This is a sequence of steps that will allow you to run your own VPN on GCP. It will expose two VPN protocols. The first is L2TP/IPSec. This is the default VPN protocol for most operating systems and has built in clients for all your devices. The one serious limitation of this is that is must communicate over very well known ports ( 500, 1701 ). Its common for those ports to be blocked by restrictive firewalls so this will also configure an OpenVPN server that will listen on port 443. This makes your VPN connection look exactly like a HTTPS connection. Its unlikely that port 443 will be blocked to GCP or any other cloud provider since that is a very common way to host TLS secured websites
Choose CentOS 7, and a f1.micro instance
Allow 500/udp; 4500/udp; 1701/tcp; 1194/udp; 443/tcp
tag that rule with "vpn" or another identifier.
Tag the instance with "vpn" or the identifier listed above
sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install docker
sudo systemctl enable docker
sudo systemctl start docker
sysctl -w net.ipv4.ip_forward=1
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
docker run --rm siomiz/softethervpn gencert > /etc/vpn.env
PSK=<somepsk>
USERS=user1:pass1;user2:pass2
CERT=MIIDpjCCAo6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBSMRUwEwYDVQQDEww1NTMzNTBjZGVlNTMxFTATBgNVBAoTDDU1MzM1MGNkZWU1MzEVMBMGA1UECxMMNTUzMzUwY2RlZTUzMQswCQYDVQQGEwJVUzAeFw0xNzAzMjkxOTIyNDhaFw0zNzEyMzExOTIyNDhaMFIxFTATBgNVBAMTDDU1MzM1MGNkZWU1MzEVMBMGA1UEChMMNTUzMzUwY2RlZTUzMRUwEwYDVQQLEww1NTMzNTBjZGVlNTMxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYlBvHRafrO6jfJH96HE9w4RYkPHxemK45/yRYqpGfs8/ReNrmXZCQNAC50k9ImnyR95IRo8gjTCC5ijNBlFq0+6VYHAorY09B8BnlHJNX1ROtYTWKaXs14CXR9PhoDQgWoKlGA4hck5pbDKg5DFk02X8AuSuAlSkhBlKkyLIMO+lEA6ZxLvJnwRFjGCtdeF+HzKJgBSpjkLr+sM/AVxhO6Y41MjGEGagFb6FW/F4VUbbPCWxqwNMiSt6AtunmC2pPQvinrtFijg/B3QQ18TBNMmQvz8QM7W2VJ9+AdMT9uLvabwYdQh6zesfGeMXr+LbfV79+f6KaVMw9B1DcSXbQIDAQABo4GGMIGDMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgH2MGMGA1UdJQRcMFoGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggEBACG94kEg328ivqLtdh8t3TnFpxQts3//JrkujpJv1sBg+7okAC2AIyTAuotaaalfIzKFVTw/LPUnOlZU7J+NjttAFJX8QOHJ4fvBsrVDo7mDWRnzJni4a8OSM16HeAGiKvlfryvf8hIPZHMqpAjZZYLbAdv1O+4IMlWPq4U+ANd9r0PYGCoDPmsdZUIw7B1qpL+Lw8rmwG9Bn8Ytmo6wL56dZCrbz9YTM3hwQFCnMPVna2aeC5wsKjxjyjKg8zZYDZ/FbIp8kPSadwEoF6q6JLfR5gl0p6waNHVex9a/dIgScvpeTa+Anwucd/lVrhZoRSvEVFlhG+WxncXCt35loWo=
