Google Cloud IPsec VPN to Mikrotik IPsec VPN problem.

RouterOS General
1

Dear All,

I want to connect my Mikrotik to google Cloud IPsec VPN. so that my office users can connected to our Google cloud network with secure IPsec link.

However the problem is when i am setting up VPN service on Google cloud it is way more different then i use to work with site to site IPsec VPN.
The settings seems very basic and easy but i dont know how can i set it up on mikrotik box because it is set to work only with preshared key there is no phase 1 and phase 2

here is the Google Cloud VPN Service settings.



Genral settings:

Name : google-VPN-to-colo
Description :
Network : Default ( this is related to Google cloud VM IP)
Region : (I set a region where my VMs are hosted)
External IP add : Here i have selected my external IP.

Tunnel Settings:

Remote Peer IP : ( My office Router IP)
Ike Version : ( i set it to IKEv1 )
Shared Secret : (My Password)
Remote subnet IP : (My Office Subnet)
local Subnet IP : (My local VM farm subnet)



Now i am confused how can i set this setting on mikrotik box. can you guyz please help.

Thanks,
Yousuf

2

You need to get lower-level technical specs for the VPN in order to be able to setup your router.
There probably exists a document that lists these specs.

3

These are available; look for the compatibility settings for Google Cloud VPN + AWS.
I got as far as phase 2, and SAs installed, but then ran into an issue with the ROS implementation of tunnels that stumped me — one needs a valid route in order to be able to pass packets, and I was using full table (rather than default) routes.

So now I’m backing off from Cloud VPN, and trying to install CHR (Cloud Hosted Router), and having no success getting the image into a format Google Cloud will accept.

4

Has anyone successfully connected a ipsec to GCS VPN? Searching around the forum and don’t see anything yet. It would be great if there was confirmation that others had done it. It would be even greater if someone outlined the process. :slight_smile: If not, I’ll try to document as I go… just don’t want to re-invent the proverbial VPN wheel. THX - Paul