Skip to content

Instantly share code, notes, and snippets.

@mikesparr
Created April 28, 2021 23:54
Show Gist options
  • Save mikesparr/e3a06763e2f67735f96e6940eedb055e to your computer and use it in GitHub Desktop.
Save mikesparr/e3a06763e2f67735f96e6940eedb055e to your computer and use it in GitHub Desktop.
Installing FreeSwitch on GCP with public and private VMs behind load balancer and NAT
#!/usr/bin/env bash
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog # workflow identity domain
export GCP_REGION="us-west4"
export GCP_ZONE="us-west4-a"
export NETWORK_NAME="default"
export CLOUD_ROUTER_NAME="fs-router-1"
export CLOUD_ROUTER_ASN="64523"
export NAT_GW_NAME="fs-nat-1"
# enable apis
gcloud services enable compute.googleapis.com \
iap.googleapis.com
# create compute instance
gcloud compute instances create freeswitch-test \
--image-family debian-10 \
--image-project debian-cloud \
--tags=freeswitch
# create firewall rules
export FW_PORTS="UDP:1719,TCP:1720,TCP:2855-2856,UDP:3478-3479,TCP:5002-5003,UDP:5060,TCP:5060,UDP:5070,TCP:5070,UDP:5080,TCP:5080,UDP:16384-32768,TCP:5066,TCP:7443,TCP:8081-8082"
gcloud compute firewall-rules create freeswitch-policy \
--allow $FW_PORTS \
--source-ranges=0.0.0.0/0 \
--target-tags=freeswitch
# create static IP and target pool / fwd rules
gcloud compute addresses create freeswitch-ip --region $GCP_REGION
gcloud compute target-pools create freeswitch --region $GCP_REGION
gcloud compute target-pools add-instances freeswitch \
--instances freeswitch-test \
--instances-zone $GCP_ZONE
gcloud compute forwarding-rules create freeswitch-forwarding \
--address freeswitch-ip \
--region $GCP_REGION \
--target-pool freeswitch
###########################################
# ----------- NAT TEST -------------
###########################################
gcloud config set compute/region $GCP_REGION
gcloud config set compute/zone $GCP_ZONE
# grant SSH access
gcloud compute firewall-rules create allow-ssh-ingress-from-iap \
--direction=INGRESS \
--action=allow \
--rules=tcp:22 \
--source-ranges=35.235.240.0/20
# grant user tunneling (one for each user or group [preferred])
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member=user:$PROJECT_USER \
--role=roles/iap.tunnelResourceAccessor
# create cloud router and nat gateway
gcloud compute routers create $CLOUD_ROUTER_NAME \
--network $NETWORK_NAME \
--asn $CLOUD_ROUTER_ASN \
--region $GCP_REGION
gcloud compute routers nats create $NAT_GW_NAME \
--router=$CLOUD_ROUTER_NAME \
--region=$GCP_REGION \
--auto-allocate-nat-external-ips \
--nat-all-subnet-ip-ranges \
--enable-logging
# create second test VM
gcloud compute instances create freeswitch-private \
--image-family debian-10 \
--image-project debian-cloud \
--no-address \
--tags=freeswitch
# add private VM (no external IP) to target pool
gcloud compute target-pools add-instances freeswitch \
--instances freeswitch-test,freeswitch-private \
--instances-zone $GCP_ZONE
# IAP tunnel SSH into private VM
gcloud compute ssh freeswitch-private \
--zone $GCP_ZONE \
--tunnel-through-iap
# install freeswitch (using sudo for commands)
# https://freeswitch.org/confluence/display/FREESWITCH/Debian+10+Buster
@mikesparr
Copy link
Author

First test worked with basic VM and external IP

Screen Shot 2021-04-28 at 4 42 31 PM

Second test worked with private VM and NAT gateway

Logged into VM using IAP tunnel and local terminal instead of cloud shell/SSH in console
Screen Shot 2021-04-28 at 5 42 47 PM

Installed dependencies
Screen Shot 2021-04-28 at 5 44 18 PM

Installed FreeSwitch (it auto-detected NAT)
Screen Shot 2021-04-28 at 5 47 52 PM

CLI access success!

Screen Shot 2021-04-28 at 5 55 28 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment