I'm not sure about Google Cloud specifically, but most cloud providers (AWS/Azure) do not route private subnets behind the vMX (for example the client VPN subnet in this case) out to the internet. However, VPN clients are still able to access cloud resources if you configure routing correctly. You can (1) Split tunneling; or (2) Turn the vMX to NAT mode, which is the default mode when you first spin it up. More info here: https://documentation.meraki.com/MX/Other_Topics/vMX_NAT_Mode_Use_Cases_and_FAQ
... View more