VPN client in GCE

[Fabio Pantano de Luca]

Hello all

I have an application running in GCE to scrap some websites located in Brazil. Most of it is running fine except for one of them, which I believe has some kind of geo-protection, since GCE is running from US.

I'm not a network expert, but doing some research and testing I could get that using a VPN would solve it. I've tried using proxies from Firefox (from GCE, using VNC) and it didn't work too.

Now my question is whatever is possible to run a VPN client from inside GCE to route all traffic to a VPN service (i.e. https://hide.me/). All I can find in Google is using GCE as a VPN Server.

The best result I could get so far is running OpenVPN in the start-up script, but the connection won't work and also starts getting errors (like martian sources) in the serial console.

So the question is: Is it possible to do it or there are limitations to the GCE?

Best regards,

[Carlos (Cloud Platform Support)]

In case you are using GRE tunnels, they are not supported. I cannot think of other restrictions. You must certainly make sure to define the firewall rules for any incoming traffic related to the protocol you use.

Another idea that could work, is to set up Cloud VPN to peer with a device in your country and having your application traffic go through that connection.

[Fabio Pantano de Luca]

Thanks for the support Carlos.

I will give a last try looking on the firewall.

I've been thinking about an alternative solution today. At first I was aiming not to use any local devices (100% on cloud), but distributing the scraping load between GCE and a local machine in Brazil won't be a big issue after all. In the end I will just need to write some more lines of code to manage the load distribution between then, but for sure it is for me much easier than solving a network issue. This goes towards your suggestion of using another local device.

Also the issue might just vanish by itself, as Google is planning to have GCE hosted in Brazil too: https://cloud.google.com/compute/docs/regions-zones/regions-zones

Best regards

[Carlos (Cloud Platform Support)]

Hi Fabio,

Now that I remember, a long time ago I followed this setup. I remember I installed one VM as a server and in another one the client. The external sites show the origin IP was the server one. I hope a similar setup can work for your case.

In regards to the data center in Brazil, even if this happens, you might still have difficulties. Although the VMs are physically located in a certain region, the SWIP database might indicate the IP addresses belongs to U.S. The complete explanation can be found on Gary Ling’ comments on this discussion.

[Fabio Pantano de Luca]

Hello Carlos

Based on your last response, about the possibility of the VM in Brazil not solving the issue, I have decided to give another try on the VPN, starting from zero. Solution was much easier than I had expected. This time I went for IPsec IKEv2 VPN instead of OpenVPN as before. I had just to follow the instruction that the VPN service supplied (https://hide.me/). Additionally, I also had to open TCP port 500 and UDP 500 and 4500. There was no need to routing, at least for my application.

By the way, the scrapping was tested and also working properly.

Thanks a lot for the support.