Home / server / Questions / 1157726
Accepted
x-yuri
Asked: 2024-04-11 12:12:00 +0800 CST

How do I replace the main network interface with a bridge on GCP?

  • 772

What I'm trying to do is launch a bridged OpenVPN server on GCP (in a GCE VM). What looks like a crucial part to me is in the title. If I succeed, the rest is supposedly easy. I tried two approaches:

  • The Arch Linux way... the iproute2 way actually. I asked about it on the Arch Linux forum. The details are in a gist.
  • The OpenVPN way... the bridge-utils way actually. Based on the script from the official howto. The details are in a gist.

It looks like it's not possible to do it on GCP, or am I missing something? Which is it? Or what can I do to further investigate the issue?

vpn

2 Answers

  1. You are absolutely right. Replacing the main network interface with a bridge on GCP for a bridged OpenVPN server setup is not recommended and it can lead to unexpected behavior and potential security issues.

    You can try the below approaches for implementing a bridged OpenVPN server on GCP:

    1. Take into consideration by utilizing Google Cloud VPN, a managed VPN service that provides remote and site-to-site VPN connectivity. This makes use of Google's secure network architecture and does away with the requirement for you to run a dedicated OpenVPN server.

    2. Create a custom virtual private network (VPN) and set up firewall rules to permit open VPN connections in the GCP console. In this VPN, you can set up an open VPN server inside a virtual machine. Although it calls for cautious network administration, this helps to provide additional control over the OpenVPN configuration.

    3. Additionally, You can also explore Third party OpenVPN solutions available on GCP. This could ease the process by providing predefined templates and automatic deployments.

    EDIT

    The recommended approaches don't directly involve bridging .But they provide secure and reliable ways to achieve similar functionality.

    Bridging and tunneling used by cloud VPN are different network technologies.Cloud VPN offers a safe tunnel connection that functions similarly to bridging but with enhanced network security.

    Refer to the document on How to Setup OpenVPN Server on Google Cloud Platform.

    • 0
  2. Best Answer
    resource "google_compute_instance" "test-bridge" {
  name = "test-bridge"
  machine_type = "e2-micro"
  zone = "europe-central2-a"
  boot_disk {
    initialize_params {
      image = "debian-12"
    }
  }
  network_interface {
    subnetwork = google_compute_subnetwork.test-bridge.self_link
    access_config {}
  }
  metadata = {
    enable-oslogin = true
    startup-script = <<-SCRIPT
      cat <<EOF >> /etc/netplan/90-default.yaml
          bridges:
              br0:
                  dhcp4: yes
                  interfaces:
                      - all-en
                  macaddress: `cat /sys/class/net/ens4/address`
      EOF
      netplan apply
    SCRIPT
  }
}

    More details in the following gists.

    • 0