0

We have a GCP VPN to a partner and we are having some issues with the connection. Periodically the VPN goes down, and the only workaround that we've found so far is to force a renegotiation of both IPSec phases.

At the moment we have to ask our partner to do this for us because we can't find a good way to trigger a renegotiation on our side, is there a way for us to do it?

I've tried destroying and recreating the VPN. We store our configuration in terraform and recreating the VPN with the same name via terraform seems to not actually cause the VPN to be destroyed. Recreating it with a different name is a pain because it requires changes to our terraform configuration which then have to be committed to git.

Ilia Borovoi
  • 48
dshepherd
  • 148

1 Answers1

2

To answer your main question, you can’t restart a Cloud VPN. The information about what can be done when the Cloud VPN is up and running in this link

There is no way to force a renegotiation since this is done automatically by GCP end and it will continue to retry until it's successful.

However, the first thing we need understand is why the VPN is not renegotiating smoothly. For that, you can review the Stackdriver logsto see the crash log report. Using the report, you will have a better understanding of what needs to be fixed.

One of the most important part when implementing a VPN is to make sure that the VPN is correct configured and follows our interoperability guide.

There are two methods to implement a VPN failover if needed, the first one is called redundant Classic VPN configuration and second one is HA VPN. However, the recommended one is HA VPN tunnel. This is design to create a failover using the tunnel pair. The documentation for BGP configuration can be found here.

Nur
  • 406
Ilia Borovoi
  • 48