How to Deploy a GCP VPN to our Datacenter using Terraform

Guillermo Musumeci
9 min readJan 16, 2021

GCP Cloud VPN securely connects our on-premises datacenter to our GCP Virtual Private Cloud (VPC) network through an IPsec VPN connection.

All the traffic traveling between these two networks is encrypted by one VPN gateway and then decrypted by the other VPN gateway.

In this story, we will learn how to implement both Classic VPN and HA VPN in GCP using Terraform.

1. Types of GCP Cloud VPN

GCP offers two types of Cloud VPN gateways:

  • Classic VPN
  • HA VPN

Classic VPN gateways have a single interface, a single external IP address, and support tunnels using dynamic (BGP) or static routing (route-based or policy-based). The external IPs and forwarding rules must be created before the setup of the VPN. They provide an SLA of 99.9% service availability.

https://cloud.google.com/network-connectivity/docs/vpn/concepts/classic-topologies

HA VPN gateways have two external IP addresses and two interfaces. Each IP address is automatically chosen from a unique address pool to support high availability. They support only Dynamic Routing (BGP) and provide an SLA of 99.99% service…

--

--

Guillermo Musumeci

Certified AWS, Azure & GCP Architect | HashiCorp Ambassador | Terraform SME | KopiCloud Founder | ex-AWS | Entrepreneur | Book Author | Husband & Dad of ✌