Is it possible to use Google App Engine with Google Cloud VPN?

7
votes

The documentation from Google is not really clear about it. Here ( https://cloud.google.com/compute/docs/vpn/overview ) it says

Google Cloud VPN securely connects your existing network to your Google Cloud Platform (GCP) network through an IPsec VPN connection

Considering that Both Google App Engine (GAE) and Google Compute Engine (GCE) are part of Google Cloud Platform (GCP), it would mean that Google Cloud VPN works for both GAE and GCE.

Also, the section for Cloud VNP is at the same level than GAE and GCE in the project console : enter image description here

But the documentation is located in /compute/docs which should not obviously be compatible with /appengine/docs

And here is a graph describing the tunnel, which talks only about GCE, which could exclude GAE : enter image description here

So, is GAE compatible with Cloud VPN or is it restricted to GCE only ?

2
google-app-enginevpngoogle-cloud-platform
Vanilla AppEngine does not use fixed IPs so even if you could create a tunnel into the same network (which to my knowledge you can't) you wouldn't be able to send a request to the app engine instance, you simply wouldn't know where to send the request. If you use the flexible environment it's a different story. The flexible environment uses compute instances.konqi
I use standard GAE environment with Java 7Maxime T
docs say "with your GCP network". gcp network is part of compute engine. appengine does not have a network.Zig Mandel
I've seen on another stackoverflow that it could be possible to communicate from the AppEngine to a VM based backend. Could it be possible to then link this VM based backend to the Cloud VPN ?Maxime T
is it possible to provide more details about your use case?George

2 Answers

8
votes

Google Cloud VPN securely connects your existing network to your Google Cloud Platform (GCP) network through an IPsec VPN connection. Therefore, only resources that are connected to GCP networks can communicate through Cloud VPN tunnels.

App Engine Flexible Environment is based on Google Compute Engine and consequently can connect to your remote network via Cloud VPNs. As described in this article, you can specify network settings in your app.yaml configuration file of your GAE Flexible application.

3
votes

EDIT Rodrigo Torres has pointed out that this is NOW possible.

(Leaving up the old post below. It is now WRONG!!!)

OLD POST:

Google App Engine standard CAN'T use VPN directly, however the new Flexible Google App Engine (now officially released, no longer in beta) CAN use it directly. Just set up google cloud VPN and your network from the console and make sure to include the network in your app.yaml file.

Flexible App Engine is be the easiest way for new applications to utilize VPN connections since there won't be any migration headaches.

For a standard app engine application that can't be ported over to flexible for whatever reason, you CAN still use a VPN connection - however, it requires a service to be running on flexible app engine (or compute engine), and your app will need to interface with it somehow. This may be the simplest method, as migrating from standard to flexible is not the simplest of tasks. I know - I've done it.