1

Use case: I am managing both GCP infrastructure and local infrastructure and am looking for a way for an app on Google App Engine to send data to/from a MySQL database on the local infrastructure, which is behind a VPN. I've set up and tested a Cloud VPN Gateway and VPC Connector that allows a Google Compute Engine instance to connect to the MySQL database and send and retrieve data.

Per this thread, and my own experimentation, the Google App Engine standard environment cannot currently connect to a local network via Google Cloud VPN directly. I've also been testing Cloud Function and Cloud Run to see if they can connect with the Cloud VPN, and it seems that they also have this limitation.

What I'd like to confirm is that only the Google App Engine flex environment OR a Google Compute Engine instance can connect through Cloud VPN. Google's documentation across all these resources doesn't ever outright say whether any of them can connect to Cloud VPN through a VPC Connector (just that they can connect to GCP networks via VPC Connector), so I'm hoping someone here can corroborate my testing. Additionally, is there any other GCP resource that can make use of this functionality that I've missed?

Chris Larabee
  • 11
  • 1
  • 2
    Concepts: 1) VPNs connect to VPCs. 2) App Engine Standard (Run, Functions) is not part of your VPC(s). 3) VPNs support VPC connectors. 4) Serverless VPC Access supports communication to VPC networks connected via Cloud VPN. 5) My guess is that you configured routing incorrectly. Rewrite your question into a specific problem with configuration details, route tests, and warnings/errors. – John Hanley Sep 28 '22 at 17:48
  • 1
    Also, add your on-premises route confirmation. You must add the connector's /28 subnet with the VPN as the next hop, also for your on-premises firewall. – John Hanley Sep 28 '22 at 17:56

0 Answers0