Connect your Private Network to Google Cloud


Google is a relatively new player in cloud computing. They were one of the first clouds to provide a PaaS solution with Google App Engine, but one of the last to provide IaaS options.

One of the biggest differentiators and a draw for Google Cloud is their Google Compute Engine global software defined networking (SDN) capability. Unlike other providers, every network in Google Compute Engine (GCE) is a global network, that is, a network that spans every region and availability zone. Further, latency and throughput between regions almost defies the laws of physics. These network capabilities dramatically simplify deploying applications that run on a global scale.

If you want to take advantage of one of the fastest growing IaaS technologies in the market, how do you go about moving all your data and infrastructure to GCE? In this post, we’ll show you how to connect your private network with GCE using ElasticBox.

For this purpose, we created an IPSEC box that creates a tunnel between the 2 networks using Linux and Openswan.


The first instance of this box is deployed in the GCE network. It is assigned an ephemeral IP and supports IP Forwarding:


The box is deployed without bindings, which sets it to automatically accept connections that match the IPSEC secret, remote, and local subnet:

Once this instance is up and running, we need to create a route entry in the GCE Network console:

The final step is to launch the other side of the tunnel in whichever provider you want. This instance can be behind a NAT and does not need configuring, as all the configuration is read through the binding to the listener:


That’s all there is to it, folks! We now have a tunnel between GCE and your private network that’s ready for you to launch your data and apps in GCE.

Categories: Cool Features & Tutorials, Google Cloud