Skip Navigation
Show nav
Heroku Dev Center
  • Get Started
  • Documentation
  • Changelog
  • Search
  • Get Started
    • Node.js
    • Ruby on Rails
    • Ruby
    • Python
    • Java
    • PHP
    • Go
    • Scala
    • Clojure
  • Documentation
  • Changelog
  • More
    Additional Resources
    • Home
    • Elements
    • Products
    • Pricing
    • Careers
    • Help
    • Status
    • Events
    • Podcasts
    • Compliance Center
    Heroku Blog

    Heroku Blog

    Find out what's new with Heroku on our blog.

    Visit Blog
  • Log inorSign up
View categories

Categories

  • Heroku Architecture
    • Dynos (app containers)
    • Stacks (operating system images)
    • Networking & DNS
    • Platform Policies
    • Platform Principles
  • Command Line
  • Deployment
    • Deploying with Git
    • Deploying with Docker
    • Deployment Integrations
  • Continuous Delivery
    • Continuous Integration
  • Language Support
    • Node.js
    • Ruby
      • Working with Bundler
      • Rails Support
    • Python
      • Background Jobs in Python
      • Working with Django
    • Java
      • Working with Maven
      • Java Database Operations
      • Working with Spring Boot
      • Java Advanced Topics
    • PHP
    • Go
      • Go Dependency Management
    • Scala
    • Clojure
  • Databases & Data Management
    • Heroku Postgres
      • Postgres Basics
      • Postgres Getting Started
      • Postgres Performance
      • Postgres Data Transfer & Preservation
      • Postgres Availability
      • Postgres Special Topics
    • Heroku Data For Redis
    • Apache Kafka on Heroku
    • Other Data Stores
  • Monitoring & Metrics
    • Logging
  • App Performance
  • Add-ons
    • All Add-ons
  • Collaboration
  • Security
    • App Security
    • Identities & Authentication
    • Compliance
  • Heroku Enterprise
    • Private Spaces
      • Infrastructure Networking
    • Enterprise Accounts
    • Enterprise Teams
    • Heroku Connect (Salesforce sync)
      • Heroku Connect Administration
      • Heroku Connect Reference
      • Heroku Connect Troubleshooting
    • Single Sign-on (SSO)
  • Patterns & Best Practices
  • Extending Heroku
    • Platform API
    • App Webhooks
    • Heroku Labs
    • Building Add-ons
      • Add-on Development Tasks
      • Add-on APIs
      • Add-on Guidelines & Requirements
    • Building CLI Plugins
    • Developing Buildpacks
    • Dev Center
  • Accounts & Billing
  • Troubleshooting & Support
  • Integrating with Salesforce
  • Heroku Enterprise
  • Private Spaces
  • Infrastructure Networking
  • Site-to-site VPN Connections to Google Cloud Platform

Site-to-site VPN Connections to Google Cloud Platform

English — 日本語に切り替える

Last updated May 30, 2019

Table of Contents

  • Manual setup
  • Terraform setup

Heroku Private Space VPN connections are compatible with Google Cloud VPN, GCP’s managed VPN feature. This makes it easy to establish a secure site-to-site VPN connection between your Private Space and GCP infrastructure.

You can connect your Private Space with GCP manually, or use Terraform to automate the configuration.

Manual setup

First, check that your Google VPC’s internal network CIDR range doesn’t conflict with that of your Private Space (typically 10.0.0.0/16).

When creating the Heroku VPN connection, you have to specify both the public IP of the GCP VPN gateway and the CIDR range of the GCP network. For that reason, the simplest order of operations is the following:

  1. Create your Heroku Private Space and GCP VPC (if you don’t have them already), making sure their respective CIDR ranges don’t overlap.
  2. Reserve a GCP static external IP address (this is used for the GCP VPN gateway later).
  3. Using the GCP IP address and internal network CIDR, provision the Heroku VPN connection. When provisioning is complete, get the public IPs for the Heroku VPN gateway, as well as the pre-shared IKEv1 keys.
  4. Create the GCP VPN gateway and tunnels using the IPs and IKEv1 pre-shared keys returned by the heroku spaces:vpn:config command.
  5. After a few minutes, both tunnels should come up.

For example, assume that you’re using the IP 35.237.228.210 for the GCP VPN gateway, and that the GCP subnet is 10.138.0.0/16. You create the Heroku VPN gateway like this:

$ heroku spaces:vpn:connect -i 35.237.228.210 -c 10.138.0.0/16 -n vpn-connection-name -s your-space

Wait for provisioning to complete and print the connection info:

$ heroku spaces:vpn:wait  -n vpn-connection-name -s your-space
Waiting for VPN Connection vpn-connection-name to allocate... done

=== vpn-connection-name VPN Tunnels
VPN Tunnel  Customer Gateway  VPN Gateway     Pre-shared Key                    Routable Subnets  IKE Version
──────────  ────────────────  ──────────────  ────────────────────────────────  ────────────────  ───────────
Tunnel 1    35.237.228.210    34.195.35.105   sY0sjBWR7YVeJI8x41Go5.ZRq.ohQOLu  10.0.0.0/16       1
Tunnel 2    35.237.228.210    34.224.185.144  MmesiNxUH0OfcghtYrVSrTDhXj48qPmn  10.0.0.0/16       1

Use this information to complete setup on the GCP side. When creating tunnels, choose “Route-based” for “Routing options” (Heroku VPN does not support BGP). The remote IP range is the CIDR range of your Heroku Private Space (typically 10.0.0.0/16).

See the Google VPN docs for details on tunnel configuration.

Finally, check that both tunnels come up:

$ heroku spaces:vpn:info -s your-space vpn-connection-name

Terraform setup

You may choose to use Terraform to automate this cross-cloud configuration between Heroku and Google Cloud Platform. Get started Using Terraform with Heroku.

The terraform-heroku-vpn-gcp configuration module & examples are available on GitHub. Follow the Usage instructions in the repo’s README.

Once the configuration has been applied by Terraform, you can view the VPN connection status:

$ heroku spaces:vpn:connections -s <space name>
=== space-name VPN Connections
Name     Status  Tunnels
───────  ──────  ─────────
default  active  DOWN/DOWN

Keep reading

  • Infrastructure Networking

Feedback

Log in to submit feedback.

Information & Support

  • Getting Started
  • Documentation
  • Changelog
  • Compliance Center
  • Training & Education
  • Blog
  • Podcasts
  • Support Channels
  • Status

Language Reference

  • Node.js
  • Ruby
  • Java
  • PHP
  • Python
  • Go
  • Scala
  • Clojure

Other Resources

  • Careers
  • Elements
  • Products
  • Pricing

Subscribe to our monthly newsletter

Your email address:

  • RSS
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku Blog
    • Heroku News Blog
    • Heroku Engineering Blog
  • Heroku Podcasts
  • Twitter
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku
    • Heroku Status
  • Facebook
  • Instagram
  • Github
  • LinkedIn
  • YouTube
Heroku is acompany

 © Salesforce.com

  • heroku.com
  • Terms of Service
  • Privacy
  • Cookies
  • Cookie Preferences