Site to site VPN between Google cloud and my home LAN

I am trying to establish site to site vpn from Google cloud to my home. I am using Route based VPN option in Google cloud and I see that the connection is established from my home to Google cloud. When I ping my home network from Google compute instance, I can see the incoming traffic at home. But, Google compute instance is not receiving any traffic. I have the following routes

Default route destination next hop Internet gateway (automatically created)
Default route destination next hop vpc-network (automatically created)
Route destination next hop vpn-tunnel (I created to route traffic from GCP to my home)
The firewall is open from any ip to vpc network.

I am thinking it is a Routing/Firewall problem, but lost on the next steps to debug. Any help is appreciated.


Reading the previous comments I can see that:

  • Your firewall rules to allow connections from the on-prem network seem to be OK.
  • The routes from GCP to on-prem, and from on-prem to GCP seem to be OK as well.

There is a troubleshooting document published by google that may be useful for your case. In the section named “Connectivity works for some VMs, but not for others”, it says that “you might have traffic selectors that exclude certain sources or destinations”. This may be happening since you have a route based VPN.

The document suggest deleting and re-creating the tunnel in order to change traffic selectors for the Cloud VPN tunnel. When creating the new tunnel, you only have to specify the remote traffic selector as mentioned in the GCP document to create a Route Based VPN. It looks like it’s since that’s the only route using the VPN tunnel as a gateway in the screenshot you provided.

Good luck!

Source : Link , Question Author : NCY , Answer Author : Alfredo GH

Leave a Comment