Electronic

How to access at Google in China | Vyprvpn, create a high speed VPN | Google Cloud Skills Boost

Create a broadband VPN

Specify the regional subnet prefix using the following order:

How to access Google in China

Why is VPN necessary to access Google in China?

China has strict censorship policies, so access to Google in China can be difficult. With a VPN, users in China can bypass the large Chinese firewall and escape censorship to access the Internet for free. To access Google in China, follow these 5 steps below:

  1. Register for a VPN service. VYPRVPN offers a variety of different protocolsvpn, including Exclusive Chameleon technology which combat VPN blockage.
  2. follow the instructions To download your VPN and launch the application on your favorite device.
  3. Connect with your identifiers.
  4. Choose which server you want to connect. VyPrVPN lets you choose from over 70 servers around the world, to allow you to choose an unconneited location.
  5. Use the Internet or your applications As usual, and enjoy enjoying an internet experience without restriction, free and open.

How does a VPN work?

A VPN, or Virtual Private Network (virtual private network), works by encrypting your Internet connection to keep your communications, your data, your location and other private information when you are online in China. A VPN service can exchange your personal IP address by the IP address of a VPN server. With VyPrVPN, you can choose to connect to one of our more than 70 servers of servers worldwide, so your real IP address is not revealed. Encryption technology, such as the 256 -bit openvpn protocol used in the Vyprvpn Chameleon protocol, is used to secure all data and communications sent to connection. This means that you can escape the blockages imposed by the large firewall and avoid censorship when you use a VPN in China. A VPN also secures your connection, so you do not have to worry that children or the government violates your confidentiality or watch you.

Create a broadband VPN

Create Two Custom Vpcs With Subnetworks and Firewall Rules.

Make my progress

CREATE TWO VPN GateWays and requirement Forwarding Rules.

Make my progress

Create Two VPN Tunnels.

Make my progress

Create Two VMS and Install Iperf via SSH.

Make my progress

Create a broadband VPN

GSP062

Presentation

In this practical workshop, you will learn how to create a high -speed secure VPN and test its speed.

For most developers, it is absolutely necessary to have a secure communication between Google Cloud Platform (GCP) and other clouds or on -site systems. Fortunately, GCP allows you to easily create private virtual networks (VPN) IPSEC (Internet Protocol Security) secure to achieve this goal. If a single tunnel does not provide the necessary flow, GCP can distribute traffic on several tunnels fluidly to provide an additional bandwidth.

Goals

Create a VPN

  • Create a virtual private cloud (VPC) named Cloud, to simulate your GCP network, and a VPC named on-prem to simulate an external network.
  • Create VPN bridges, transfer rules and addresses for VPC Cloud .
  • Create a tunnel for the new VPN, then transport traffic via it.
  • Repeat the VPN creation process for the on-prem VPC by creating a second VPN.

Test VPN

  • Create a virtual machine (VM) using Google Compute Engine for flow rate tests.
  • Test the flow of a unique VPN using IPERF .

Prerequisite

  • Familiarize yourself with the procedure to be followed to create a VPN using GCP.
  • Consult the presentation section of the VPC network.

Create VPC Cloud

In this section, you will perform the following tasks:

  • Create a VPC to simulate your cloud production network
  • Authorize the types of current traffic to transit within the VPC
  • Create a subnet to deploy hosts

After starting Cloud Shell, create a personalized VPC named Cloud associated with your GCP project by performing the following command:

Gcloud Compute Networks Create Cloud--Subnet-Mode Custom

This VPC allows you to use an IP addressing other than that by default, but does not include default firewall rules.

Run the following command to activate SSH and ICMP, as you will need a secure system interface to communicate with VM during load tests:

GCLOUD Compute FIREWALL-RULES CREATE CLOUD-FW-NOTEWORK Cloud-TCP TCP: 22, TCP: 5001, UDP: 5001, ICMP

Create a subnet within this VPC, then specify a region and an IP address range by executing the following command:

Gcloud Compute Networks Subnets Create Cloud-East-Network Cloud \-Drange 10.0.1.0/24-US-EAST1 REGION

In this solution, you will use 10.0.1.0/24 and the US-East1 region .

