Bug in console causes VPN creation to fail-Invalid value for field 'resource.localTrafficSelector[0]

[Ryan Chapman]

Hi,

I'm trying to create a VPN connection in the Google Cloud console and get this error consistently:

Invalid value for field 'resource.localTrafficSelector[0]': ''. The ike_network field cannot be empty for network in custom subnet mode.

If I use Chrome Web Developer tools to capture the VPN creation request that the console sends to Google's backend servers, I see that 

curl 'https://console.cloud.google.com/m/operations?operationType=cloud-console.compute.createVpnParallel&pid=XXXXXX' -H 'origin: https://console.cloud.google.com' -H 'accept-encoding: gzip, deflate' -H 'accept-language: en-US,en;q=0.8' -H 'x-pan-versionid: linear-modem-201601102057-rc01.NNNNNNNNNNNN' -H 'cookie: SID=XXXXX__XXXXXX-XXXXX-XXXXX_XXXXX_XXXXX_XXXXX; HSID=XXXX; SSID=XXXX_XXXXX; APISID=XXXXX; SAPISID=XXXX_XXXXX; OSID=XXXXX_XXXXX_XXXXX_XXXXX-XXXXXX_XXXXX_XXXXX_XXXX_XXXXX-XXXXXXXX_XXXX-XXXXXX; GOOGAPPUID=x; NID=XX=XXXXXXX_XXXXXX-XXXXX-XXXXX; _gat_UA-NNNNNN-1=1; _gat_UA-NNNNN-9=1; _gat_aplosTracker=1; _ga=GA1.3.NNNNN.NNNNN' -H 'x-client-data: XXXXXXXX' -H 'pragma: no-cache' -H 'x-framework-xsrf-token: XXX_XXXXXX:NNNNNN' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36' -H 'content-type: application/json;charset=UTF-8' -H 'accept: application/json, text/plain, */*' -H 'cache-control: no-cache' -H 'authority: console.cloud.google.com' -H 'referer: https://console.cloud.google.com/networking/vpn/add?project=XXXXXX' --data-binary '{"project":"XXXXX","scopeName":"us-central1","targetVpnGateway":{"name":"vpn-us-XXXX-XXX","description":"VPN between XXXX and XXXX","network":"projects/XXXX/global/networks/XXXX","region":"projects/XXXXXXX/regions/us-central1"},"forwardingRules":[{"name":"vpn-us-XXXX-XXX-rule-esp","IPProtocol":"ESP","IPAddress":"130.211.128.NN","region":"projects/XXXXXX/regions/us-central1","target":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX"},{"name":"vpn-us-XXXXXXXX-XXX-rule-udp500","IPProtocol":"UDP","IPAddress":"130.211.128.NN","region":"projects/XXXXXX/regions/us-central1","target":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX","portRange":"500"},{"name":"vpn-us-XXXXXXXX-XXX-rule-udp4500","IPProtocol":"UDP","IPAddress":"130.211.128.NN","region":"projects/XXXXXX/regions/us-central1","target":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX","portRange":"4500"}],"vpnTunnels":[{"name":"vpn-us-XXXXXXXX-XXX-tunnel-1","sharedSecret":"XXXXXXXXXXXXXXXXXXXXXXXXXXX","peerIp":"1.2.3.4","region":"projects/XXXXXX/regions/us-central1","ikeVersion":2,"targetVpnGateway":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX","localTrafficSelector":[]}],"routes":[{"name":"vpn-us-XXXXXXXX-XXX-tunnel-1-route-1","destRange":"172.10.0.0/16","nextHopVpnTunnel":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/vpnTunnels/vpn-us-XXXXXXXX-XXX-tunnel-1","network":"projects/XXXXXX/global/networks/XXXXXXXX","priority":1000}],"descriptionLocalizationKey":"gceCreateVpn","descriptionLocalizationArgs":{"vpnName":"vpn-us-XXXXXXXX-XXX"},"phantomData":{"targetVpnGateway":{"name":"vpn-us-XXXXXXXX-XXX","network":"projects/XXXXXX/global/networks/XXXXXXXX","region":"us-central1"},"selfLink":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX","tooltip":"This VPN is being created"}}' --compressed

