Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
Advantages of Cloud VPN
Types of Cloud VPN
Classical VPN
Network bandwidth
Tunnel MTU
IPV6 Support
Visualizing and monitoring Cloud VPN connections
Frequently asked questions
What Is A VPN, or Virtual Private Network?
What Resources (people, computing power, bandwidth, etc.) Are Necessary For VPN Deployment, Usage, and Maintenance?
What Connection Exists Between Firewalls And VPN?
Are There Any Use Cases Or Environments Where VPNs Would Actually Be Harmful?
Is VPN a long-term solution or a quick stopgap measure?
Last Updated: Mar 27, 2024

Cloud VPN

Leveraging ChatGPT - GenAI as a Microsoft Data Expert
Prerita Agarwal
Data Specialist @
23 Jul, 2024 @ 01:30 PM


An encrypted connection between a device and a network via the Internet is known as a virtual private network, or VPN. Secure transmission of sensitive data is aided by the encrypted connection. It makes it impossible for unauthorised parties to eavesdrop on the traffic and enables remote work for the user. The use of VPN technology is common in business settings.

Through an IPsec VPN connection, Cloud VPN safely joins your peer network to your Virtual Private Cloud (VPC) network. One VPN gateway encrypts traffic between the two networks, and the second VPN gateway decrypts it. Your data is protected as it moves across the internet thanks to this step. Additionally, you can link up two Cloud VPN instances.

cloud vpn

In this blog we are going to learn about cloud VPN supported by Google cloud in particular.

Advantages of Cloud VPN

Direct Cloud Access: Over time, businesses have relied more and more on cloud-based services for data storage and application development. Traditional VPNs increase network latency for cloud-based resources because they route all traffic through the corporate network. Direct, secure remote access to the company's cloud deployment is made possible through a cloud VPN.

Global Accessibility: Since corporate networks are the only places where hardware VPNs can be installed, this limits their applicability internationally and raises network latency for a distributed workforce. Cloud-hosted VPNs offer better network performance and access because they are accessible from anywhere in the world.

Flexibility: Because traditional VPNs can be challenging to set up and configure, they frequently make only gradual adjustments to shifting network architectures and needs. A cloud-based VPN offers more usability and flexibility and is managed by the cloud service provider.

Scalability: The maximum number of connections or bandwidth that traditional hardware VPNs can support restricts their capacity to scale to meet rising demand. Like any cloud-based solution, cloud-based VPNs scale more easily, allowing a company to adjust VPN user numbers and bandwidth as necessary.

Mobile Support: Since mobile devices are becoming more and more popular among remote workers, corporate VPN software is frequently challenging to use on them. For these remote professionals, cloud VPN solutions frequently incorporate explicit mobile support.

Types of Cloud VPN

types of cloud vpn


By using an IPsec VPN connection in a single region, the high-availability (HA) Cloud VPN solution known as HA VPN enables you to safely link your on-premises network to your VPC network. An SLA of 99.99 percent service availability is offered by HA VPN.

Google Cloud automatically selects two external IPv4 addresses when you construct a HA VPN gateway, one for each of its predetermined number of two interfaces. To support high availability, each IPv4 address is automatically selected from a different address pool. Multiple tunnels are supported by each interface of the HA VPN gateway. Additionally, you can design numerous HA VPN gateways. The IP addresses are made available for reuse by Google Cloud when the HA VPN gateway is deleted. One active interface and one external IP address are sufficient to build a HA VPN gateway; however, this configuration does not offer a 99.99 percent service availability SLA.

Classical VPN

All Cloud VPN gateways built prior to the launch of HA VPN are referred to as Classic VPN gateways. 

Unlike HA VPN, Classic VPN gateways offer tunnels that employ static routing and have a single interface and external IP address (policy-based or route-based). For tunnels connecting to third-party VPN gateway software running on Google Cloud VM instances, you can additionally configure dynamic routing (BGP) for Classic VPN

The SLA for traditional VPN gateways is 99.9% service availability.

Traditional VPN entry points do not support IPv6.

Comparison between Classical and HA VPN



Classical VPN

SLA When configured with two interfaces and two external IP addresses, it offers a SLA of 99.99 percent. provides a SLA of 99.9%.
Creation of external IP addresses and forwarding rules External IP addresses are generated from a pool without the need for forwarding rules It is necessary to create external IP addresses and forwarding rules.
Supported routing options Routing only using dynamic (BGP). Fixed routing (policy-based, route-based). Only tunnels that link to third-party VPN gateway programmes running on Google Cloud VM instances are supported for dynamic routing.
Two tunnels from one Cloud VPN gateway to the same peer gateway Supported Not supported
API resources referred to as the vpn-gateway source The resource is called the target-vpn-gateway.
IPv6 traffic Supported Not supported
Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job


Under the conditions stated in this section, Cloud VPN only allows site-to-site IPsec VPN communication. The client-to-gateway situations are not supported. To put it another way, Cloud VPN does not allow use cases where client PCs must "call in" to a VPN using client VPN software.

Only IPsec is supported by cloud VPN. Other VPN technologies are not supported, including SSL VPN.

