I have a GCP subnet, 192.168.5.0/24, and I have an instance of Google Cloud Filestore, on 192.168.6.0/29. I can mount the Google Cloud Filestore instance on machines in the subnet without any issue.
I also have another network, which isn't a VPC network (or a Google Cloud network at all), which I've connected to my GCP subnet through an ipsec tunnel. This other network is on 192.168.2.0/24.
I would like to mount the NFS Filestore on a machine (192.168.2.3) that's in this other network, but connected to the VPC network through the ipsec tunnel.
I was looking at my routes, and noticed that Google created a peering route that forwards all traffic to 192.168.6.0/29 to Filestore. I thought maybe I could create a peering route and forward stuff from some address on the subnet (let's say 192.168.5.101) to Filestore, but that doesn't seem to be the case (I can't even create peering routes).
So my question is, how can I mount this NFS fileshare on a machine outside the VPC network, but connected through an ipsec tunnel.
Best Answer
You cannot access Filestore file shares from an on premise environment or directly through a VPN. Filestore is designed to mount fileshares only to Compute Engine instances.
This can be worked around by using a VM instance as a proxy.
As I understand you have already connected your on-premise environment with the VPC network that the Filestore instance is hosted and you have already tested that you are able to mount file shares on a Compute Engine VM instance.
So what is missing, is connecting your on-premises client to the Compute Engine VM instance, in the same Project and VPC network, that will act as a proxy.
You may find more details on how to configure the proxy VM and establish the connection with the remote client in Google documentation