Can we change GCP Cloud VPN default parameters?

Question

I am trying to set up a site-to-site IPSec tunnel with Google Cloud Platform.

The On-Prem data-centre engineers have asked if we can increase IKEv2 Phase 1 lifetime from 36,000 to 86,400 seconds.

However, it does not appear to be a setting that can be changed; not via GCP Console and not in Terraform/Ansible docs. Does any one know any API instructions to modify this?

The Params are shown on the link below:

https://cloud.google.com/vpn/docs/concepts/supported-ike-ciphers

Will greatly appreciate any help/suggestion on this.

thank you

Answer 1

Since this was a pressing issue for our project, we decided to contact GCP Support and we got the following confirmations:

• On the question of changing Phase 1 SA lifetime change to 86400 seconds: they confirmed that it is a hard limit, you can’t modify this value/s at least not in GCP side;

They also confirmed that in GCP you can’t adjust any Cloud VPN settings, that’s why you need to abide by GCP’s values/configuration recommendations

For me, it is reasonable since GCP provides a range of parameters compatible with various systems.

I will update the title of this question and mark as resolved.

Answer 2

You cannot change the lifetime from Google side, as the doc you post said, Google side (Cloud VPN) just negotiates the lifetime with the on-premise, being the max 36,000 seconds (10 hours) for Phase1.

In any case, you will need to change this at your on-premise side.