January 15, 2018 · secops opensource gcp

Starting an OpenVPN Server on Google Cloud

This guide and the video below will step you through getting an OpenVPN server running on Google Cloud, which you may find useful for doing things with a pseudo anonymous IP. The script used will start a preemptible instance and uses a dynamic IP address from Google.

To begin, you'll need to be logged into your Google Cloud Shell.

Clone the Gist

From the Google command line shell, clone the gist into your home directory:

$ git clone https://gist.github.com/kordless/de9854c9334f00f4176fac8c0ca67d0e vpn
[master 69db743] foo
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 start-vpn.sh

Change into the directory and set the script's mode bits to execute:

$ cd vpn
$ chmod 755 start-vpn.sh

Start the Instance

Start the instance:

$ ./start-vpn.sh
Created [https://www.googleapis.com/compute/v1/projects/wisdom-172109/zones/us-west1-b/instances/vpn-ct7w].
vpn-ct7w  us-west1-b  n1-standard-1  true  RUNNING
Creating firewall...|Created [https://www.googleapis.com/compute/beta/projects/wisdom-172109/global/firewalls/vpn-allow-8787-ct7w].
Creating firewall...done.
vpn-allow-8787-ct7w  default  INGRESS    65535     tcp:8787
Creating firewall...|Created [https://www.googleapis.com/compute/beta/projects/wisdom-172109/global/firewalls/vpn-allow-3838-ct7w].
Creating firewall...done.
vpn-allow-3838-ct7w  default  INGRESS    65535     tcp:3838
VPN server will be available for setup at in a few minutes.

Grab some coffee and then click on the server's URL in the shell after a few minutes.

Configure the Server

The rest of this setup will be discussed in the video guide. If you want, you can do this without watching the video by heading over to the configuration docs on the pritunl site.

Either way, you'll also need to install the pritunl client (scroll to the bottom). Do this step before you do anything else.

Remember, the default user/pass for the pritunl server is:


Lastly, you will need to open up whatever random UDP port the server gives you when you create it. Copy it into your paste buffer and then hit the firewall configuration in the Google Cloud console to create it!

Updates to Install

Over the last few months Printunl has updated the server to use a password for the printunl user. To set the password, you will need to SSH into the instance by navigating to the Google Compute Instances for your GCP account and then clicking on the vpn server's name/link below, and as shown in the video guide.

After you navigate to the instance's detail page, click on the SSH button. This will open a Google webshell into the instance. Once you are in the terminal on the box, enter the following to set and receive a new password for accessing the VPN configuration pages:

sudo pritunl default-password

You should get back something like this:

$ sudo pritunl default-password
[undefined][2019-02-05 17:54:48,075][INFO] Getting default administrator password
Administrator default password:
  username: "pritunl"
  password: "U6qgWc0xtIhQ"

Use that username and password to log into the instance.

Video Guide

I apologize in advance for covering up some of the buttons with my head. You'll be OK though, given the UI on the server setup is pretty straightforward. Be sure to refer to the guide above if you get stuck!

That's about it. Happy secops!