Create VPC on site

In this section, you will create a simulation of your ON-PREM VPC or any network you want to connect to Cloud . In practice, you already have resources at this level. However, you will create tunnels and validate configurations by following the steps below:

In Cloud Shell, create a personalized subnet VPC (called on-prem) associated with your project by executing the following command:

GCLOUD Compute Networks CREATE ON-PREM--Subnet-Mode Custom

Run the following command to activate SSH and ICMP for VPC on-prem hosts, as you will need a secure system interface to communicate with VM during charging tests:

GCLOUD Compute FIREWALL-RULES CREATE ON-PREM-FW-ON-PREM-TCP TCP: 22, TCP: 5001, UDP: 5001, ICMP

Specify the regional subnet prefix using the following order:

Gcloud Compute Networks Subnets Create On-Prem-Central \ --Network On-Prem--Drange 192.168.1.0/24-US-CENTRAL1 REGION1

In this example, you attribute 192.168.1.0/24 in the US-Central region1 .

Create VPN bridges

Each environment requires VPN bridges to allow secure external communication. To create the initial bridges for your VPC Cloud and On-Prem, proceed as follows:

In Cloud Shell, create a VPN gateway named on-prem-gw1 in the VPC on-prem and the US-Central1 region:

GCLOUD Compute Target-VPN-GATEWAYS CREATE ON-PREM-GW1-ON-PREM-US-CENTRAL1

Then enter the following command to create a VPN gateway named Cloud-GW1 in the VPC Cloud and the US-East1 region:

GCLOUD Compute Target-VPN-GATEWAYS CREATE Cloud-GW1-NOTWORD CLOUD-USAST1

Create a VPN tunnel based on routing between local networks and GCP networks

You must assign to each VPN gateway a static external IP address so that systems outside the VPC can communicate with them. Want to create IP addresses and roads on VPC Cloud and On-Prém by proceeding as follows:

In Cloud Shell, attribute an IP address to the VPN Cloud-GW1 gateway:

GCLOUD Compute Addresses CREATE Cloud-GW1-US-EAST1 REGION

Then attribute an IP address to the VPN on-PREM-GW1 gateway:

GCLOUD Compute Addresses CREATE ON-PREM-GW1-US-CENTRAL1

Store the gateway addresses so as not to have to search for subsequent orders.

First, for the Cloud-GW1 gateway:

Cloud_GW1_IP = $ (Gcloud Compute Addresses Describe Cloud-GW1 \-US-East1-Format = 'Value (Address)')

Then, for the On-Prem-GW1 gateway:

on_prem_gw_ip = $ (gcloud compute addresses Descibe on-prem-gw1 \-US-Central1-Format = 'Value (Address)')

You will now create transfer rules for IPSEC on the VPC Cloud . You must create firewall rules in both directions.

Transfer the ESP (Encapsulating Security Payload) protocol from Cloud-GW1:

GCLOUD Compute Forwarding-RULES CREATE Cloud-1-fr-eP--PROTOCOL ESP \--Address $ cloud_gw1_ip --target-vpn-gateway Cloud-GW1-US-EAST1

Transfer the UDP traffic: 500 from Cloud-GW1:

GCLOUD Compute Forwarding-RULES CREATE Cloud-1-FR-UDP500-UDP \-Sports 500-Address $ Cloud_GW1_IP-TARGET-VPN-GATEWAY Cloud-GW1-US-EAST1 REGION

Transfer the UDP traffic: 4500 from Cloud-GW1:

GCLOUD Compute Forwarding-RULES CREATE CLOD-FR-1-UDP4500-UDP \-Sports 4500-Address $ Cloud_GW1_IP-TARGET-VPN-GATEWAY Cloud-GW1-US-EAST1

Use the same method to create firewall transfer rules for the IPSEC tunnel on the on-prem VPC . This step allows the IPSEC tunnel to leave your firewalls:

Transfer the ESP protocol from ON-PREM-GW1:

GCLOUD Compute Forwarding-RULES CREATE ON-PREM-FR-EP-PROTOCOL ESP \--Address $ on_Prem_gw_ip --target-vpn-Gateway on-prem-gw1-US-CENTRAL1

Transfer the UDP traffic: 500, used to create the IPSEC tunnel, from ON-PREM-GW1:

