Create ipsec tunnel between google cloud platform and mikrotik
The final goal of this tutorial is to connect between local ip on premise and local ip vm instance in gcp.
The first thing to do is create a vpc network where later the new network in the vpc will be used in the vm instance. go to your gcp console choose vpc network and create vpc network, dont forget to spesific your region area. when your completed create vpc network the result will be like this.
the next step is create vm instance in menu compute engine, which needs to be considered when creating vm instances on the network interface you need replace the default network to the vpc that was made earlier (vpc-1) click done and click create. Wait until the create instance is complete.
ok next go to menu Hybrid Connectivity -> VPN and click vpn setup wizard. in this tutorial iam choose classic vpn and click continue. In menu Create a VPN connection you must change network to vpc-1 and this tutorial iam choose reserve ip address.
Next in tunnel configuration you must fill remote ip address (your ip public in mikrotik) and choose IKE version in this tutorial iam used IKEv2 , then generate IKE pre shared key and dont forget copy this code.
In menu routing options choose route-based and fill the remote network ip (whitelist ip local in on premise network). click done and click create
move to mikrotik and go to ipsec menu. in ipsec proposal use configuration like this.
Move to ipsec peer and fill the address with ip public gcp which has been made before you can check in vpn menu.
in exchange mode change with IKEv2 and fill the generate code for secret key.
In ipsec policies fill src address and dst adress. In tab action fill the public ip and adjust the proposal that was made previously
wait until status change with established like this. when I try it takes about 10–15 minutes.
next back to gcp console > vpc network > firewall. we need create firewall rule for accept connection to vpc-1.
next iam try telnet port ssh from whitelist ip on premise (192.168.13.245) to local ip vm instance (15.0.0.5)
if successful it will appear as below
