To establish a stable, persistent connection between a Google Cloud Platform (GCP) private cloud and your Orka environment, you need to configure a policy-based IPsec site-to-site VPN between the two clouds. Currently, you can create only a classic VPN connection with policy-based routing from GCP to Orka. It consists of one tunnel and one interface and does not provide high availability. For more information about this option, see Google Cloud Documentation: Classic VPN.You need:
- The IP address for the
FW1-Outsidenetwork from your IP Plan.- The CIDR notation for the
Private-1network from your IP Plan.- . Most likely:
10.221.188.0/24or10.10.10.0/24.
Step 1: Log in to GCP
- Log in to the GCP console with your credentials.
- In the toolbar at the top, make sure that you’re working with the correct project.
Step 2: Create the VPN connection
- From the GCP console sidebar, scroll to the Networking section and select Hybrid Connectivity > VPN.
Step 3a: Create gateway and tunnel
If you don’t have a classic VPN gateway that you want to use, complete the following steps.- If you don’t have any VPNs created yet, click Create VPN connection.
- If you have one or more VPNs created, click + VPN SETUP WIZARD.
- Select Classic VPN and click Continue.
The High-availability (HA) VPN is currently not supported as an option. For more information about the available options, see Google Cloud Documentation: Choosing a VPN option. - In the Google Compute Engine VPN gateway section, provide Name and Description.
- For Network , select the GCP network that needs to be able to access Orka.
- Select Region.
For more information about this setting, see Google Cloud Documentation: Regions and Zones. - Select or create a reserved IP address for the connection.
You will need this IP address when you configure the Orka side of the tunnel. - In the Tunnels section, provide Name and Description.
- For Remote peer IP address , provide the IP address for the
FW1-Outsidenetwork from your IP Plan. - For IKE version , verify that IKEv2 is selected.
- Provide or generate an IKE pre-shared key.
IMPORTANT
Keep a record of the pre-shared key. You will need it later.
- For Routing options , select Policy-based.
- For Remote network IP ranges , provide the IP range in CIDR notation for the
Private-1network from your IP Plan. - (Optional) Select one or more GCP subnetworks to reduce latency between your GCP private cloud and your Orka private cloud.
For more information, see Google Cloud Documentation: Networks and subnets. - (Optional) Provide one or more IP ranges within your GCP local network that needs to access Orka.
- Click Done.
- Click Create.
First handshake.
Example: Create gateway and tunnel
This image shows a sample configuration for the VPN gateway and tunnel.Step 3b: Add a new tunnel to an existing gateway
If you have an existing classic VPN gateway that you want to use for the connection, complete the following steps.- Select Cloud VPN Tunnels and click Create VPN tunnel.
- Select the VPN gateway that you want to use and click Continue.
IMPORTANT
Make sure that you have selected a classic VPN gateway. High-availability gateways are not supported.
- Provide Name.
- (Optional) Provide Description.
- For Remote peer IP address , provide the IP address for the
FW1-Outsidenetwork from your IP Plan. - For IKE version , verify that IKEv2 is selected.
- Provide or generate an IKE pre-shared key.
IMPORTANT
Keep a record of the pre-shared key. You will need it later.
- For Routing options , select Policy-based.
- For Remote network IP ranges , provide the IP range in CIDR notation for the
Private-1network from your IP Plan. - (Optional) Select one or more GCP subnetworks to reduce latency between your GCP private cloud and your Orka environment.
For more information, see Google Cloud Documentation: Networks and subnets. - (Optional) Provide one or more IP ranges within your GCP local network that needs to access Orka.
- Click Create.
First handshake.