# Google Cloud

## Step 1 - Creating a new cloud connection

[Log in to the GoodAccess **Control Panel**, and go to **Network** > **Clouds & Branches**.](https://app.goodaccess.com/branches/)

Click **+ Add new**, enter a **Name** (e.g., GCP Production), select the required **Gateway**, and define the **Subnets** **of your Google Cloud VPC** (using CIDR notation).

Choose **IPSec** **Protocol**, and click **Continue**.

Fill out the configuration form (Public IP, Pre-Shared Key, etc.). These parameters must match the configuration you will set in your Google Cloud environment in the next steps.

Click **Submit** to finish, or **Continue** to define optional **Branch Segments** for finer access control.

{% hint style="info" %}
You may return to the configuration via the **Edit** button of your Cloud at any time.
{% endhint %}

{% hint style="info" %}
**Example of configuration (Default preset):**

* **Shared Secret** - Create a new strong password
* **Public IP** - IP of your Google Cloud VPN gateway
* **IKE Lifetime (Phase 1)** - 8 hours (28800 seconds)
* **Tunnel Lifetime (Phase 2)** - 1 hour (3600 seconds)
* **Dead Peer Detection Delay** - 30 seconds
* **Encryption (Phase 1)** - aes256
* **Encryption (Phase 2)** - aes256
* **Integrity (Phase 1)** - sha256
* **Integrity (Phase 2)** - sha256
* **Diffie-Hellman Groups (Phase 1)** - 16 - modp4096
* **Diffie-Hellman Groups (Phase 2)** - 16 - modp4096
  {% endhint %}

## Step 2 - Creating a new VPN connection

Log in to the [Google Cloud console](https://console.cloud.google.com/), and go to [**Network Connectivity** > **VPN**](https://console.cloud.google.com/hybrid/vpn/), and click **Create VPN Connection**.

Select **Classic VPN**, and click **Continue**.

<div data-full-width="false"><figure><img src="https://418253935-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FiJ406Lpi9EKoWDi7GFL7%2Fuploads%2F90zOBBAdTMFDLdbK0xqA%2FCloud_Connector_Google_01.png?alt=media&#x26;token=05e2b339-e364-49b8-91e6-27094ecbfc24" alt="Google Cloud console with key steps to creating a new VPN connection."><figcaption><p>Creating a new VPN connection</p></figcaption></figure> <figure><img src="https://418253935-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FiJ406Lpi9EKoWDi7GFL7%2Fuploads%2FWOQ2NBddffYYiR7rfRt5%2FCloud_Connector_Google_02.png?alt=media&#x26;token=9d1581e3-06f6-4520-a634-4a63c2ea75e4" alt="Google Cloud console with key steps to creating a new VPN connection." width="233"><figcaption><p>Creating a new VPN connection</p></figcaption></figure></div>

### VPN gateway

* **Name** - Give the VPN gateway a name
* **Network** - Select default or a specific VPC
* **Region** - Preferably the region in which your resources lie
* **IP address** - Create an IP address

<figure><img src="https://418253935-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FiJ406Lpi9EKoWDi7GFL7%2Fuploads%2FS97hElhaNK9ZCVPvdAYW%2FCloud_Connector_Google_03.PNG?alt=media&#x26;token=8907edf2-931d-4643-add0-b7c3ec900f60" alt="Google Cloud console with key steps to configuring a new VPN gateway."><figcaption><p>Setting up a new VPN gateway</p></figcaption></figure>

### Tunnels

* **Name** - Give the tunnel a name
* **Remote peer IP address** - IP of your GoodAccess Gateway
* **IKE version** - IKEv2
* **IKE pre-shared key** - Shared Secret [(Step 1)](#step-1-creating-a-new-cloud-connection)
* **Routing options** - Route-based
* **Remote network IP ranges** - Subnet of your GoodAccess Gateway

Click **Done** and then **Create**.

<figure><img src="https://418253935-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FiJ406Lpi9EKoWDi7GFL7%2Fuploads%2FAVY9kwDrHLwHwq0Ry1om%2FCloud_Connector_Google_04.png?alt=media&#x26;token=c42bbe0d-1864-47e4-be25-9ae419473a10" alt="Google Cloud console with key steps to configuring tunnel for the new VPN gateway."><figcaption><p>Setting up tunnel for the new VPN gateway</p></figcaption></figure>

You have now successfully connected your Google Cloud resources to GoodAccess.

{% hint style="warning" %}
**Firewall rules**

Make sure you allow connections from your **GoodAccess Gateway private subnet** to the resources in your **VPC** (e.g., virtual machines, databases, etc.).

Depending on your Google Cloud security setup, you may need to allow this communication in:

* **Cloud Firewall**
* **Cloud NGFW**
  {% endhint %}

{% hint style="info" %}
**You may check the status of the connection in:**

* **GoodAccess:** Go to **Control Panel > Network > Clouds & Branches** to view the tunnel status. Use the **Test Connection** button to validate the IPsec tunnel itself, or optionally to test a specific system (target must have ICMP enabled).
* **Google Cloud:** Go to **Network Connectivity > VPN**.
  {% endhint %}