January 16, 2018 · secops opensource gcp

Starting an OpenVPN Server on Google Cloud

This guide and the video below will step you through getting an OpenVPN server running on Google Cloud, which you may find useful for doing things with a pseudo anonymous IP. The script used will start a preemptible instance and uses a dynamic IP address from Google.

To begin, you'll need to be logged into your Google Cloud Shell.

Clone the Gist

From the Google command line shell, clone the gist into your home directory:

$ git clone https://gist.github.com/kordless/de9854c9334f00f4176fac8c0ca67d0e vpn
[master 69db743] foo
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 start-vpn.sh

Change into the directory and set the script's mode bits to execute:

$ cd vpn
$ chmod 755 start-vpn.sh

Start the Instance

Start the instance:

$ ./start-vpn.sh
Created [https://www.googleapis.com/compute/v1/projects/wisdom-172109/zones/us-west1-b/instances/vpn-ct7w].
NAME      ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP     STATUS
vpn-ct7w  us-west1-b  n1-standard-1  true         10.138.0.6   35.199.180.117  RUNNING
Creating firewall...|Created [https://www.googleapis.com/compute/beta/projects/wisdom-172109/global/firewalls/vpn-allow-8787-ct7w].
Creating firewall...done.
NAME                 NETWORK  DIRECTION  PRIORITY  ALLOW     DENY
vpn-allow-8787-ct7w  default  INGRESS    65535     tcp:8787
Creating firewall...|Created [https://www.googleapis.com/compute/beta/projects/wisdom-172109/global/firewalls/vpn-allow-3838-ct7w].
Creating firewall...done.
NAME                 NETWORK  DIRECTION  PRIORITY  ALLOW     DENY
vpn-allow-3838-ct7w  default  INGRESS    65535     tcp:3838
VPN server will be available for setup at https://35.199.180.117 in a few minutes.

Grab some coffee and then click on the server's URL in the shell after a few minutes.

Configure the Server

The rest of this setup will be discussed in the video guide. If you want, you can do this without watching the video by heading over to the configuration docs on the pritunl site.

Either way, you'll also need to install the pritunl client (scroll to the bottom). Do this step before you do anything else.

Remember, the default user/pass for the pritunl server is:

pritunl/pritunl

Lastly, you will need to open up whatever random UDP port the server gives you when you create it. Copy it into your paste buffer and then hit the firewall configuration in the Google Cloud console to create it!

Video Guide

I apologize in advance for covering up some of the buttons with my head. You'll be OK though, given the UI on the server setup is pretty straightforward. Be sure to refer to the guide above if you get stuck!

That's about it. Happy secops!