KEY=MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFiUG8dFp+s7qN8kf3ocT3DhFiQ8fF6Yrjn/JFiqkZ+zz9F42uZdkJA0ALnST0iafJH3khGjyCNMILmKM0GUWrT7pVgcCitjT0HwGeUck1fVE61hNYppezXgJdH0+GgNCBagqUYDiFyTmlsMqDkMWTTZfwC5K4CVKSEGUqTIsgw76UQDpnEu8mfBEWMYK114X4fMomAFKmOQuv6wz8BXGE7pjjUyMYQZqAVvoVb8XhVRts8JbGrA0yJK3oC26eYLak9C+Keu0WKOD8HdBDXxME0yZC/PxAztbZUn34B0xP24u9pvBh1CHrN6x8Z4xev4tt9Xv35/oppUzD0HUNxJdtAgMBAAECggEAdVViRp6WYkw/s7EGLoFYjac9jDDWqShf53VKYyRJ7bTeNTeYYM7+a+wSTtO478gUcdLQEGmVJ4JPALRZvMiGKYviEohP9FZmfdstCu1ppuwZI+mk9DOASHq+zLGcezhooXZrclb1PAKay2CH6j5EHYsphNxa+hYPhdNXRBjTS1HuMH6ql/Zeb+i44U+1yJ2KD2psYKQiyRlqTwWGk70r0tTYQ0+VpZgmbJJc/bg9e3e2HUK8I0QWETsrnuorSjF4MfzYoI0e7bD5Mrmpu3CPY2QGovu0hD7bKjM/M8QvJKpGshcgshWvpctiSxZT8yBvTTqEbVM8+TuRpYfwlWO2AQKBgQDyIpv9YXi9je5P/maV2xzfIWRrhbr0CHA3CqZeIgbkYGY38UMzmvPQiWujhrpgqqmfndtL8D9iK+akF1QKUqjU2SYuemI4gDzvMDMfzTKChZt9FT8qGYP5NSlnNosZ9KcrNpCeO/sRXhJteYDjYm0M5L3cpQb6X9a8+qX852TbFQKBgQDQ2OII5PpSl/sFGq6t+78NqPq5rHkdgN+/BR/sqO/tvAuD0y5j7w+hUY+g8ochUoTbhr0pVpSyCgWpQyhUsc2KprvxFilVZU+K3f7qMZu17eLklPJhrHqIxkMfIJTnfJpCq0wR5zM6Cac+pzKinDpHGbmO251GagAnZoMGNt2A+QKBgHUesH07LH/jqyYeU9igh7KWIFCx+uAXRNAa4qYdp1/IESl2FZ9ckBqKnfoXLQedBTcjz/NHXiFKQuGUNx5XJTrvXjyVDfVucgrwMYpsYsYngjJamJbwiJl+UWyPQXFomYOZfRJMyQB5lEhHwUQ7U6ws6HlVia6JtQDr7GYMNwiRAoGBAKpDNrvTmXR+bOozX5d99rs3OPjocHEqIL9FeUpiTAB/3s9g+qAERLTanoKzVpFHCgNCrLKn4F/ppcXhd17c+doAppYc4CO7jYaEB498VBqUzvZVq+kPSXJ6WDxnPp4eSlDx//lUiMHXHt8IRlKllSlkApBB4M2IG4oDm+wUDK9ZAoGBAJgZzsxvrC9D3Ut1xAN/pyLVFjWn2Eeln1V3NobjBa9B2+lmmoYD4XxclLnXQ+MrKM3+2qS6dL82to8fqd53QeMbElDiJRqxPrN6a9kuyC6SxU+BzaAi8BIOuqX45hWrRHq5myn/o7mkwCMp0rzpT2YBOyQsltO194+mg+aC+4cc
docker run -d --restart=always --cap-add NET_ADMIN -p 500:500/udp -p 4500:4500/udp -p 1701:1701/tcp -p 1194:1194/udp -p 443:443/tcp --env-file /etc/vpn.env siomiz/softethervpn
When you run the docker command above it will print a SHA-256 hash, that is your instance id
docker logs < instance id >
In the log will be a section starting at
dev tun
and ending with
</key>
Copy that to your desktop and name it vpn.ovpn
Modify the config file and change the remote line to be the Public IP of your instance and the port to be 443
All operating systems have built in support for L2TP/IPSec.
Additionally if you want to use the OpenVPN connection to tunnel all traffic over 443 you will need a client
- Windows - https://openvpn.net/index.php/open-source/downloads.html
- OSX - https://tunnelblick.net/
- Linux - Is most likely there already and built into NetworkManager ( w00t linux )