search
GoodAccess WebsiteRequest Free TrialDownload App

Google Cloud

This guide will show you how to connect your Google Cloud to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

hashtag
Step 1 - Creating a new cloud connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.arrow-up-right

Click + Add new, enter a Name (e.g., GCP Production), select the required Gateway, and define the Subnets of your Google Cloud VPC (using CIDR notation).

Choose IPSec Protocol, and click Continue.

Fill out the configuration form (Public IP, Pre-Shared Key, etc.). These parameters must match the configuration you will set in your Google Cloud environment in the next steps.

Click Submit to finish, or Continue to define optional Branch Segments for finer access control.

circle-info

You may return to the configuration via the Edit button of your Cloud at any time.

circle-info

Example of configuration (Default preset):

  • Shared Secret - Create a new strong password

  • Public IP - IP of your Google Cloud VPN gateway

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 16 - modp4096

  • Diffie-Hellman Groups (Phase 2) - 16 - modp4096

hashtag
Step 2 - Creating a new VPN connection

Log in to the Google Cloud consolearrow-up-right, and go to Network Connectivity > VPNarrow-up-right, and click Create VPN Connection.

Select Classic VPN, and click Continue.

Google Cloud console with key steps to creating a new VPN connection.
Creating a new VPN connection
Google Cloud console with key steps to creating a new VPN connection.
Creating a new VPN connection

hashtag
VPN gateway

  • Name - Give the VPN gateway a name

  • Network - Select default or a specific VPC

  • Region - Preferably the region in which your resources lie

  • IP address - Create an IP address

Google Cloud console with key steps to configuring a new VPN gateway.
Setting up a new VPN gateway

hashtag
Tunnels

  • Name - Give the tunnel a name

  • Remote peer IP address - IP of your GoodAccess Gateway

  • IKE version - IKEv2

  • IKE pre-shared key - Shared Secret (Step 1)

  • Routing options - Route-based

  • Remote network IP ranges - Subnet of your GoodAccess Gateway

Click Done and then Create.

Google Cloud console with key steps to configuring tunnel for the new VPN gateway.
Setting up tunnel for the new VPN gateway

You have now successfully connected your Google Cloud resources to GoodAccess.

circle-exclamation

Firewall rules

Make sure you allow connections from your GoodAccess Gateway private subnet to the resources in your VPC (e.g., virtual machines, databases, etc.).

Depending on your Google Cloud security setup, you may need to allow this communication in:

  • Cloud Firewall

  • Cloud NGFW

circle-info

You may check the status of the connection in:

  • GoodAccess: Go to Control Panel > Network > Clouds & Branches to view the tunnel status. Use the Test Connection button to validate the IPsec tunnel itself, or optionally to test a specific system (target must have ICMP enabled).

  • Google Cloud: Go to Network Connectivity > VPN.

PreviousAWSNextMicrosoft Azure

Last updated

Was this helpful?