Hi Pete
Here is the configuration on the router:
/interface bridge
add name="BGP GCP VPN" protocol-mode=none
/ip address
add address=169.254.0.1/30 comment="BGP GCP" interface="BGP GCP VPN" network=169.254.0.0
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=aes-128 lifetime=10h10m name=profile_1 nat-traversal=no proposal-check=exact
/ip ipsec peer
add address=XX.XXX.XX.221/32 exchange-mode=ike2 name=peer2 profile=profile_1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc lifetime=3h
/ip ipsec identity
add peer=peer2 secret=same-password-here-than-in-gcp
/ip ipsec policy
add dst-address=169.254.0.2/32 level=unique peer=peer2 sa-dst-address=XX.XXX.XX.221 sa-src-address=0.0.0.0 src-address=169.254.0.1/32 tunnel=yes
add dst-address=10.XX.XX.0/29 level=unique peer=peer2 sa-dst-address=XX.XXX.XX.221 sa-src-address=0.0.0.0 src-address=0.0.0.0/0 tunnel=yes
/routing bgp instance
set default as=64512 client-to-client-reflection=no redistribute-connected=yes redistribute-ospf=yes redistribute-static=yes router-id=XXX.XX.1.1
/routing bgp network
add network=169.254.0.0/30 synchronize=no
/routing bgp peer
add hold-time=infinity in-filter=gcp-in name=peer1 out-filter=gcp-out remote-address=169.254.0.2 remote-as=64513 ttl=default
/routing filter
add action=discard chain=gcp-out prefix=XXX.XXX.XX.64 prefix-length=26
add action=discard chain=gcp-out prefix=169.254.0.0 prefix-length=30
In GCP you have to configure a VPN on the Hybrid connectivity section, refer to attached images.
VPN Tunnel
VPN Gateway
Cloud router and BGP sessión
The information is as follows:
169.254.0.0/30 ips to create the bgp sessión .1 is my router .2 is GCP
10.XX.XX.0/29 is the ip segment I have for my servers in GCP named cloud-servers
XX.XXX.XX.221 GCP public ip address
XXX.XXX.XX.64 is my public ip segment my public ip address is XXX.XXX.XX.118
I have an IPSEC policy to reach 10.XX.XX.0/29 from every segment of my network 0.0.0.0/0
The IPSEC lifetimes are the ones specified in GCP documentation
I'm redistributing the OSPF, static and connected routes to GCP via the BGP
64512 is my ASN and 64513 is GCP ASN
Any doubts just let me know, hope it helps on your configuration.
You do not have the required permissions to view the files attached to this post.