linux - GCE Linux VM Can't access peer VPN hosts
问题描述
I have an issue with Google Cloud VPN and tunneling to a peer VPN. The tunnel is up and running but I cannot connect to any points on the peer network from my GCE VM.
My setup looks like the following:
- A custom VPC network with one interal IP-range. Let's call it
custom-net - A classic VPN Gateway with a IPSec tunnel to a peer VPN. The tunnel has status
Established. The VPN Gateway has a Reserved IP address to it. The VPN Gateways VPC network iscustom-net. - Three routes on
custom-net:- Local route to the only subnet, prio 1000
- To default internet gateway, prio 900
- To the gateway tunnel, prio 1000
- A fresh Linux VM in GCE. Let's call it
vm1. It has one network interface oncustom-neton its only sub network. - Two firewall rules in GC that allow everything Ingress and Egress.
I can connect to vm1 with ssh and access the internet from it, but I cannot access any points in the peer VPN despite the tunnel being status Established. The IP-range on custom-net does not interfere with any ranges on the peer network.
What could be the issue here? I'm novice in network setups. Could it be something missing in the routing, or do I have to do some configuration in vm1 to get this to roll?
Any help appreciated!
解决方案
For the routes Google Cloud automatically creates one route for each remote IP range you specify. This shouldn't be an issue
That said, several points can be checked to further troubleshoot this:
If you use policy based tunnel make sure the ip addresses you are trying to reach are declared in your traffic selectors. Moreover check on stackdriver logs for the tunnel, to see if the aforementioned IP ranges are being negotiated. You can use this advanced filter:
resource.type="vpn_gateway" resource.labels.gateway_id="your_gateway_id" textPayload="established"
Kindly expand the logs and check in the “textPayload:” field to see if the destination ip range is being negotiated.
Confirm you can ping the Remote Peer Gateway from VMs in gcp
Run mtr from both sides and see where packets are being dropped at some point.
Get tcpdumps from the remote gateway and another from the Google Compute Engine Instance while doing connectivity tests(ping, mtr) so you can analyze packet flow.
See the VPN Interop Guides page for guides that describe some supported third-party VPN devices and services. This may give you some tips on how to configure specific devices to work with Cloud VPN.
Consult Cloud VPN Troubleshooting for additional details
I hope this helps
推荐阅读
- excel - Excel VBA:如何在application.undo之后在更改事件中记录用户按键?
- ios - 故事板中的 CollectionView 正在覆盖单元格大小
- ios - 应用程序在后台花费了意想不到的时间
- php - PHP 代码中的 SQL 查询不会将正确的信息写入数据库
- flutter - 使用标签点击方法时如何隐藏底部导航标签栏
- git - 当 2 个开发人员在同一分支上工作时需要签入 30 个通用文件
- python - OpenCV img.shape 返回不正确的尺寸
- c# - 再次启动游戏时分数不会重置
- google-sheets - VLOOKUP 部分名称和输入或拼写错误
- sharepoint - 无法将列表更改保存到服务器