I think the title captures my question.
This works “out of the box” on AWS.
But, when I setup an openvpn instance behind a UDP Network Load Balancer on GCP, I can’t get my client to connect…
Thanks for any pointers.
Best answer by cbaView original
Here you go,
Option 1: Medium Article on setting up OpenVPN server on GCE VM
Option 2: Launch GCP Marketplace OpenVPN server instance
Option 3: Using IAP for TCP forwarding
I have done some research.
I also have MANY OpenVPN Servers in use, with public IPs, & behind an NLB on AWS.
Hmm.. may be a topology can help if you can share src/dst of openVPN session . These options are for setting up OpenVPN to GCE VMs but not sure I understand your use case here . Can you share little more details?
LOAD BALANCER !
I have many functioning OpenVPN servers, mostly with public IPs.
I have many functioning GCP [external, network] load balancers, fronting other services.
I have never been able to successfully combine these two things!
Have you? Can you?
If so, please share exactly how.
Note that the question was incomplete: “OpenVPN server” can mean the proprietary Access Server software or the open source community version, and being specific does matter, because the answers differ.
That said, community version openvpn(8) should have no problem at all behind a GCP NLB. It is a single-threaded application, VPN only, not doing all the extra stuff that Access Server does.
Access Server, on the other hand, can only work with a single-core VM node behind the NLB. If using multiple CPU cores, Access Server distributes the client load using iptables DNAT rules. Apparently GCP queries the OS to determine what ports are bound, and in the multi-CPU case, Access Server does not bind the ports. But we do not know the details of how the GCP NLB decides what packets to forward.
have you checked