V. VPN (Virtual Private Networking)

Configuring an IPsec VPN tunnel - DrayTek Vigor Router to Google Cloud

Products:
Vigor 2620Ln
Vigor 2762
Vigor 2765
Vigor 2832
Show all

Keywords:
Cloud
Cloud Platform
Google Cloud
Google Cloud Platform
Show all

Google Cloud Platform

Google's Cloud Platform is a cloud service from Google, within which users can create virtual servers and services, with the ability to process & manage data and transfer files to & from those servers within the Google Cloud.

Google Cloud's Platform can use IPsec VPN tunnels to secure data being transferred into and out of the Cloud. This guide demonstrates how to establish a secure IPsec VPN tunnel from a DrayTek Vigor router to a private virtual network within Google's Cloud Platform.

 Requirements
1. DrayTek Vigor router with IKEv2 IPsec VPN support - typically the DrayTek Vigor 2860 series and later models
2. Internet connection with a fixed / static public IP address

VPN Configuration on the Google Cloud Platform

1. Access the Google Cloud Platform management interface

  • Open the Menu
  • Click Hybrid Connectivity
  • Click VPN

Google setting VPN

2. Click Create VPN Connection

Google Setting VPN Enable

3. Select the Region, then click IP address

This is required to create an IP address from the Google Cloud Platform network that the IPsec tunnel can connect through.

Google Setting IP

4. Specify a Name

After clicking the IP Address field, specify a Name to identify the purpose of this IP address on Google's network. Click Reserve and Google will provision an external IP address for VPN use.

Google setting IP reserve

5. Tunnel Settings

In the tunnel settings:

Name Name of the VPN tunnel on the Google Cloud Platform
Description Enter a description for the VPN tunnel
Remote peer IP address Enter the DrayTek Vigor router's public IP address - the Google Cloud Platform VPN service will dial-out to this address
IKE Version Select IKEv2
Shared Secret The password for the VPN tunnel. This will be entered later in the Vigor router's IPsec IKE Pre-Shared Key. This should ideally be at least 20 random ASCII characters (up to 64 characters) to secure the tunnel
Routing Options Select Route-based
Remote network IP ranges The subnets that you want to route from the DrayTek router through to the Google Cloud network. This must be entered in CIDR notation, so a router IP of 192.168.1.1 with a subnet mask of 255.255.255.0 would be entered as "192.168.1.0/24"
Google setting tunnel

6. Click Network in the VPN interface

Google Network

7. Configure the Network Settings

The network of this project will be shown on this page, the IP address of the region selected in Step 3 will be displayed in the list of subnets used by the Google Cloud Platform network for the purposes of creating a secure VPN tunnel.

For example, if you select "europe-west1", the IP address range of 10.132.0.0/20 would be used for establishing the VPN tunnel with the DrayTek router

Google Remote Network

 

VPN Configuration on the DrayTek Vigor router

8. Create VPN Profile

In the DrayTek Vigor router's web interface, go to [VPN and Remote Access] > [LAN to LAN]

Click an available index number i.e. 1. to configure the VPN profile.

  • Enter the Profile name
  • Select Dial-in
  • Enable this profile

Router Dial in

9. Configure VPN Profile

Configure the VPN profile's section "3. Dial-In Settings" and section "5. TCP/IP Network Settings"

  • Select IPsec Tunnel as the allowed Dial-In Type
  • Referring back to Step 6, enter the network IP from your selected region in the Google Cloud VPN configuration, into the Remote network IP and Remote Network Mask
  • Put the Local Network IP and Mask

Router Network Settings

10. Enter Pre-Shared Key

Go to [VPN and Remote Access] > [IPsec General Setup]

Enter the "Pre-shared key", the key needs to be the same as the shared secret in Step 4.

Note: If you know the Google IP Address which google will use, then you can skip step 10 and instead enter the PSK in Step 9 above after inputting the source IP in the "Specify Remote VPN Gateway" field

Preshared Key

11. Check VPN Status

After setting up, we can see the information about the connection:

In the DrayTek router's web interface under [VPN and Remote Access] > [Connection Management]:

Connection Management

In the Google Cloud Platform management interface, the VPN section displays the status of the VPN tunnel:

VPN


How do you rate this article?

1 1 1 1 1 1 1 1 1 1