google-cloud-platformopenvpngoogle-cloud-vpn

How to configure "client-to-site" VPN on GCP using OpenVPN?

TLDR; I have a web app, let's call it Tools, that I want to make available online to my team but not the rest of the world.

The Tools App. The app is containerised and can be deployed to one of my Kubernetes clusters on GCP. I intend to run it on a machine that lacks an external IP, but that can be accessed from other machines inside my GCP network.

Solution 1: Cloud VPN. I have read about Googles Cloud VPN but that appears to primarily apply if you want to do network-to-network VPN. What I'm looking for is a client-to-site VPN.

Solution 2: OpenVPN. So instead I have read about OpenVPN. As I understand things I can setup my own instance of OpenVPN in my GCP network, give it an external IP and provision credentials to my team enabling them client access to the VPN server.

Goal. I want to be able to connect to my VPN, go into my browser and type "www.tools.mydomain.com" and end up at the webserver. If I type that domain without the VPN it should give "connection error" or something like that.

Question. How do I configure OpenVPN to ensure that traffic from the client is routed to my webserver inside GCP when you resolve the "tools.mydomain.com" adress? Is this even the best solution to achieve my goal? Any guidance is appreciated.

Solution

  • You have asked to very different questions. 1) How do I setup OpenVPN; 2) How do I create a DNS name.

    OpenVPN is well documented. I recommend going to Google Marketplace and starting with a preconfigured image (OpenVPN Access Server). This will greatly simplify getting started with OpenVPN.

    Next you will configure your DNS server with the resource record for www.tools.mydomain.com and specify an A record type with the private IP address for your app.

    When the OpenVPN connection is up, private IP address will respond. When the connection is down, the address will not respond (timeout).

    Note: Once you create the OpenVPN instance using the marketplace image, login to the server using the admin page and then create a new user. Login as the new user and you will be presented with a preconfigured client download that has all the settings already configured. This makes using OpenVPN almost effortless to setup.