Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://cloud.google.com/database-migration/docs/postgres/configure-connectivity-vpns below:

Configure connectivity using VPNs | Database Migration Service

Stay organized with collections Save and categorize content based on your preferences.

If your source database is inside a VPN (in AWS, for example, or your on-premises VPN), you also need to use a VPN on the destination side to connect to the source.

There are many VPN products you can use. The steps to configure VPNs vary from one product to another, but all of them are fundamentally similar. This section contains examples using AWS and Google Cloud VPNs.

The source database server's firewall must be configured to allow the entire internal IP range allocated for the private service connection of the VPC network that the Cloud SQL destination instance is going to use.

To find the internal IP range in the console:

1. Go to the VPC networks page in the Google Cloud console.

2. Select the VPC network that you want to use.

3. Select Private services access > Allocated IP ranges for services.

4. Find the Internal IP range associated with the connection created by servicenetworking-googleapis-com.

Find more complete, step-by-step documentation in the following links:

• On the AWS side, set up a Site to Site VPN.
• On the Google Cloud side, create a Cloud VPN using static routing.

Put together, the overall sequence of steps looks like the following:

1. In Google Cloud console > VPC Networks > External IP addresses, reserve a static IP address to use for the Cloud VPN.
2. In the AWS VPC console:
   1. Create a customer gateway.
   2. Create a new virtual private gateway or add an existing one to the VPC associated with your database.
   3. In Routes Tables add route propagation:
   4. Click Edit, check the propagate checkbox and Save to add the IP address range of your Google Cloud VPC network as the destination range.
3. In the AWS VPC console, create the VPN:
   1. Under VPN Connections, select Site-to-site VPN Connections.
   2. Select Create VPN Connection.
   3. Enter a name for the VPN connection.
   4. For Virtual Private Gateway, select the private gateway that you created or selected earlier in this procedure.
   5. For Customer Gateway, select the customer gateway that you created earlier in this procedure.
   6. For Routing Options, select Static, and specify the static IP address you reserved for the Cloud VPN as a CIDR (add /32).
   7. Download the configuration to save the settings.
      1. Save the file as Default.
      2. Find the sections IP Sec Tunnels #1 and #2.
      3. Note the IKE version and Pre-Shared Key for each tunnel.
      4. Note the IP address for the Virtual Private Gateway for each tunnel.
      5. Note the IP address for the Static Route Configuration option for each tunnel.
4. In Google Cloud, create a Classic VPN using static routing.
   1. In Google Cloud console > Hybrid Connectivity > VPN:
   2. Click Create VPN connection.
      1. Select your VPC network and region.
      2. For the Cloud VPN, use the static IP address you reserved earlier in this procedure.
      3. Use a Pre-shared key and key type from the AWS configuration you downloaded earlier in this procedure.
      4. Select the Route based routing option and add two tunnels; for each tunnel's Remote network IP range field, use an IP address for the Static Route Configuration option from the IP Sec Tunnel sections of the AWS configuration file you downloaded earlier in this procedure.
      5. Click Create.Remote network IP range

1. In the AWS RDS console:
   1. Select a security group.
   2. Add inbound firewall rules to allow all protocols and ports from the Cloud VPN.

The VPN tunnels should begin communicating shortly. On the AWS side, in the VPC Dashboard, the tunnel statuses are UP. On the GCP side, view the traffic between the VPNs in the Cloud Logging console in the Cloud VPN gateway project.

To get VPC Peering with an HA VPN (dynamic routes) to AWS, you need to export BGP routes to the Cloud SQL peered VPC, and create a custom advertised route in Cloud Router for the Cloud SQL peered VPC imported route. At that point, Cloud Router is advertising AWS routes to the Cloud SQL VPC and the other way around. The firewall rules on both sides also need to match the Cloud SQL peering route CIDR.

On the AWS side, you can follow the first three steps in Example 1, except select Dynamic instead of Static under Routing options.

1. Select your Cloud SQL VPC Peering configuration in the Console and note the Destination IP ranges under IMPORTED ROUTES. For more information, see Importing and exporting custom routes.
2. Edit this VPC peering and check Import Custom Routes and Export Custom Routes in the VPC Peering connection details, and click SAVE.

   The peering now receives dynamic routes from your VPC like the routes coming from BGP peers. This allows traffic from the VPN to the peered network. However, Cloud Router is not yet advertising this route to other networks. To do so, you need to add custom advertised routes in the Cloud Router so that your VPC advertises the imported routes to other networks. For more information, see Importing and exporting custom routes.

3. Add your DESTINATION_IP_RANGE custom IP range as a custom route in the Cloud Router configuration advertised routes. BGP peered networks are now receiving advertisements of the imported Cloud SQL network routes, DESTINATION_IP_RANGE. Traffic on those VPN-connected networks bound for the Cloud SQL peered VPC are now routed through the VPN tunnel.
4. Allow routes to propagate in AWS route tables. Make sure AWS route tables for the subnets that contain your source database contain an entry for the DESTINATION_IP_RANGE range that routes to the VPN Virtual Private Gateway.
5. Add a security group firewall inbound rule to allow traffic for DESTINATION_IP_RANGE TCP port 5432. Connectivity can now be established.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-07-09 UTC.

[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-09 UTC."],[[["To connect a source database within a VPN (e.g., AWS or on-premises) to a destination, a VPN must also be used on the destination side."],["The source database server's firewall must allow the entire internal IP range allocated for the private service connection of the VPC network used by the Cloud SQL destination instance."],["When using AWS with Google Cloud Classic VPN, you need to reserve a static IP address in Google Cloud, create a customer gateway and virtual private gateway in AWS, and configure VPN connections with static routing on both sides."],["When using AWS with Google Cloud HA VPN, you need to configure VPC peering and export BGP routes to the Cloud SQL peered VPC, creating custom advertised routes in Cloud Router and ensuring firewall rules match the Cloud SQL peering route CIDR."],["When using an HA VPN, you must ensure routes are allowed to propagate in the AWS route tables, by making sure that the range of the IP address for the destination is present, pointing to the proper Virtual Private Gateway."]]],[]]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4