Comments (3)
Update
I ran the vpn.sh
script as usual, then made a backup of the "original" IPSec config file:
mv /etc/ipsec.conf{,.original}
...and replaced it with another configuration, as suggested here (replacing xxx
with the right addresses):
config setup
protostack=netkey
conn mysubnet
also=mytunnel
leftsubnet=xxx # (in my case 10.0.0.0/24)
rightsubnet=xxx # (in my case 10.108.0.0/20)
auto=start
conn mytunnel
left=xxx # the external IP of *this* server
right=xxx # the external IP of GCP's Cloud VPN Gateway
authby=secret
Then I restarted the IPSec VPN:
sudo ipsec restart
Ping: GCP -> local network
✅ This time I was able to ping
from a VM in GCP to the "local network" (simulating it with a VM on DigitalOcean for now):
ping 10.108.0.2 # this being the internal IP of the DO VM
Ping: local network -> GCP
❌ No luck yet ping
ing in the opposite way – but that's not crucial for now, since the communication in my use-case is intended to be one-way only.
Call API on local network from GCP
I tried to run a test-API with a Node.js server on the "local network" (on port 3000) and calling it from GCP – but it did not work straightaway:
curl 10.108.0.2:3000
curl: (7) Failed to connect to 10.108.0.2 port 3000 after 83 ms: Couldn't connect to server
127.0.0.1
(aka. localhost
). In order to be able to access it from other devices in the same network, the hostname has to be set to 0.0.0.0
.
So, everything seems to be working as expected now (aside from Ping: local network -> GCP
).
FYI @hwdsl2
from setup-ipsec-vpn.
@olegkorol Hello! Thank you for providing the details of your use case. Unfortunately, this is not currently supported in this project. The Cloud VPN Gateway in GCP uses IKEv2 with pre-shared keys, while this project requires certificate-based authentication for IKEv2, or pre-shared keys with username/password for IKEv1.
If you would like to explore the use case further yourself, you may refer to these configuration examples and/or ask on the Libreswan users mailing list.
from setup-ipsec-vpn.
Thanks for the swift reply, @hwdsl2!
I'll check those resources and see if I can get this up and running :)
from setup-ipsec-vpn.
Related Issues (20)
- 客户端互ping不通 HOT 1
- Unable to Connect to Ikev2 protocol HOT 1
- Increase maximum no of simultansous connections using same ikev2 file HOT 5
- Can I generate files while adding a new user for ikev2 with encryption algorithm ed448 or ed25519? HOT 1
- Can I use nftables instead of iptables HOT 1
- 目前手机是华为鸿蒙4.0系统,可以使用华为手机自带vpn连接不,不使用第三方vpn HOT 1
- OpenVPN overs IKEv2 slow HOT 1
- Error: Connection activation failed: The 'strongswan' plugin only supports a single active connection. HOT 2
- Windows客户端使用IKEv2连接成功一两个小时出现无法ping通,断开重连后恢复 HOT 1
- 【解决方案】Windows客户端IKEv2连接一段时间后丢失连接 HOT 2
- in ikev2setup.sh shouldn't this use openssl sha2 HOT 2
- 没事了
- Renew revoked or expired certificate HOT 1
- apt-get Install Failed HOT 2
- 路由器端口回流功能失效 HOT 1
- Telegram notification HOT 1
- ipsec.conf obsolete keyword dpdaction and fail2ban conf warning HOT 1
- Enable PFS for LT2P IPSEC HOT 3
- How many clients that many config files (not all clients want same dns servers)? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from setup-ipsec-vpn.