Giter Site home page Giter Site logo

Comments (3)

olegkorol avatar olegkorol commented on June 13, 2024 1

Update

I ran the vpn.sh script as usual, then made a backup of the "original" IPSec config file:

mv /etc/ipsec.conf{,.original}

...and replaced it with another configuration, as suggested here (replacing xxx with the right addresses):

config setup
    protostack=netkey

conn mysubnet
     also=mytunnel
     leftsubnet=xxx # (in my case 10.0.0.0/24)
     rightsubnet=xxx # (in my case 10.108.0.0/20)
     auto=start

conn mytunnel
    left=xxx # the external IP of *this* server
    right=xxx # the external IP of GCP's Cloud VPN Gateway
    authby=secret

Then I restarted the IPSec VPN:

sudo ipsec restart

Ping: GCP -> local network

✅ This time I was able to ping from a VM in GCP to the "local network" (simulating it with a VM on DigitalOcean for now):

ping 10.108.0.2 # this being the internal IP of the DO VM

Ping: local network -> GCP

No luck yet pinging in the opposite way – but that's not crucial for now, since the communication in my use-case is intended to be one-way only.

Call API on local network from GCP

I tried to run a test-API with a Node.js server on the "local network" (on port 3000) and calling it from GCP – but it did not work straightaway:

curl 10.108.0.2:3000
curl: (7) Failed to connect to 10.108.0.2 port 3000 after 83 ms: Couldn't connect to server

⚠️ This is because I was running the Node.js server with hostname 127.0.0.1 (aka. localhost). In order to be able to access it from other devices in the same network, the hostname has to be set to 0.0.0.0.

So, everything seems to be working as expected now (aside from Ping: local network -> GCP).

FYI @hwdsl2

from setup-ipsec-vpn.

hwdsl2 avatar hwdsl2 commented on June 13, 2024

@olegkorol Hello! Thank you for providing the details of your use case. Unfortunately, this is not currently supported in this project. The Cloud VPN Gateway in GCP uses IKEv2 with pre-shared keys, while this project requires certificate-based authentication for IKEv2, or pre-shared keys with username/password for IKEv1.

If you would like to explore the use case further yourself, you may refer to these configuration examples and/or ask on the Libreswan users mailing list.

from setup-ipsec-vpn.

olegkorol avatar olegkorol commented on June 13, 2024

Thanks for the swift reply, @hwdsl2!
I'll check those resources and see if I can get this up and running :)

from setup-ipsec-vpn.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.