A Spoon Fed Guide to Your Own Private VPN with Google Compute Engine
VPNs (Virtual Private Networks) helps restoring online freedom by imposing encryption and anonymity. VPNs are commonly used as a method to bypass geo-blocking, especially even in countries such as China which has a thorough internet censorship barriers.
Note: The article seems to be quite lengthy, however it’s because of the ScreenShots which I have included for each and every step with the intention of even a total noob to this domain could understand easily. It will only take around 10–30 mins to setup your own VPN following this tutorial
However the ISPs (Internet Service Providers) are able to detect those VPN traffic and they can block them without much hassle, especially if you are using a known public VPN. Even with a private VPNs setup there’s a possibility of getting blocked, if the ISPs really want to go down on that path. In such situations we can use alternate methods to route the traffic and possibly get rid of ISPs intervention to disrupt net neutrality. There are alternative methodologies such as SSH tunneling, SSL/TLS Tunneling, Using SOCKS5 proxies and etc to add more layers of encryption to the network traffic which would ultimately reduce the probability of getting blocked by the ISP, to a near zero.
This tutorial only covers up to the point of Setting up the VPN server and connecting to it in a Windows 10 environment. I will come up with a tutorial on above mentioned alternative tunneling approaches seperately.
In this tutorial I will be explaining you to how to use Google Cloud Platforms — Google Compute Engine Service to setup a VPN server (IPsec) and connect & utilize it in a Windows 10 environment.
Why Google Cloud Platform (GCP)?
GCP provides the first time users with a Free Tier of 300$ which is valid for a period of one year. And comparatively GCP is easier to use than AWS (my personal opinion). However you can use any other cloud service provider, may it be AWS, DigitalOcean and etc. to setup an Ubuntu VM (Virtual Machine) Instance.
Step 1: Login to your GCP console
Go to : https://console.cloud.google.com/ and Login with your Google Account. If you’re a first time user and if you want to make use of the Free Tier $300 provided by Google, you need to create an billing account associated with a Credit/Debit card of yours. Almost all the Cloud Solution Providers requires this kind of a billing account in order to use their free tier. If you know any, who does not impose such restriction and provides a free tier, please comment below. Make sure to keep track of your expenses and make sure it does not exceed the free tier through , then it won’t be much of an issue. ( https://console.cloud.google.com/billing )
Step 2 : Create a new project in GCP
Step 3: Setting up a new Google Compute Engine VM instance
Important: The below images show the configuration of the VM instances that we’re about to setup. Most of the configurations will be pre-loaded default ones. You can choose any region and zone where your VPN needs to be and the default selected machine type is more than enough for our VPN server. Make sure to select a Linux based Boot Disk (The default selected would do) since this tutorial is based on Linux commands and it’s easier to setup.
I have highlighted the ones which are important.
# Make sure you tick the checkbox “Allow HTTPS traffic” under Firewall subheading.
And then we need to setup the Network settings for the VM that we’re using. Click on the above highlighted text area and a hidden window will appear. Go to the Networking tab of that window.
You can fill the Hostname with anything you want. (There are some restrictions — check when you’re filling). And as you can see, under the Network Interfaces there is a default interface listed. Click on the edit icon on default interface.
You can select either Premium or Standard depending on your requirement and budget. The Premium options provides you with more speed of a connection since the traffic will be entering and exiting at Google edge peering points closest to the user. In Standard option the traffic will be entering and exiting from a point of closest to the server itself.
# Make sure you set the IP forwarding option to On — Enabling this option will allow the VM instance to route the data packets as needed.
Once all are in accordance click Done button and now since all the needed configurations are setup, press the Create button to create your VM instance.
Upon a successful setup you will be able to see something like this.
As you can see there are two IP addresses visible for the instance. The External IP would be the one that we will be using to connect to the VPN server which we are about to setup. Exposing the external IP to the public is not advisable. Since this instance won’t be alive when I make this post published, I wouldn’t mind sharing it with you here.
