Connect GCP to AWS avoiding IP clashes while creating a new VPN

Question

Following this tutorial I'm trying to create a VPN tunnel between GCP and AWS, which I actually managed to create successfully to some extent.

The first attempt to connect the two cloud environments, after a lot of trial and error, went smoothly and now I can interrogate an RDS instance from GCP. But I have 2 other instances to connect to an application that resides in GCP and there are two subnets that overlap, so when I try to create a new VPN in GCP it tells me that the IP ranges are already in use. Now I guess that I need a sort of Cloud NAT in the middle in order to translate those IP ranges to something that is acceptable for GCP, but I haven't found a clear tutorial that will guide me.

Answer 1

There are some tricks that you can do with routing priority and selective (restrictive CIDR blocks), but if the IP address or an instance on the AWS side is within your Google VPC CIDR block, you cannot. You will need to remap the CIDR block on one side or the other. This means creating a new Google VPC or AWS subnet with non-overlapping CIDR blocks and move the services to the new network.

Your suggestion of using a NAT will not work. The NAT will have the same problem. Two interfaces with overlapping addresses. Also, I am not aware of an AWS or Google provided VPN that supports VPN over NAT as IP protocol 50 (ESP) is at Layer 3 which is not affected by TCP (IP Protocol 6) Layer 3 + TCP Ports Layer 4. ESP and TCP work side by side in the network stack and without tunneling, you cannot route ESP with TCP NAT/PAT.