Can not connect to the VM using ssh and IAP tunnel

[Veaceslav Munteanu]

Hello,

until last Friday I was able to use the following command to connect to my virtual machines:

gcloud beta compute ssh instance-1 --project=<proj> --zone=europe-west4-c --tunnel-through-iap

Now everytime I try this, I get connection refused.

One fun fact is that I had an old instance of the VM which was paused. I started that one and I could connect to it with IAP. Any other VM that was created today is unable to connect.

Did anybody encounter similar problem?

The firewall configuration or any other configuration was not altered...

Extra info:

I tried to set up a tunnel between my working old VM and the new VM both in the Google Cloud.

I get the following error:

ERROR: (gcloud.beta.compute.start-iap-tunnel) Error while connecting [Handshake status 400 Bad Request]. (May be due to missing permissions) <---- I have owner permissions

[Ashik M]

Hi Veaceslav,

Thank you for flagging this issue.

I can confirm however that you are likely being impacted by a known product issue that has been posted on issuetracker  [1]. Multiple customers have reported difficulties using Cloud IAP and SSH. 

Our systems Engineers are aware of this and are  working hard to resolve this issue.

This discussion forum is reserved for general  GCE features and ideas. Our issuetracker [2]  is the best place to flag potential product issues or outages directly with the GCE or general GCP team. 

Thank you for your patience while we work hard to fix this issue for our customers. 

[1] https://issuetracker.google.com/133122582

[2] https://cloud.google.com/support/docs/issue-trackers

[Robin Antony]

Hi,

Even I am facing similar issue. I am able to connect ot jumpbox and from ther to sloud sql via IAP tunnel. But when I try to access the same from another laptop it is giving me error

Any suggestions ?

Regards,

Robin Antony

[Digil (Google Cloud Platform Support)]

I am not sure how exactly you are accessing/connecting the Cloud SQL instance. But I believe the easier way to connect an Cloud SQL instance from your local connection is with the help of a Cloud SQL proxy. The diagram mentioned in the document should help you to understand the set-up much easier. 

As explained in the documentation, you also need connectivity from your laptop to the proxy instance on GCP. The Proxy Server does not provide a direct connection from your laptop to the instance in GCP. In order to connect from your on premise network to the GCP network, you will need to have a VPN connection configured. If your GCP project doesn't have one such connection, you need to follow this help center article to create a VPN connection.

 I would also like to point you to 'troubleshooting Cloud SQL proxy connections' document, as it provides some tips if you are having trouble connecting to your Cloud SQL instance using the Cloud SQL Proxy.

