I’m new to networking and Google Cloud Platform (GCP), so I apologize (again) if this question seems basic.
I’m facing a challenge with routing traffic from several VMs and Cloud Run services through a VPN tunnel that has only a single Local IP configured.
Current Setup
VPN tunnel: Classic VPN tunnel, route-based, with a single Local IP configured
VMs and Cloud Run services: Running in the same VPC as the VPN but with different local IPs than the one configured in the tunnel
Constraints
Cannot modify the tunnel configuration
Cannot select a different range of local IPs for the tunnel
Attempted Solutions
I tried creating a Private Cloud NAT in the subnet, but I couldn’t specify a single local IP.
Core Question
Is there a method to route traffic from instances through a VPN tunnel with a single Local IP?
The only solution I can think of is to create another instance in the subnet with the Local IP advertised in the tunnel to act as a proxy between the instances and the tunnel. However, this seems inefficient. Are there any alternatives I’m overlooking?
Any guidance or suggestions would be greatly appreciated. Thank you!
Taking a step back for a minute - what is it you’re looking to do? What’s your actual use case?
You have services running on VMs and cloud run that need private connectivity to services that sit on another side of a vpn tunnel it seems.
What problem are you actually trying to overcome with your proposed solution?
No sure if I understand your problem though. Do you want to route all the traffic via the VPN tunnel so that on the other end it sees only one IP for all the VMs and Cloud Run? For that you would need a NAT or Proxy (depending on the type of traffic).
If you just want to route all traffic from your VMs and CRs to the VPN tunnel, then you need to adjust the routes in the VPC to route all traffic to the Cloud Router associated with your VPN.
You would have something along the lines in the VPC routes
0.0.0.0/0 default router,and would need to change this to 0.0.0.0/0 Router associated with VPN.
Or if you want specific network ranges, add a route for those specific network ranges and associate it with the Router associated with the VPN.
I have a configured a VPN tunnel with a single local ip address on my end.
In the same VPC I have several VMs with different local/private ips and I need them to make requests through the tunnel.
Is it possible that those VMs can send requests through that IP that is configured in the tunnel?
I can change routes but the local IP has to be always the same… the one that is configured in the tunnel.
No sure if I understand your problem though. Do you want to route all the traffic via the VPN tunnel so that on the other end it sees only one IP for all the VMs and Cloud Run? For that you would need a NAT or Proxy (depending on the type of traffic).
Yes, in the end the other part of the tunnel will only accept requests coming from 10.61.11.174 which is the private IP configured in the tunnel.
If you just want to route all traffic from your VMs and CRs to the VPN tunnel, then you need to adjust the routes in the VPC to route all traffic to the Cloud Router associated with your VPN.
You would have something along the lines in the VPC routes
0.0.0.0/0 default router,and would need to change this to 0.0.0.0/0 Router associated with VPN.
Or if you want specific network ranges, add a route for those specific network ranges and associate it with the Router associated with the VPN.
I need that when I make requests from these VMs on the other side of the tunnel they all come from 10.61.11.174 but they can also make requests to other places outside the tunnel, in this case I don’t care if it is not the same private IP.
Anyway thanks for your help, I will try to change the routes and do some tests. I will come back with the results.