I have two vpn with the same provider, both vpn arrive at the same host, as inbound traffic for the second vpn was solved through an alias ip, but now I have the problem to redirect the traffic from output via the ip alias for the second vpn, is this possible?
It seems your project needs further inspection for providing you with recommendation of finding the root cause of the issue and for faster resolution, I would recommend to either open a Issuetracker case or Open an internal ticket with GCP team if you have subscribe any support package to your project
Related
So I have GCP set up and Kubernetes, I have a web app (Apache OFBiz) running on pods in the GKE cluster. We have a domain that points itself to the web app, so essentially it's accessible from anywhere on the internet. Our issue is since this is a school project, we want to limit the access to the web app to the internal network on GCP, we want to simulate a VPN connection. I have a VPN gateway set up, but I have no idea what to do on any random computer to simulate a connection to the internal network on GCP. Do I need something else to make this work? What are the steps on the host to connect to GCP? And finally, how do I go about limiting access to the webapp so only people in the internal network have access to the webapp?
When I want to test a VPN, I simply create a new VPC in my project and I connect both with Cloud VPN. Then, in the new VPC, you can create VM that simulate computer in the other side of the VPN and thus simulate what you want.
To setup a VPN on GCP you can use Cloud VPN using static or dynamic routing, you will need to configure a remote peer from the location you want to access your GCP resources to establish the connection towards the Cloud VPN gateway on GCP end.
This means you may require a router that supports creating VPN tunnels on your on-premises or use a host that acts like a router to establish this connection using a VPN software towards Cloud VPN (like Strongswan, for example).
You can block external access to the resources on your VPC network by using GCP firewall rules and just allow specific ports or source IP ranges as you wish.
Another option, even if it's not a VPN or encrypted traffic, is to only allow ingress traffic from the public IP from where you would like to connect to your internal VPC, but this is less secure and would only work if you have an static public IP on your on-premises.
Since you said this is a school project, I would recommend asking your teacher for more direct advice. That said, you can't "simulate" a VPN but you can set up an IPSec client on your laptop or whatever and actually connect to it. Unfortunately Google doesn't appear to have any documentation on this so I'm guessing they presume you already know IPSec well enough to write a connection config yourself.
Using kubectl port-forward might be an easier solution.
So I have created something small which is a image-rehost where I wish to use Python script where I have a URL such as https://i.imgur.com/VBPNX9p.jpg but with my rehost it would be
https://ip:port/abc123def456
so whenever I access that page it would give me the url that I posted here.
However the issue I am having is that I have no clue how to actually host the server that I made by node-js. Right now I just used the external IP with port of 5000. When I tried to send the image through my home ip by using the
https://external_ip:5000/abc123
the server doesn't recognize anything and nothing is being sent to the server which I in that case think I have setup something wrong.
I am using Google cloud server and I would wish to know how I can host my own server in the google cloud?
As you are having trouble adding a firewall rule, I'm going to suggest make sure port 5000 is open and not 8888.
To open the firewall rule for port 5000 in Google Cloud Platform follow these steps.
1) Navigate to VPC Network > Firewall rules > Create firewall rule.
2) In the 'Create a firewall rule' page, select these settings:
Name - choose a name for this firewall rule
Network - select the name of the network your instance belongs to, most probably
'default' unless you've configured a custom network.
Direction of traffic - 'Ingress'.
Action on match - 'Allow'.
Targets - 'All instances in the network'.
Source filter - 'IP ranges'.
Source IP ranges - '0.0.0.0/0'.
Second source filter - 'None'.
Specified protocols and ports - 'tcp:5000' or 'udp:5000' depending on whether the protocol you are using uses tcp or udp.
3) Hit 'Create'.
This will create a rule allowing traffic on port 5000 to all instances in your network from all IP address sources.
My advice would be to see if these settings work, and then once confirming this, lock down the settings by specifying a specific IP address or range of IP addresses in the 'Source IP ranges' text box, and adding a target tag to you instance and specifying 'Specified target tags' so the port is only open to the instance.
If this doesn't work, you may have a firewall rule turned on within the instance, which you would need to configure (or turn it off).
For more detailed information about setting firewall rules please see here.