The traffic from the following Cloud VPN servers stays on the Google production network

  • one HA VPN gateway and another
  • two Classic VPN gateways together
  • between a Classic VPN gateway and a Compute Engine VM operating as a VPN gateway's external IP address

A peer VPN gateway or another cloud VPN gateway must be connected to each cloud VPN gateway.

An external (internet routable) static IPv4 address is required for the peer VPN gateway. In order to set up Cloud VPN, you require this IP address.

Network bandwidth


Ingress and egress traffic over each Cloud VPN connection may support up to 3 gigabits per second (Gbps).

Sent bytes and Received bytes, which are discussed under View logs and metrics, are the metrics associated with this limit. Remember that the measurements are measured in bytes, but the 3-Gbps limit is measured in bits per second. The maximum speed, expressed in bytes, is 375 megabytes per second (MBps). Use the sum of sent and received bytes in comparison to the converted limit of 375 MBps when calculating use in relation to the cap.

Tunnel MTU

The MTU for cloud VPN is always 1460 bytes. Cloud VPN uses MSS clamping to lower the TCP MTU setting to 1460 in the event that the VMs and networks on either side of the tunnel have higher MTUs. The VPN gateways can additionally enable path MTU discovery (PMTUD) via ICMP error messages, which lowers the MTU for UDP packets.

You can decrease the MTU of the particular VMs that are utilising the tunnel for communication if UDP packets are being dropped. Lowering the MTU is adequate for user-supplied images and Windows virtual machines. Additionally, you need to turn off DHCP MTU updates for those VMs using the Linux images that Google provides.

IPV6 Support

IPV6 support

In contrast to Classic VPN, Cloud VPN does not support IPv6.

In order to link IPv6-enabled VPC networks with other IPv6-enabled networks, you can build HA VPN gateways and tunnels. On-premises networks, multi cloud networks, or other VPC networks can be included in these networks. Your IPv6-enabled VPC networks must have dual-stack subnets in order to carry IPv6 traffic in your HA VPN tunnels. Additionally, internal IPv6 ranges must be assigned to the subnets.

HA VPN tunnels only allow for regional IPv6 traffic routing. Within the region designated to the HA VPN gateway, IPv6 traffic is routed. In HA VPN tunnels, global routing for IPv6 traffic is not supported.

Visualizing and monitoring Cloud VPN connections


A visualisation tool called Network Topology displays the topology of your VPC networks, hybrid connections to and from your on-premises networks, as well as the related metrics. In the Network Topology view, you can see your VPN tunnels and Cloud VPN gateways as separate entities.

A base entity, which represents a resource that may directly communicate with other resources across a network, is the lowest level of a specific hierarchy. By combining base things, Network Topology creates hierarchical entities that you can extend or collapse. A Network Topology graph collects all the base entities into their top-level hierarchy when you first view it.

Frequently asked questions

What Is A VPN, or Virtual Private Network?

A VPN is "an encrypted connection from one point to another across any network that gives the appearance of being a private network," according to the definition of the term. 

What Resources (people, computing power, bandwidth, etc.) Are Necessary For VPN Deployment, Usage, and Maintenance?

The network or system administrator personnel generally treats VPNs as if they were just another task. Since most VPN installations only need setting up a VPN once, whoever is currently managing the firewall can easily expand their responsibilities to include VPN management.

What Connection Exists Between Firewalls And VPN?

While VPNs were accessible before firewalls through routers and modems that encrypt data, they became widely used on or in conjunction with firewalls. Nowadays, the majority of customers would anticipate a VPN option from a firewall manufacturer. (Although the majority of people today don't utilise VPNs.) They also want the same firewall administration interface to be used for management. However, consumers today appear to want almost everything on the firewall, including mail servers, name servers, HTTP proxy servers, FTP servers, directory servers, and others. 

Are There Any Use Cases Or Environments Where VPNs Would Actually Be Harmful?

Just the conversations you want everyone to be able to listen in on. In general, the answer is "no," however if a VPN is being used between a system that is protected by a firewall and a system that is not, the firewall cannot enforce an organization's security policy beyond connection rules.

Is VPN a long-term solution or a quick stopgap measure?

VPNs are a sustainable option. Although VPNs may become commonplace and obvious to the user, they won't disappear. Because the issue that VPNs try to solve, namely privacy over a public network, is here to stay. From the desktop to the server, and at both the IP packet level and the application data level, VPNs will be available.


In this article, we learned about the cloud VPN and also the specifications that are necessary to run a VPN in google. We also learned about the types of Cloud VPN in Google cloud and comparison between.

For more cloud related information you can refer to the following articles:

Cloud APIs

Cloud DNS

Google Cloud Console

Cloud Domains

To learn more about DSA, competitive coding and many more knowledgeable topics, please look into the guided paths on Coding Ninjas Studio. Also, you can enroll in our courses and check out the mock test and problems available to you. Please check out our interview experiences and interview bundle for placement preparations.

thank you


Please upvote our blog to help other ninjas grow.

Happy Learning

Live masterclass