The following are the parameters used in this example setup, but should be changed to match the actual environment: GCE Instance Name: gcp-vpn-01 GCE Instance IP (Internal): 10.1.2.2 GCE Instance IP (External): 35.185.42.90 GCP XPN Network Range: 10.1.0.0/16 Lab External IP: 104.139.101.201 Lab Network Range: 192.168.1.0/24 Creating the GCE Instance for Libreswan OverviewĬreate the instance in your XPN Host Project, if using Cross Project Networking if only aiming to create the VPN for a single project, simply create it in that project.ĬentOS 7 was chosen as the distribution in this example, so if using Debian or Ubuntu then the commands shown will change slightly in regards to package managers used, as well as possibly location of files, etc. Then check to see if Server connectivity no longer shows Blocked. Use the CLI from the Edgerouter to configure the OpenVPN with the following commands Your VPN configured on network 192.168.200.0/24.
Creating GCP Route for Network to Connect Because the Edgerouter webconsole is alo on 443, i will change the webconsole to port 4443.can set up two tunnels to the same gateway and failover when one line goes down. Configuring the GCE Instance for Libreswan Only traffic matching the defined policy is pushed into the VPN tunnel.Creating the GCE Instance for Libreswan.This example is similar to the behavior described in AWS’ “ Connecting Multiple VPCs with EC2 Instances” tutorial, for reference. If there is something else preferred on the other end, it should be trivial to swap it in. There is nothing requiring a Ubiquiti device on the other end, but it’s a popular lab router and avoids having to manage a virtual machine on the other side. The VPN tunnel goes down frequently If your VPN tunnel goes down often, check the Phase 2 settings and either increase the Keylife value or enable Autokey Keep Alive. Select Show More and turn on Policy-based IPsec VPN. The following guide will walk through the steps to connect a Google Compute Engine (GCE) instance running Libreswan to a separate network with a Ubiquiti EdgeRouter. The options to configure policy-based IPsec VPN are unavailable Go to System > Feature Visibility. It would be tedious, though, so for production just use the Google Cloud VPN. With that said, theoretically, this GCE setup could be configured with redundancy with multiple higher-powered instances if scripts were set up to monitor the VPN and manage failover, and all that jazz.
0 kommentar(er)