For running Node.sj on GCE VM I will suggest you use the Bitnami Node.js package on GCP Marketplace which includes the latest version of Node.js, Apache, Python, and Redis. Using a pre-configured Node.js environment gets you up and running quickly because everything works out of the box. Manually configuring an environment can be a difficult and time-consuming hurdle to developing an application.
Also if you wish to do URL redirection you can use URL map feature provided with Google Cloud HTTP load balancer. This feature allows you to direct traffic to different instances based on the incoming URL. For example, you can send requests for http://www.example.com/audio to one backend service, which contains instances configured to deliver audio files, and requests for http://www.example.com/video to another backend service, which contains instances configured to deliver video files. You find steps to configure and more information here.
I am using Appache Tomcat to host webpages that can be accessed by authenticated users and a UDP socket has been opened on port 14550 in which devices sends a stream of communication messages. The system is working fine in the local network. I tried to host the this in Openshift and later found that Openshift does not allow external UDP communication. Now I am considering Amazon EC2 instance, new VM in Azure or in GCP. I would like to know that will there be any issue in using the sockets from my application. Thank you in advance.
No, on AWS EC2 everything is allowed, you just need to configure your Security Group to allow specific web traffic, UDP traffic can also be allowed their.
I was also looking for possible workaround for this issue, but it's quite easy irrespective of what platform language you are using to develop socket program on AWS EC2, as am using Node.js nginx in my case, this should work for all supporting platforms.
Configure Security Group
In the AWS console, open the EC2 tab.
Select the relevant region and click on Security Group.
You should have an default security group if you
have launched an Elastic Beanstalk instance in that region for your
app.
click on Actions button at top, and select Edit inbound rules.
here in Type column select All UDP, or you can set some Custom UDP
rule as well to listen at your socket port.
And there just enter port of your UDP server Ex: 2020.
And that's it!
Note: If something is not working, check the "Events" tab in the Beanstalk application / environments and find out what went wrong.
How can i host a website through my computer using server softwares?
I tried to host a website through my own computer using apache tomcat server but it didnt work ( please briefly explain every point )
The main issue that you need to deal with is getting the clients to your computer.
Yes, it is possible and yes I have done it, albeit a while ago.
You need to see if you can browse to your computers website from another device on your network, this will ensure that apache is working. Try another computer/laptop/tablet/whatever to see if this site reachable by other computers using the IP Address and possibly port number. If you cannot get to the site, there are settings in apache to deny certain ip's, google it to get the exact steps for your version. If it works, move on to step 2.
You will need a static IP Address to ensure that all further steps stay working, google this if you are not sure how to do it
You need to have the external IP address of your router(whatsmyip.org) or use Dynamic DNS to route traffic from an address to your ip and there are services that allow this. I can recommend no-ip.com - This is all assuming that you have access to the router.
You would be required to set up port forwarding on your router. This will direct the internet traffic to your computer. You will need to get the exact instructions for your specific model of router.
Please be aware that you need to have proper firewalls and systems in place to prevent attacks. I am sure that you are just testing at this point though...
All the best!
I have just created a Google Cloud SQL instance. When I was looking on the access control of my instance, I found that if I want to access my database, I should authorize my IP address to get the right to access the database, but the problem is that my application will be deployed anywhere where the clients need, and even if I know where they will run the application and also I authorized their IP address, it (the IP) will be changed at least one time every 24 hours because it is not static IP, and then I have to re-authorize the IP again and again!
Is there any way to make the instance accessible from any IP?
Thanks
You can whitelist any subnet. You just need to enter it using CIDR notation: http://en.wikipedia.org/wiki/Cidr
In particular, you can whitelist 0.0.0.0/0 which includes all possible IP Address.
Please note that this is not recommended for security reasons. You want your access to be as restricted as possible.
This is an older post, but I noticed it on the sidebar so I figured I would add my 2c.
If you're able to use Cloud SQL Second Gen (currently in Beta) there is a new feature which allows access to the database without having to whitelist any firewalls: https://cloud.google.com/sql/docs/sql-proxy
Today, I was looking for a way to set-up an MS-SQL server for development purpose and found the similiar problem (how to allow my laptop to access).
This guide, helps.
In short, you need to allow firewall to enable EXTERNAL access to your VM instance at port 1433.