Site to Site VPN for Google Kubernetes Engine

In this tutorial I will try to explain you briefly and concisely how you can set up a site-to-site VPN for the Google Cloud Network.


Prerequisites

We need 2 virtual machines. The first one on the side of our office and the other one on the side of Google.


Setup OpenVPN Clients


Site-to-Site Client Office Side

We need to install OpenVPN, we do it as follows:


apt install openvpn -y


After that we add our OpenVPN configuration under this path

/etc/openvpn/s2s.conf
# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun

# Our OpenVPN peer is the Google gateway.
remote IP_GOOGLE_VPN_CLIENT 

ifconfig 4.1.0.2 4.1.0.1

route 10.156.0.0 255.255.240.0            # Google Cloud VM Network
route 10.24.0.0 255.252.0.0               # Google Kubernetes Pod Network

push "route 192.168.10.0 255.255.255.0"   # Office Network 

# Our pre-shared static key
#secret static.key

# Cipher to use
cipher AES-256-CBC

port 1195

user nobody
group nogroup

# Uncomment this section for a more reliable detection when a system
# loses its connection.  For example, dial-ups or laptops that
# travel to other locations.
 ping 15
 ping-restart 45
 ping-timer-rem
 persist-tun
 persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3

log /etc/openvpn/s2s.log

About

My name is Alex Wellnitz and I'm a software developer/DevOps engineer. I'm from Germany, living in Rheinland-Pfalz and currently working at ComValue.

Archives

Elsewhere

  1. GitHub
  2. Twitter
  3. Dev.to