GCLOUD Compute Forwarding-RULES CREATE ON-PREM-FR-UDP500-UDP-Sports 500 \--Address $ on_Prem_GW_IP-TARGET-VPN-GATEWAY ON-PREM-GW1-US-CENTRAL1

Transfer the UDP traffic: 4500, which transports encrypted traffic, from ON-PREM-GW1:

GCLOUD Compute Forwarding-RULES CREATE ON-PREM-FR-UDP4500-PROCO-PROTOCOL UDP-Sports 4500 \--Address $ on_Prem_GW_IP-TARGET-VPN-GATEWAY ON-PREM-GW1-US-CENTRAL1

Normally, you have to generate a secret for the next step, when you are going to create and validate the on-prem-tunnel1 and Cloud-tunnel1 tunnels . To find out how to create and store secrets in a secure manner, consult the article Management of secrets. For the moment, simply use the “Sharedsecret” channel.

Create a tunnel for the ON-PREM-TUNNEL1 local network and for the Cloud-Tunnel1 cloud network . Each network must have a VPN gateway, and the secrets must correspond. In the following two orders where, in a production scenario, you would replace [my_secret] with the secreted secrecy, replace this text with “sharedsecret”.

Create a VPN tunnel between on-prem and cloud:

GCLOUD Compute VPN-TUNELLS CREATE ON-PREM-TUNNEL1-PER-PER-Address $ Cloud_GW1_IP \-TARGET-VPN-GATEWAY ON-PREM-GW1-2-LOCAL-TRAFIC-SELECTOR 0.0.0.0/0 \-Remote-traffic-Selector 0.0.0.0--Shared-Secret = [my_secret]-US-Central1

Create a VPN tunnel between Cloud and On-Prem:

GCLOUD Compute VPN-TUNELLS CREATE CLOUD-TUNNEL1-PER-PER-Address $ on_Prem_GW_IP \-TARGET-VPN-GATEWAY Cloud-GW1-DIE-VERSION 2-LOCAL-TRAFIC-SECLECTOR 0.0.0.0/0 \-Remote-traffic-Selector 0.0.0.0--Shared-Secret = [my_secret]-Us-east1

Now that you have created the bridges and the tunnels, you must add roads from the subnets via the two tunnels.

Bring traffic from VPC on-prem to Cloud 10 beach.0.1.0/24 in the tunnel:

GCLOUD Compute ROUTS CREATE ON-PREM-ROUTE1-DESTIination-TRAND 10.0.1.0/24 \ --Network on-prem-XEXT-HOP-VPN-TUNNEL On-PREM-TUNNEL1 \ --EXT-THOP-VPN-TUNNEL-REGION US-CENTRAL1

Room traffic from VPC Cloud to On-Prem 192 beach.168.1.0/24 in the tunnel:

GCLOUD Compute Routes CREATE Cloud-Routte1-Destination-DRAND 192.168.1.0/24 \ --Network Cloud-XEXT-HOP-VPN-TUNNEL Cloud-tunnel1-XEXT-HOP-VPN-TUNNEL-REGION USAST1

Test the flow within VPN

At this point, you have established a secure path between VPC On-Prem and Cloud. To test the flow, use IPERF, an open source tool to test the network load. To perform the test, you will need a VM in each environment, one to send traffic and the other to receive it. We will create them now.

Test a unique VPN load

You will now create a virtual machine for the VPC Cloud called Cloud-beladtest . This example uses a Linux Debian image for the operating system.

If you already have a project, do not hesitate to omit this step and use existing resources. The bandwidth for the VM is 2 gbit/s* per virtual processor. So you need a minimum of four virtual processors.

Run the following command:

GCLOUD Compute Instances CREATE "Cloud-beladtest"-ZONE "US-EAST1-B" \--Machine-Type "E2-Standard-4"--Subnet "Cloud-East" \-Image-Family "Debian-11 "-Image-Project" Debian-Cloud "-Boot-Disk-Size" 10 "\--Boot-Disk-Type" Pd-Standard "-Boot-Disk-Device-Name" Cloud-beladtest "

Create a virtual machine for the on-prem VPC named on-prem-beladtest . In this example, we use the same Debian image as in the VPC Cloud. Put this step if you already have resources.

