Comprehensive Guide to VPN Connection Between Azure and GCP

Introduction
What is a VPN?
VPN stands for Virtual Private Network. It is a technology that allows you to create a secure connection over the Internet, typically between your devices and a private network. This encrypted connection ensures that sensitive data is transmitted securely.
Setting up a VPN connection between Microsoft Azure and Google Cloud Platform (GCP) allows you to create a secure, private network between resources in both clouds. This is particularly useful for hybrid or multi-cloud architectures where you need to share data or services between the two platforms.

Prerequisites

Before you begin, ensure you have:

Active Azure subscription with sufficient permissions

GCP project with appropriate IAM roles

Basic understanding of networking concepts (IP addressing, subnets, routing)

Public IP addresses available for both cloud environments.
With that being said, let's dive in to today's project😊.

Step 1: Prepare Azure Environment
Let's create a Resource Group.

• Navigate to your Azure portal
• Search and click on resource group

• Click on create

• Name your resource group

• Select region
• Click create

Create Azure Virtual Network

• Go back to your Azure portal
• Search and click on virtual networks
• In resource group space, choose the resource group you created

• Let's name our Vnet Azure-vnet
• Select a region
• Click on security and enable encryption
• Click on IP address
• Put an IP address (192.168.0.0/16)
• You should delete the default IP address
• Click add a subnet
• Name your subnet (maybe my-vpc-subnet)
• Click add
• Click review+create
• Then click create

Let's create a gateway sub-net

• Go to the Vnet you created
• Click on sub-net inside the Vnet
• Click settings drop-down and click on subnet
• Click on create gateway sub-net
• Click on add

Let's create a Network Security Group

• Navigate to your virtual networks and click on subnet
• Then look for NSG and click it
• Click create
• Select the resource group you created
• In instance details, let's name it access-gcp-traffic
• Then click create

Now let's set up our GCP network

• Login to your GCP
• Select a project that has billing
• Search and click on vpc network
• Click create a VPC network

• Let's name it gcp-vpc
• In subnet, select custom
• Name the subnet gcp-subnet
• Choose your region
• Put 10.2.0.0/16 as IP ranges
• Click create

Let's add a firewall rules in GCP

• Click on add firewall rules
• Name it allow-azure-vpc-icmp-ssh
• Paste the name again in description
• Enable logs
• Enable ingress
• Under target, choose all instance in the network
• Source IP ranges, put the Azure Vnet IP address (192.168.0.0/16)
• Scroll down and enable specified protocols and ports, then click TCP and put ssh port number (22), and click others and put ICMP
• Create

Let's create a Virtual Machine in our GCP

• In your GCP portal, choose the project you created the Vnet and subnet
• Search for compute engine and click it

• Name it
• Select a region
• Choose size (I chose E2)
• Scroll down to boot disk and click change
• Let's select Ubuntu 20.04lts
• Let's leave the gig at 10
• Click select
• Scroll down to network, let's leave everything like that since we are practicing
• Click on security drop-down, scroll down to add item and click it
• Create an SSH key with your powershell, copy the public SSH key and paste it where it required in your instance creation
• Click create

Now let's create firewall rules in our Azure

• Go to your Azure portal
• Navigate to the Network Security Group you created
• Click on settings drop-down and click on inbound security rules and click add

• Under source, select IP address and put 10.2.0.0/16 ( the GCP Vnet IP address)
• Under source port ranges, put *
• Under destination port ranges, put *
• Action is allow
• Click add
• Still on the NSG page, click on outbound and click add
• Under source IP ranges, put the Azure Vnet IP address (192.168.0.0/16)
• Source port ranges, put *
• Destination, put 0.0.0.0/0
• Then create

Let's create inbound permissions in Azure

• Click on the inbound security rules and click add
• Under source, put my IP address (that is if you want to be the only who can perform this task. But if you and your team want to have access, put IP addresses, then put the IP addresses of you and your team)
• Under source port, put *
• Under destination, put Any
• Under service, put RDP (this is because we want to access the server through RDP)
• Action is allow
• Click add