However, if I put the Google Cloud IP networks into the localTrafficSelector and send the curl request, the VPN creates successfully.  So this works:

curl 'https://console.cloud.google.com/m/operations?operationType=cloud-console.compute.createVpnParallel&pid=XXXXXX' -H 'origin: https://console.cloud.google.com' -H 'accept-encoding: gzip, deflate' -H 'accept-language: en-US,en;q=0.8' -H 'x-pan-versionid: linear-modem-201601102057-rc01.NNNNNNNNNNNN' -H 'cookie: SID=XXXXX__XXXXXX-XXXXX-XXXXX_XXXXX_XXXXX_XXXXX; HSID=XXXX; SSID=XXXX_XXXXX; APISID=XXXXX; SAPISID=XXXX_XXXXX; OSID=XXXXX_XXXXX_XXXXX_XXXXX-XXXXXX_XXXXX_XXXXX_XXXX_XXXXX-XXXXXXXX_XXXX-XXXXXX; GOOGAPPUID=x; NID=XX=XXXXXXX_XXXXXX-XXXXX-XXXXX; _gat_UA-NNNNNN-1=1; _gat_UA-NNNNN-9=1; _gat_aplosTracker=1; _ga=GA1.3.NNNNN.NNNNN' -H 'x-client-data: XXXXXXXX' -H 'pragma: no-cache' -H 'x-framework-xsrf-token: XXX_XXXXXX:NNNNNN' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36' -H 'content-type: application/json;charset=UTF-8' -H 'accept: application/json, text/plain, */*' -H 'cache-control: no-cache' -H 'authority: console.cloud.google.com' -H 'referer: https://console.cloud.google.com/networking/vpn/add?project=XXXXXX' --data-binary '{"project":"XXXXX","scopeName":"us-central1","targetVpnGateway":{"name":"vpn-us-XXXX-XXX","description":"VPN between XXXX and XXXX","network":"projects/XXXX/global/networks/XXXX","region":"projects/XXXXXXX/regions/us-central1"},"forwardingRules":[{"name":"vpn-us-XXXX-XXX-rule-esp","IPProtocol":"ESP","IPAddress":"130.211.128.NN","region":"projects/XXXXXX/regions/us-central1","target":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX"},{"name":"vpn-us-XXXXXXXX-XXX-rule-udp500","IPProtocol":"UDP","IPAddress":"130.211.128.NN","region":"projects/XXXXXX/regions/us-central1","target":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX","portRange":"500"},{"name":"vpn-us-XXXXXXXX-XXX-rule-udp4500","IPProtocol":"UDP","IPAddress":"130.211.128.NN","region":"projects/XXXXXX/regions/us-central1","target":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX","portRange":"4500"}],"vpnTunnels":[{"name":"vpn-us-XXXXXXXX-XXX-tunnel-1","sharedSecret":"XXXXXXXXXXXXXXXXXXXXXXXXXXX","peerIp":"1.2.3.4","region":"projects/XXXXXX/regions/us-central1","ikeVersion":2,"targetVpnGateway":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX","localTrafficSelector":["10.254.0.0/16"]}],"routes":[{"name":"vpn-us-XXXXXXXX-XXX-tunnel-1-route-1","destRange":"172.10.0.0/16","nextHopVpnTunnel":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/vpnTunnels/vpn-us-XXXXXXXX-XXX-tunnel-1","network":"projects/XXXXXX/global/networks/XXXXXXXX","priority":1000}],"descriptionLocalizationKey":"gceCreateVpn","descriptionLocalizationArgs":{"vpnName":"vpn-us-XXXXXXXX-XXX"},"phantomData":{"targetVpnGateway":{"name":"vpn-us-XXXXXXXX-XXX","network":"projects/XXXXXX/global/networks/XXXXXXXX","region":"us-central1"},"selfLink":"https://www.googleapis.com/compute/v1/projects/XXXXXX/regions/us-central1/targetVpnGateways/vpn-us-XXXXXXXX-XXX","tooltip":"This VPN is being created"}}' --compressed

This leads me to believe that the root cause is a bug in the console code.

What is the appropriate way to report this type of situation to Google?  I don't have a support contract and don't want to get one to report bugs.

Best regards,

Ryan

[Kamran (Google Cloud Support)]

Hello Ryan,

You can report bugs related to Compute Engine on Google Compute Engine public issue tracker, which is the designated place to request new features or to report bugs.

Thank you,

[Ryan Chapman]

Thanks for the info Kamran.

I opened bug report 295:

https://code.google.com/p/google-compute-engine/issues/detail?id=295

Ryan