Facing trouble while connecting GCP VPN from local computer

Question

I am trying to connect GCP VPN from my local work station (windows 8.1).

On GCP, I have created Route Based VPN and VPN tunnel as google cloud's documentation. I have used IKEv2 on routing.

On my local computer I have created a VPN over IPSec using shared secret generated from GCP. Here is the screen shot of my local VPN settings:

While connecting the vpn from my windows 8.1 pc, it shows the following error:

and in the GCP side, VPN tunnel status shows:

IKE version mismatch

in the Cloud VPN Gateway log it shows:

establishing IKE_SA failed, peer not responding

It seems IKE version is not matching in both side. Am I missing anything that failed to match IKE version? or any way to enable 'IKEv2' on my windows pc? Any kind of suggestions are welcome.

Thanks in advance!

Answer 1

Cloud VPN is rather end-point to end-point; which may provide tunnels in between networks, with overlapping sub-nets. in order to connect with your client, you'd to setup an OpenVPN Access Server or alike, to provide the gateway which to connect.

Answer 2

As per GCP Cloud VPN features

GCP Cloud VPN uses ESP in Tunnel mode with authentication. Cloud VPN does not support AH or ESP in Transport mode. Note that Cloud VPN does not perform policy-related filtering on incoming authentication packets. Outgoing packets are filtered based on the IP range configured on the Cloud VPN gateway.

From your description, I am guessing you are trying to configure remote access VPN which is different from site-to-site VPN and not possible using Cloud VPN in one side and windows machine in another end.

However, as workaround, I would recommend using Strongswan VPN software to set up a VPN gateway on one of your instances. Which is also documented in GCP under "Set up an instance as a VPN gateway" in cases where Cloud VPN doesn't provide the required functionality.