Let's create a VM in Azure

• In your Azure portal, search for virtual machine and click on it
• Click create
• Select your resource group
• Name your virtual machine
• Scroll down to image and select windows 11 pro (we are working with windows today)
• Scroll down to Administrator account and put any name (I put devsecadmin)
• Put password
• Click on network
• Under NIC security group, select advanced
• Choose access-gcp-traffic (this is the name of my instance details when i was creating NSG) in configure network security groups
• Enable Delete public IP and NIC
• Enable I confirm I have eligible windows
• Click review+create
• Click create

Now let's create GCP VPN

• Go to your GCP portal ii. Search for VPN and click on it
• Click create VPN
• Select classic (this is because it is less expensive)

• Click on continue
• Let's name it gcp-to-azure-vpn
• Put description (e.g allow Azure to connect to GCP)
• Under network, select your vpc
• Select your region (please maintain one region through out this project)
• Under IP address, click create IP address
• Name it (e.g vpn-ip-address)
• Click create
• Scroll down to tunnel
• Name it (e.g gcp-to-azure-tunnel)
• Under IKE pre share key, click generate
• Scroll down to router
• Under router option, select route-base
• Put the Azure Vnet IP address (192.168.0.0/16)
• Under remote peer address, copy the public IP address of Azure VM and paste it
• Click create

Let's create a local network gateway for Azure

• Go to your Azure portal and search for local network gateway and click on it
• Click create
• Choose your resource group
• Choose your region
• Let's name it Azure-local-network-gateway
• In endpoint, put the GCP instance public IP address
• In address space, put the IP address of GCP VPC network (10.2.0.0/16)
• Click next+advanced
• Click+review
• Click create

Let's create the Azure Vnet gateway

• Search for virtual networks gateway in your Azure portal
• Click on create
• Let's name it azure-vpn-gateway
• In gateway type, choose VPN
• Scroll down to virtual networks and select your VPN
• Select the gateway sub-net you created
• Under public IP address, select create new
• Let's name the public IP vpn-public-ip
• Create

Create Azure Connection

• Go to your Azure portal search for connections and click on it
• Click on add
• Name your connection
• Connections type, choose site-to-site (IPsec)
• Local network gateway, select your local network gateway you created
• Virtual Network gateway, select the virtual networks gateway you created
• In shared key, paste the IKE pre share key we generated in GCP when we were creating GCP VPN
• Then click ok

Verify the Connection

• Go to connections in your Azure portal
• If your connection is showing connected, then it's ok Check GCP Status
• In your GCP console, go to VPN
• If verify tunnel shows green status, then it is ok

Let's test connectivity

Here's a step-by-step guide to test the connection between your GCP and Azure VMs:

Step 1: Test ICMP Connectivity from GCP VM to Azure VM

• SSH into GCP VM: Use SSH to connect to your GCP Ubuntu VM.
• Ping Azure VM: Run the command ping <private IP address of Azure VM>.

Step 2: Test ICMP Connectivity from Azure VM to GCP VM

• RDP into Azure VM: Use RDP to connect to your Azure Windows VM.
• Open Command Prompt: Open the Command Prompt on your Azure VM.
• Ping GCP VM: Run the command ping <private IP address of GCP VM>.

Step 3: Test RDP Connectivity from GCP VM to Azure VM

• Install RDP client on GCP VM: Install an RDP client like Remmina on your GCP Ubuntu VM.
• RDP to Azure VM: Use the RDP client to connect to the private IP address of your Azure Windows VM.

Step 4: Verify VPN Connection

• Check GCP VPN status: Verify that the VPN connection is established and stable in GCP.
• Check Azure VPN status: Verify that the VPN connection is established and stable in Azure.

Conclusion

Setting up a VPN between Azure and GCP creates a secure bridge between your resources in both clouds. While the initial setup requires careful configuration, the result is a reliable, encrypted connection that enables hybrid cloud architectures. Remember to monitor the connection and adjust configurations as your needs evolve.