VPN gateways provide secure connectivity between multiple sites, such ason-premises data centers, Google Cloud Virtual Private Cloud (VPC) networks,and Google Cloud VMware Engine private clouds. Traffic is encrypted because the VPNconnections traverse the internet. Each VPN gateway can support multipleconnections. When you create multiple connections to the same VPN gateway, allVPN tunnels share the available gateway bandwidth.
VMware Engine supports VPN connectivity by using the following typesof gateways:
- Point-to-site VPN gateways: for point-to-site connections, like connectingfrom your computer to your private cloud
- Cloud VPN or Cloud Interconnect:for site-to-site connections, like establishing a connection between youron-premises network and your private cloud
For more details about Cloud VPN and Cloud Interconnect, seeChoosing a Network Connectivity product.
Point-to-site VPN gateways
A point-to-site VPN gateway sends encrypted traffic between aVMware Engine network and a client computer. You can use a VPNgateway to access your private cloud network, including your private cloudvCenter and workload VMs. To connect to your private cloud after you set up yourVPN gateway, see Connecting using VPN.
To set up a point-to-site VPN gateway, first choose a marketplace vendorsolution. You can deploy marketplace VPN gateway solutions as VMs on aVPC network connected to your private cloud. Alternatively, youcan deploy VPN gateway VMs in VMware Engine, then expose and securethem using the VMware Engine public IP service and external firewallrules.
After you set up the VPN gateway, extend the encryption domain to include boththe management and NSX-T subnets in your private cloud. If preferred, you cansummarize or group subnets when setting up your encryption domain.
To get a list of the subnets to add to your encryption domain, do the following:
- Access the Google Cloud console.
- From the main menu, go to Subnets.
- From the Subnet column, copy the IP address ranges that you want to getaccess to remotely.
Example: OpenVPN Access Server
For example, OpenVPN Access Server is amarketplace solution for a VPN gateway. After you activate the appliance, youdeploy a host VM for the gateway that allows transit to VMware Enginenetworks.
To access the encryption domain settings in the OpenVPN Access Server administratorpanel, go to Configuration> VPN Settings> Routing.Then, enter a list of your subnet IP address ranges in the field labeled"Specify the private subnets to which all clients should be given access".
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-10 UTC.
[{ "type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }]