Wow, just re-read this. I must have been pretty annoyed at the time to write "you suck" in such a childish way.
Anyway, we did end up going with option #2 by deploying a couple Ubiquiti EdgeRouters at each site and setting up all of our 3rd party VPN peers to connect via those, then static route the Meraki MX's to route packets destined for our VPN-remote networks to those EdgeRouters. It's definitely an annoying solution because it's more devices to worry about on the network, and sometimes the tunnels go down for inexplicable reasons and we have to reboot the EdgeRouters (that's a different issue in the EdgeRouter/VyOS firmware).
Please please pretty please, add IKEv2 support to the Meraki MX line so we can move the tunnels to GCP back to the Meraki firewalls and eliminate the extra complexity on our network of having separate VPN tunnel devices
FYI, Google Cloud used to allow specifying multiple local and remote subnets in a single IKEv1 tunnel configuration, which is what Meraki does, and you could bring up the tunnel. However, Google later said multiple subnets in an IKEv1 tunnel was against standards and restricted their API to disallow this. Google says only IKEv2 permits this, but Meraki won't support IKEv2, something that's been around for *years*.
So now, Meraki is basically incompatible with Google Cloud VPN because your choices are:
Both of these solutions suck. Meraki, you suck. Can you hear a paying customer?
Customer support service by UserEcho