Cloud VPN with VPC peering

anonymous · March 9, 2023, 6:49am

Hi have 3 google projects hub,spoke-1 and spoke-2.

hub and spoke-1 are connected via HA VPN
spoke-1 and spoke-2 are connected via VPC peering

can vm’s from hub connect to vm’s on spoke-2 project?

alexmoore · March 9, 2023, 12:13pm

That should work - as long as you don’t have any overlapping subnets.

Out of interest, what causes the need for the VPN connection - as opposed to simply Peering VPCs directly to the hub? or perhaps using a Shared VPC?

anonymous · March 9, 2023, 12:53pm

Thanks Alex for the reply. I will be using aws/azure in place of hub project.

By default it will not work however if i add custom routes of vpc-spoke2 in cloud router of vpc-spoke-1, we can connect VM’s from hub to spoke-2.

is this correct by design?

alexmoore · March 9, 2023, 1:31pm

That’s correct, take a look at this entry in the docs:

https://cloud.google.com/vpc/docs/using-vpc-peering#creating_a_peering_configuration:~:text=Q%3A%20How%20do%20I%20make%20routes%20in%20a%20peer%20network%20available%20to%20an%20on%2Dpremises%20network%20connected%20to%20my%20VPC%20network%20using%20Cloud%20VPN%20or%20Cloud%20Interconnect%3F

I don’t think it applies in your case, but one thing to also keep in mind that some IP ranges won’t come across the peering by default, this table gives some guidance:

https://cloud.google.com/vpc/docs/vpc-peering#subnet-route-exchange

Topic		Replies	Views
How does transitive routing work with VPN hub-and-spoke architecture? Compute Infrastructure infrastructure-general , cloud-vpn , server-configuration	1	17	November 7, 2022
GCP routing from peered networks to common network which hosts HA VPN Compute Infrastructure server-configuration	1	26	March 7, 2024
routes for vpc peering Compute Infrastructure server-configuration	1	2	February 4, 2025

Cloud VPN with VPC peering

AI Suggested topics