Starting an OpenVPN Server on Google Cloud
This guide and the video below will step you through getting an OpenVPN server running on Google Cloud, which you may find useful for doing things with a pseudo anonymous IP. The script used will start a preemptible instance and uses a dynamic IP address from Google.
To begin, you'll need to be logged into your Google Cloud Shell.
Clone the Gist
From the Google command line shell, clone the gist into your home directory:
$ git clone https://gist.github.com/kordless/de9854c9334f00f4176fac8c0ca67d0e vpn [master 69db743] foo 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 start-vpn.sh
Change into the directory and set the script's mode bits to execute:
$ cd vpn $ chmod 755 start-vpn.sh
Start the Instance
Start the instance:
$ ./start-vpn.sh Created [https://www.googleapis.com/compute/v1/projects/wisdom-172109/zones/us-west1-b/instances/vpn-ct7w]. NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS vpn-ct7w us-west1-b n1-standard-1 true 10.138.0.6 220.127.116.11 RUNNING Creating firewall...|Created [https://www.googleapis.com/compute/beta/projects/wisdom-172109/global/firewalls/vpn-allow-8787-ct7w]. Creating firewall...done. NAME NETWORK DIRECTION PRIORITY ALLOW DENY vpn-allow-8787-ct7w default INGRESS 65535 tcp:8787 Creating firewall...|Created [https://www.googleapis.com/compute/beta/projects/wisdom-172109/global/firewalls/vpn-allow-3838-ct7w]. Creating firewall...done. NAME NETWORK DIRECTION PRIORITY ALLOW DENY vpn-allow-3838-ct7w default INGRESS 65535 tcp:3838 VPN server will be available for setup at https://18.104.22.168 in a few minutes.
Grab some coffee and then click on the server's URL in the shell after a few minutes.
Configure the Server
The rest of this setup will be discussed in the video guide. If you want, you can do this without watching the video by heading over to the configuration docs on the pritunl site.
Either way, you'll also need to install the pritunl client (scroll to the bottom). Do this step before you do anything else.
Remember, the default user/pass for the pritunl server is:
Lastly, you will need to open up whatever random UDP port the server gives you when you create it. Copy it into your paste buffer and then hit the firewall configuration in the Google Cloud console to create it!
Updates to Install
Over the last few months Printunl has updated the server to use a password for the
printunl user. To set the password, you will need to SSH into the instance by navigating to the Google Compute Instances for your GCP account and then clicking on the vpn server's name/link below, and as shown in the video guide.
After you navigate to the instance's detail page, click on the
SSH button. This will open a Google webshell into the instance. Once you are in the terminal on the box, enter the following to set and receive a new password for accessing the VPN configuration pages:
sudo pritunl default-password
You should get back something like this:
$ sudo pritunl default-password [undefined][2019-02-05 17:54:48,075][INFO] Getting default administrator password Administrator default password: username: "pritunl" password: "U6qgWc0xtIhQ"
Use that username and password to log into the instance.
I apologize in advance for covering up some of the buttons with my head. You'll be OK though, given the UI on the server setup is pretty straightforward. Be sure to refer to the guide above if you get stuck!
That's about it. Happy secops!