Run the following command:

GCLOUD Compute Instances CREATE "On-PREM-LOADTEST"-ZONE "US-CENTRAL1-A" \--MACHINE-TYPE "E2-Standard-4"--Subnet "On-Prem-Central" \-Image-Family "Debian-11"-Image-Project "Debian-Cloud"-Boot-Disk-Size "10" \--Boot-Disk-Type "PD-Standard"-Boot-Disk-Device-Name "on- prem-beladtest "

Connect in SSH to each VM, using the console or the command line, and install a copy of IPERF with the following command line:

Sudo Apt-Get Install Iperf

On the VM on-prem-beladtest, execute the following command:

Iperf -s -i 5

You have created an IPERF server on the VM, which signals its condition every 5 seconds.

On the VM Cloud-beladtest, run the following command:

IPERF -C 192.168.1.2 -p 20 -x C

This creates an IPERF customer with 20 flows, which indicate their values ​​after 10 seconds of testing:

Solving the common problems you may encounter (this is not part of the workshop instructions):

  1. When creating tunnels for the local network, if you forgot to replace [my_secret] with “sharedsecret”.

You can delete VPN tunnels created by performing the following command:

 Gcloud compute vpn-tunnels delete [Tunnel-Name]-REGION [Region]
  • Replace [Tunnel-Name] with the name of the tunnel.
  • Replace [region] by the region you specified when creating the tunnel.
  1. If you encounter problems with the “Testing a single VPN load” section, proceed as follows:
  • Make sure you have installed IPERF on both VM.
  • If the error “Connection refused” (connection refused) appears, check the following points:
    • The rules of firewall of the created networks are correct (TCP: 5001).
    • The server operates properly on on-prem-beladtest .
    • You try to connect to the server via Cloud-beladtest .
    1. If you want to display the transfer rules created in the console, in the navigation menu Access the Networking section (networking), click on Hybrid Connectivity >VPN (Hybrid connectivity> VPN), then click on the VPN cloud gateway to display the information page of the Cloud VPN gateway.

    Congratulations !

    Finish your quest

    These self-training workshops are part of the quests Network Performance and Optimization and Security & Identity Fundamentals. A quest is a series of associated workshops that constitute training. If you finish this quest, you will get the above badge attesting to your success. You can make public the badges you receive and add their link to your CV online or on your social media accounts. Register for this quest to immediately obtain the credits associated with this workshop if you have followed it. Discover other Qwiklabs Available quests.

    Following workshop

    Continue your quest by following the Cloud CDN workshop, or consult our resource suggestions:

    Next step

    • Consult the Google Cloud Router documentation to activate the BGP (Border Gateway Protocol) protocol and increase the tolerance to the faults.
    • Consult Google Cloud Interconnect to discover other interconnection options.
    • Watch the VPN bridges with Google Stackdriver.
    • Test other Google Cloud Platform features by consulting our tutorials.

    Google Cloud Training & Certification

    . Helps you make the Most of Google Cloud Technologies. Our classes include Technical Skills and Best Practices to help you get up to speed Quickly and continued your Learning Journey. We offer fundamental to Advanced Level Training, With On-Demand, Live, and Virtual Options to Suit Your Busy Schedule. Help You Validate certifications and bore your skill and expertise in Google Cloud Technologies.

    Last manual update: January 2, 2020
    Last workshop test: May 16, 2019

    Copyright 2020 Google LLC All rights reserved. Google and the Google logo are Google LLC brands. All other business and products names can be business brands with which they are associated.

    • GSP062
    • Presentation
    • Goals
    • Prerequisite
    • Create VPC Cloud
    • Create VPC on site
    • Create VPN bridges
    • Create a VPN tunnel based on routing between local networks and GCP networks
    • Test the flow within VPN
    • Congratulations !

    This site uses cookies from Google to provide its services and analyze trafficking.

    In this workshop, you will learn how to create a high -speed secure VPN and test its speed.

    This workshop is one of the following quests: Networking in the Google Cloud, Security & Identity Fundamentals, Network Performance and Optimization. If you finish this workshop, you will receive the corresponding credits when registering for one of these quests.

    Duration : 0 min configuration · accessible for 60 min · finished after 60 min

    AWS region: []

    Levels: Advanced

Thanks! You've already liked this
No comments