Cloud VPN only supports IPsec gateway-to-gateway scenarios. You must have a dedicated physical or virtual IPsec VPN gateway on the client side. Cloud VPN does not currently support client-to-gateway (road warrior) scenarios. In other words, it doesn't work with client software on a laptop, only with full IPsec VPN gateway software. Cloud VPN does not support VPN technologies other than IPsec.
Will GCE ever support VPN access by single clients? We have a distributed team which requires having instances with a public IP so that they can be used for dev/staging/QA access. With the quotas on external IPs, and the potential security issues, it seems it would be far better to have direct VPN access instead. While the current solution would work for a large office to setup a permanent connection, it would be nice to have an option that individuals can use.
AWS has hostnames that dynamically resolve to either internal or external IPs automatically depending on where they're accessed. For GCE, instead of resolving to public IPs, a similar system that uses GCE's advanced networking to automatically route traffic to the right instance without the instance having a public IP would be ideal. This would let the GCE network firewall rules easily manage all external access and having stable hostnames makes it easy to have application code that doesn't need to change depending on where the code is being run.