37137914/is-it-possible-to-use-google-app-engine-with-google-cloud-vpn – Andie Vanille Mar 20 '20 at 15:08

1 Answers1

1

As other members have pointed out, there is no a direct way to connect GAE Standard service to a resource inside an external, on-premise, VPN. However, there some approaches.

There is a feature called Serverless VPC Access that allows GAE Standard to connect to other Google Cloud resources through an internal IP, but here is the interesting part:

Serverless VPC Access supports communication to VPC networks connected via Cloud VPN

Looking at the tutorial on Connecting to a VPC network, it is mentioned something similar to what I understood you are trying to achieve:

Your app needs to access data from your on-premises database through Cloud VPN.

The first step I would say is to connect your VPN to Cloud VPN. Since I'm not expert in those matters I'd suggest you take at its documentation.

Marcos Ramirez
  • 66
  • 3