Site to Site VPN for Google Kubernetes Engine

In this tutorial I will try to explain you briefly and concisely how you can set up a site-to-site VPN for the Google Cloud Network.


We need 2 virtual machines. The first one on the side of our office and the other one on the side of Google.

Setup OpenVPN Clients

Site-to-Site Client Office Side

We need to install OpenVPN, we do it as follows:

apt install openvpn -y

After that we add our OpenVPN configuration under this path

# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun

# Our OpenVPN peer is the Google gateway.


route            # Google Cloud VM Network
route               # Google Kubernetes Pod Network

push "route"   # Office Network 

# Our pre-shared static key
#secret static.key

# Cipher to use
cipher AES-256-CBC

port 1195

user nobody
group nogroup

# Uncomment this section for a more reliable detection when a system
# loses its connection.  For example, dial-ups or laptops that
# travel to other locations.
 ping 15
 ping-restart 45

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3

log /etc/openvpn/s2s.log


My name is Alex Wellnitz and I'm a software developer/DevOps engineer. I'm from Germany, living in Rheinland-Pfalz and currently working at ComValue.



  1. GitHub
  2. Twitter