OpenVPN client on a GCE instance

780 views
Skip to first unread message

Mario Cheung

unread,
May 1, 2017, 9:08:02 AM5/1/17
to gce-discussion
I have set up an OpenVPN client config in my GCE instance and it's able to establish the connection correctly and finally creates a tunnel interface. 
But I cannot ping anything through that tunnel(using ping -I tun0 8.8.8.8 or curl www.google.com --interface tun0 won't get a respond). 
I tried different subnet IP range(10.8.x.x or 192.168.x.x), different protocol(TCP or UDP), different auth method(TLS or static-key) but still no any luck.

If I configure an OpenVPN server config on the instance then it's working correctly, server(the GCE instance) and clients can ping each other.
Is OpenVPN client on GCE not supported or are there anything I've missed to configure?

Faizan (Google Cloud Support)

unread,
May 1, 2017, 3:42:53 PM5/1/17
to gce-discussion
Hello Mario,

You can check if you have the necessary firewall rules created to allow ICMP and ESP traffic for GCE network and your instance? For more information on GCE firewall rules you can refer to this link.

Faizan
Message has been deleted

Mario Cheung

unread,
May 1, 2017, 10:51:17 PM5/1/17
to gce-discussion
On Tuesday, May 2, 2017 at 3:42:53 UTC+8, Faizan (Google Cloud Support) wrote: 
Hello Mario,

You can check if you have the necessary firewall rules created to allow ICMP and ESP traffic for GCE network and your instance? For more information on GCE firewall rules you can refer to this link.

Faizan


Thanks for your reply Faizan, but I have already created two firewall rules that allow all traffic ingress and egress. Services on the instance(eg. squid proxy, OpenVPN server) are working perfectly, but I still cannot ping anything through OpenVPN client tunnel when I establish a client connection inside the instance. 

My firewall rules are attached below. 
NAME                    NETWORK  SRC_RANGES    RULES                         SRC_TAGS  TARGET_TAGS
allowallouttraffic      default                all
allowalltraffic         default  0.0.0.0/0     all
default-allow-icmp      default  0.0.0.0/0     icmp
default-allow-internal  default  10.128.0.0/9  tcp:0-65535,udp:0-65535,icmp
default-allow-rdp       default  0.0.0.0/0     tcp:3389
default-allow-ssh       default  0.0.0.0/0     tcp:22

Faizan (Google Cloud Support)

unread,
May 2, 2017, 7:24:42 PM5/2/17
to gce-discussion
Hello Mario,

Make sure you have the required routes for GCE network. Also you need to enable the IP forwarding for your VM.

For further troubleshooting I would recommend posting this question on serverfault with detailed information (e.g. your config, routes, error message etc). This forum is not the best place to look for 1 to 1 support.

I hope that helps.

Faizan
Reply all
Reply to author
Forward
0 new messages