Skip to content

Instantly share code, notes, and snippets.

@kordless
Last active August 28, 2022 02:25
Show Gist options
  • Save kordless/de9854c9334f00f4176fac8c0ca67d0e to your computer and use it in GitHub Desktop.
Save kordless/de9854c9334f00f4176fac8c0ca67d0e to your computer and use it in GitHub Desktop.
VPN Server for Google Cloud
#!/bin/bash
NEW_UUID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 4 | head -n 1)
SERVER_NAME=vpn-$NEW_UUID
gcloud compute instances create $SERVER_NAME \
--machine-type "n1-standard-1" \
--image-family ubuntu-1604-lts \
--image-project "ubuntu-os-cloud" \
--boot-disk-size "20" \
--boot-disk-type "pd-ssd" \
--boot-disk-device-name "$NEW_UUID" \
--tags https-server,http-server \
--zone us-west1-b \
--labels ready=true \
--preemptible \
--can-ip-forward \
--metadata startup-script='#! /bin/bash
sudo su -
cd /root
echo "[Unit]" >> /lib/systemd/system/mongod.service
echo "Description=database" >> /lib/systemd/system/mongod.service
echo "After=network.target" >> /lib/systemd/system/mongod.service
echo "[Service]" >> /lib/systemd/system/mongod.service
echo "User=mongodb" >> /lib/systemd/system/mongod.service
echo "ExecStart=/usr/bin/mongod --config /etc/mongod.conf" >> /lib/systemd/system/mongod.service
echo "[Install]" >> /lib/systemd/system/mongod.service
echo "WantedBy=multi-user.target" >> /lib/systemd/system/mongod.service
echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" > /etc/apt/sources.list.d/mongodb-org-3.2.list
echo "deb http://repo.pritunl.com/stable/apt xenial main" > /etc/apt/sources.list.d/pritunl.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 42F3E95A2C4F08279C4960ADD68FA50FEA312927
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
apt-get update -y
apt-get install pritunl mongodb-org -y
systemctl start pritunl mongod
systemctl enable pritunl mongod
# Collect setup key
echo "setup key follows:"
pritunl setup-key
'
IP=$(gcloud compute instances describe $SERVER_NAME --zone us-west1-b | grep natIP | cut -d: -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
gcloud beta compute firewall-rules create vpn-allow-8787-$NEW_UUID --allow tcp:8787 --network default --priority 65535 --source-ranges $IP/32
gcloud beta compute firewall-rules create vpn-allow-3838-$NEW_UUID --allow tcp:3838 --network default --priority 65535 --source-ranges $IP/32
gcloud beta compute firewall-rules create vpn-allow-443-$NEW_UUID --allow tcp:443 --network default --priority 65535 --source-ranges $IP/32
echo "VPN server will be available for setup at https://$IP in a few minutes."
@kordless
Copy link
Author

Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Setting up mongodb-org-shell (3.2.19) ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Setting up mongodb-org-server (3.2.19) ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Adding system user `mongodb' (UID 113) ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Adding new user `mongodb' (UID 113) with group `nogroup' ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Not creating home directory `/home/mongodb'.
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Adding group `mongodb' (GID 117) ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Done.

@amathe
Copy link

amathe commented May 15, 2018

hey, just loaded an instance and i have 2 remarks:

  1. you need to enable manually the HTTPS traffic under instance > firewalls > allow https traffic
  2. you need to manually start the pritunl server as it's not started
    apart from above mentioned minor things, it's rock solid the guide and i just hope one day i would be able to create based on a script another instance like this.

thx kordless for the script

@kordless
Copy link
Author

kordless commented Jul 5, 2018

You bet. Thanks for the great feedback.

@kordless
Copy link
Author

Once the server is up, an organization and user needs to be added to it, then it needs to be started. After it starts, it will show a UDP port which will need to be added to the firewall on Google:

gcloud beta compute firewall-rules create vpn-allow-udp-$NEW_UUID --allow udp:<port> --network default --priority 65535 --source-ranges $IP/32

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment