VPN Server for Google Cloud

start-vpn.sh

#!/bin/bash
NEW_UUID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 4 | head -n 1)
SERVER_NAME=vpn-$NEW_UUID
gcloud compute instances create $SERVER_NAME \
--machine-type "n1-standard-1" \
--image-family ubuntu-1604-lts \
--image-project "ubuntu-os-cloud" \
--boot-disk-size "20" \
--boot-disk-type "pd-ssd" \
--boot-disk-device-name "$NEW_UUID" \
--tags https-server,http-server \
--zone us-west1-b \
--labels ready=true \
--preemptible \
--can-ip-forward \
--metadata startup-script='#! /bin/bash
sudo su -
cd /root
echo "[Unit]" >> /lib/systemd/system/mongod.service
echo "Description=database" >> /lib/systemd/system/mongod.service
echo "After=network.target" >> /lib/systemd/system/mongod.service
echo "[Service]" >> /lib/systemd/system/mongod.service
echo "User=mongodb" >> /lib/systemd/system/mongod.service
echo "ExecStart=/usr/bin/mongod --config /etc/mongod.conf" >> /lib/systemd/system/mongod.service
echo "[Install]" >> /lib/systemd/system/mongod.service
echo "WantedBy=multi-user.target" >> /lib/systemd/system/mongod.service
echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" > /etc/apt/sources.list.d/mongodb-org-3.2.list
echo "deb http://repo.pritunl.com/stable/apt xenial main" > /etc/apt/sources.list.d/pritunl.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 42F3E95A2C4F08279C4960ADD68FA50FEA312927
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
apt-get update -y
apt-get install pritunl mongodb-org -y
systemctl start pritunl mongod
systemctl enable pritunl mongod
# Collect setup key
echo "setup key follows:"
pritunl setup-key
'
IP=$(gcloud compute instances describe $SERVER_NAME --zone us-west1-b | grep natIP | cut -d: -f2 | sed 's/^[ \t]*//;s/[ \t]*$//')
gcloud beta compute firewall-rules create vpn-allow-8787-$NEW_UUID --allow tcp:8787 --network default --priority 65535 --source-ranges $IP/32
gcloud beta compute firewall-rules create vpn-allow-3838-$NEW_UUID --allow tcp:3838 --network default --priority 65535 --source-ranges $IP/32
gcloud beta compute firewall-rules create vpn-allow-443-$NEW_UUID --allow tcp:443 --network default --priority 65535 --source-ranges $IP/32
echo "VPN server will be available for setup at https://$IP in a few minutes."

Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Setting up mongodb-org-shell (3.2.19) ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Setting up mongodb-org-server (3.2.19) ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Adding system user `mongodb' (UID 113) ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Adding new user `mongodb' (UID 113) with group `nogroup' ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Not creating home directory `/home/mongodb'.
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Adding group `mongodb' (GID 117) ...
Apr 30 16:21:27 vpn-jbyo startup-script: INFO startup-script: Done.

hey, just loaded an instance and i have 2 remarks:

1. you need to enable manually the HTTPS traffic under instance > firewalls > allow https traffic
2. you need to manually start the pritunl server as it's not started
   apart from above mentioned minor things, it's rock solid the guide and i just hope one day i would be able to create based on a script another instance like this.

thx kordless for the script

You bet. Thanks for the great feedback.

Once the server is up, an organization and user needs to be added to it, then it needs to be started. After it starts, it will show a UDP port which will need to be added to the firewall on Google:

gcloud beta compute firewall-rules create vpn-allow-udp-$NEW_UUID --allow udp:<port> --network default --priority 65535 --source-ranges $IP/32