Setting up a VPN to access Google Cloud Storage bucket

[ibarizz]

Hello,

I'm working on implementing a solution that involves setting up a site-to-site VPN from my on-premises infrastructure to Google Cloud. The goal is to have my Backup Server (Veeam) transfer backups directly to a Google Cloud Storage bucket over a VPN tunnel (using a standard IPSec configuration), avoiding internet traffic.

Veeam provides this knowledge base article for configuring backup destinations in both GCP and on-prem environments: https://www.veeam.com/kb4324.

However, I'm facing challenges in understanding how to facilitate the communication between GCP VPCs and Cloud Storage. For instance, in AWS, you can use PrivateLink or interface endpoints to route traffic to S3 over a private connection, ensuring that data does not traverse the public internet. In that setup, an endpoint is created and linked to the VPC subnet where the VPN tunnel is configured.

In Google Cloud, there isn't a direct equivalent to an endpoint (ENI) for Cloud Storage. Given that, what would be the best approach to route traffic between my GCP VPC and a Cloud Storage bucket through the VPN, ensuring private data transfer? Are there alternative mechanisms within Google Cloud that would provide a similar level of security and functionality to AWS PrivateLink?

Thank you!

[oleg.feoktistov]

Hi,

Have a look at Private Service Connect. I haven't used it personally, but that might be what you are looking for. Should allow you to route your requests further to the Google Cloud Storage api via the private endpoint given that your on-premise network is connected to Google Cloud VPC via CloudVPN or Interconnect and proper routing is in place.

Best regards,
Oleg

[ibarizz]

Hey Oleg!
I managed it to work so thank you for your kind advise

[oleg.feoktistov]

Of course, glad I could help!