Troubleshooting Google Compute Engine Network Firewall VPN

0
votes

How can I troubleshoot GCE firewall issues? We're running some GCE servers and connecting to a non-google network via ipsec using google beta vpn service (although I had the same problem with GCE and my own StrongSwan instance in the past and could never fix it there either).

I'm trying to connect to 192.168.4.176 (a linux box with no firewall running) and I'm pretty sure google is blocking the traffic. The VPN is fine. I can ping 192.168.4.180. But I can't ping 192.168.4.176. And nc 192.168.4.176 22 just times out.

I can run a SSL VPN from a gce instance and can ping 192.168.4.176 without issue.

Here's a screenshot of the GCE network. I also tried routes/firewall rules with 192.168.4.1/24 but those didn't work either for connecting to .176 but .180 was fine. Any ideas on what to try?

Here are the gce network details enter image description here

Here's the gce vpn screen enter image description here

Here's the gce vpn detail screen enter image description here

And from the remote network I can ping my 10.x gce instances from 192.168.4.180 (which I should since I'm allowing that). But I can't ping any gce 10.x addresses from 192.168.4.176 (which I interpret that the google firewall is blocking the traffic even though I have it configured to let it through).

1
google-compute-engine

1 Answers

0
votes

can you confirm that the secret key for the .176 VPN is correctly configured on both ends? the firewall rule for .176 VPN - is that added in GCE firewall section, mapping the right network where the VPN tunnel was created.

Does the VPN UI status show a Green tick mark for both the tunnels?

You could also View VPN Logs from GCP UI : from the UI Console,left menu Monitoring -> Logs, and then select "Compute Engine"-> "targetVPNgateway" and select the tunnels and "ipsec_events" dropdown. Check the log when you access the .176 VPN to observe the likely packet flow.