OnPrem VPN to Cloud SQL with Private IP(not able to connect) Public IP(able to connect)

Google Cloud Compute Infrastructure
, ,
1

Hi Team,

Facing issue while connecting to OnPrem VPN to GCP Cloud SQL. Cloud SQL PostgreSQL instance having both Pubilc IP and Private IP enabled.

Enabled private service access and private path connectivity on cloud sql instance. created a VPN Gateway and VPN Tunnel in Cloud to connect OnPrem.

I am able to connect on Public IP from my On Prem Machine however not able to connect on my Private IP.

CloudSQL_Proxy_VPN_img.png
CloudSQL_Proxy_VPN_img.png785×371 13.8 KB

Any one, suggest any further network/ DB related changes I have to do.

1 Like
2

Hi @anand-patel ,

Via public IP adddress, yes, you should be able to connect to the instance using that public IP address from your on-premises machine. However, when you enable the private IP and set up a VPN connection between your on-premises network and GCP, you should also be able to connect to the Cloud SQL instance using its private IP address.

You might want to check your firewall rules and make sure there are no conflicting rules that might be blocking traffic to the private IP address. Also, it was not stated or included on your question if there is firewall rule allowing incoming traffic from your on-premises network to the private IP address of your Cloud SQL instance on port 5432 (or the specific port used by PostgreSQL).

You can also check the PostgreSQL pg_hba.conf file to make sure it allows connections from the private IP range of your on-premises network.

1 Like
3

Thanks for update.

I have made a IPSEC VPN tunnel from on-premises to GCP and VPN Connection as well in another Project N.

Enabled VPC Peering between Project A and Project B but not working. Cloud sql proxy installed in another VM in Project A.

Currently able to connect from Project A Cloud SQL Proxy VM to Project A Cloud SQL Instance using Private IP in GCP Env.

Trying to establish a network connection using IPSEC VPN tunnel from on-premises Server to Project N and its not working. Hence not able to connect DB from on-premises Server.

I do not want to make Public, my cloud SQL DB even during migration of data as well using DMS.

for updating pg_hba_conf - how can I connect Cloud SQL Instance in Project A having only private IP. Additionally, Cloud SQL Instance is SSL Enabled hence not able to connect using cloud shell.

Any specific commands have to execute, if yes , from where. Please suggest.

1 Like
4

Hi,
Have you gone through all steps in this doc:

https://cloud.google.com/sql/docs/mysql/configure-private-ip#vpn in Connect from an external source part?
Thanks
Agnieszka

1 Like