Skip to content

Instantly share code, notes, and snippets.

@IvanIFChen

IvanIFChen/OpenVPN Access Server on GCP.md

Created July 22, 2020 02:19
Show Gist options
  • Save IvanIFChen/9d926e18ad393778457b65c1ad5d7ecc to your computer and use it in GitHub Desktop.
Save IvanIFChen/9d926e18ad393778457b65c1ad5d7ecc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
OpenVPN Access Server on GCP.md

Setup GCP Compute Instance for Personal VPN Access

What You'll Get

We will be using a docker image from linuxserver that will have openvpn-as (OpenVPN Access Server) ready as our base container, OpenVPN is a commercial software that requires licensing for more than 2 active connections. Thus this is only recommended for personal use.

Additionally, Google Cloud charges not only the compute hours but also egress network traffic. While compute hours can make use of the free-tier f1-micro instance, egree network traffic will be charged. If you are using 10s of GiB of traffic a month, you are better of purchasing a VPN service, though you do not "own" your data that way.

Creating VM Instance on GCP

Navigate to https://console.cloud.google.com and create a new compute instance with following configurations:

  • f1-micro (part of free-tier)
  • 10 GB HDD
  • Static external IP with either Standard or Premium network tier (see networking pricing for more details)
  • Choose a Container Optimized disk as this will have docker preconfigured.
  • Allow https web server
  • Add an openvpn network tag for now, we will setup firewall rules in the next section

Firewall Rules

We will be using a webserver for admin configuration access, port 943. VPN tunnel will be using 9443 for TCP and 1194 for UDP. Navigate to VPC network -> Firewall and create the appropriate ingress and egress rules and set Targets to openvpn.

Setting up OpenVPN AS

Once the VM instance and wirewall rules are configured, we should be able to boot up the instance and pull the openvpn-as docker image. Do

docker pull linuxserver/openvpn-as
mkdir vpn-data
docker create   --name=openvpn-as   --cap-add=NET_ADMIN   -e PUID=1000   -e PGID=1000   -p 943:943  
 -p 9443:9443   -p 1194:1194/udp   --restart unless-stopped   --net=host --privileged   linuxserver/openvpn
-as
sudo docker container start openvpn-as

Now we should be able to enter the public ip in a browser and access the AS admin page. It should be something like https://X.X.X.X:943/admin. Default username and password is admin and password.

Note: Since this is a self signed cert, it only provides encryption. So browser like Chrome might not allow you to connect for security reasons, I used Safari.

For security purposes, it is recommended to remove the default admin user and create another user with admin privileges. To do that, go to User Management -> User Permissions. I have also created another user without admin privilege for connecting to the VPN. I have also enabled auto-login for convinence.

Then navigate to Configuration -> Network Settings -> Hostname or IP Address:, set the public ip of the VM instance here so later we can generate the correct profile to import to VPN clients.

That's it!

Connecting to VPN

Devices can simply navigate to https://X.X.X.X:943 to login using their own username and password (preconfigured by the admin), and they should see a user-friendly page for downloading OS specific client and profiles to import.

Devices then can manually import the downloaded profile and connect, or manually type in the info for the VPN. Keep in mind that the VPN server is at https://X.X.X.X:943, and the actual VPN tunnel should be (assuming TCP) using port 9443 or 1194 for UDP.

Issue

I can't get OpenVPN Connect on Mac to work, it connects but looks like all DNS requests aren't working. The open-sourced Tunnelblick works fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment