Create HA VPN in Google cloud using gcloud commands

Rajathithan Rajasekar
4 min readAug 8, 2021
Photo by Designecologist from Pexels

Google cloud HA VPN provides secure network connectivity between your peer network and google cloud VPC. This peer network can be either your on-prem network or any other cloud network (including Google cloud). This post is on how to create this HA VPN connectivity on Google cloud side using gcloud commands.

Although there is an official documentation available in Google cloud on how to create the VPN gateway using console, gcloud and api, this post was created with the intention of ease of reference. The link is given below for your reference

Create a new Google cloud VPN Gateway:

gcloud compute vpn-gateways create corp-new-dc-vpn-gateway \
--network corp-new-dc-vpc \
--region us-central1

Create Peer Gateways:

Replace the stars with the peer gateway public ip address , if you have only one peer gateway ip address, you can give the same ip address for interface-0 and interface-1

gcloud compute external-vpn-gateways create corp-dc-peer-vpn-gateway --interfaces 0=***.***.***.***,1=***.***.***.***

Create a cloud router:

We will use Dynamic routing using cloud routers. Select the ASN number, after consulting with your peer network team. ASN number can be selected from 64512 through 65534 and 4200000000 through 4294967294.

gcloud compute routers create corp-new-dc-router \--region us-central1 \--network corp-new-dc-vpc \--asn 65001

Create VPN tunnels:

Specify the IKEv2 tunnel secret key and create the tunnels with the peer VPN gateways


gcloud compute vpn-tunnels create corp-vpn-tunnel-1 \
--peer-external-gateway corp-dc-peer-vpn-gateway \
--peer-external-gateway-interface 0 \
--region us-central1 \
--ike-version 2 \
--shared-secret corp!KE5ecR8 \
--router corp-new-dc-router \…



Rajathithan Rajasekar

I like to write code in Python . Interested in cloud , dataAnalysis, computerVision, ML and deepLearning.