Step 4: Setting up a VPN server
There are number of available VPN servers which we can utilize in our Virtual Machine. In this tutorial I will be using IPsec an Open Source VPN Server which we can easily setup using the VPN’s shell. Click on “SSH” under the connect tab (refer above image) then it will open a secure shell connection to the VM, that we just setup.
IPsec GitHub page provides all the information which you need to easily setup the IPsec VPN in your VM. I will post about the method which I used and worked without any problem.
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
I will be using the above shell command to setup the IPsec VPN. Replace the IPSEC_Key, Username, Password (Bold in above text) with your desired text. Usually the IPSEC_Key is a 20 digit key for the security purposes. By using this command those IPSEC_Key, Username, Password fields will be saved as environment variables in your system.
Once the necessary replacements are done to the above command paste it in the secure shell and press Enter.
If the installation was successful you would be able to see something like below.
Alas! Your VPN server is up and running!
Step 5: Open UDP 500 and 4500 ports in your GCE instance
However before using and accessing it with your local machine, there’s a small modification to be done to the firewall rules in your GCP project. We need to make the UDP ports 500 and 4500 open for our GCE instance (Same goes if you’re using an AWS EC2 instance)
You can give whatever the name you need for you firewall rule. I have highlighted the important configs you need to change as shown in below image.
Under “Target” either select “All instances in the network” or “Specified target tags”. If you select the latter one enter the Network tag (In most cases this will be by default — ‘https-server’)of the VM instance that you created under “Target tags”.
You can set 0.0.0.0/0 to source IP range which means that this rule will accept connections from all the IPs. If your local machine uses a static IP then you can restrict this to your IP only (Use CIDR notation) however allowing all the IPs won’t be an issue here.
Set 500, 4500 UDP ports open under the “Protocols and ports” and create the new firewall rule.
Up to this point I explained you about setting up the VPN server in a remote server. Since now it’s done the next step would be establishing the connection between the local machine and the VPN. As I mentioned at the beginning, I will be using Windows 10 Operating System to demonstrate on this.
Step 6: Setting up local VPN Settings — Windows 10
# Right-click on the wireless/network icon in your system tray.
# Select Open Network and Sharing Center
# Click Set up a new connection or network.
# Select Connect to a workplace and click Next.
# Check “No create a new connection” and click Next.
# Click “Use my Internet connection (VPN)”
# Enter your VPN server IP , Give what ever the Destination you prefer.
Go to — > Control Panel\Network and Internet\Network Connections and you will be able to see the newly created VPN connection with the name given.
# Right click on the VPN connection and go to Properties
# Go to the Security tab and adjust the configurations as following.
- Select “Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)” for the Type of VPN.
- Click Allow these protocols. Check the “Challenge Handshake Authentication Protocol (CHAP)” and “Microsoft CHAP Version 2 (MS-CHAP v2)” checkboxes.
- Click the Advanced settings button.
- Select Use preshared key for authentication and enter
Your VPN IPsec PSKfor the Key.
All Set Now!
Now you should be able to connect with your VPN server! First connect with your regular ISP and then use Windows Search to search “vpn” and navigate to VPN under Network Settings
You will be able to see the newly created VPN listed there with the specified name.
Now you can connect with your VPN by entering the Username and the Password provided when installing the VPN server at the VM instance.
Once connected successfully you can see something like below!
To verify that your public IP is now changed to the VPN IP just go to Google and search for “What’s my IP”. If the setup is successful now your public IP should be the same as the external IP address of our VPN server!
So fellas! You have now completed setting up your own VPN server and has gained internet access through it.
I strongly state that to restrain from using this knowledge for any possible illegal or unethical activity! Me, the author of this article, nor any referenced material will not bear any responsibility for any of the illegal activities or any legal consequences that may cause using the knowledge shared here!
If you have any questions or issues regarding the article just shoot me up. Will gladly help you out.
Until next time. Cheers!
PS : Important Update
If there’s any error occurs when trying to connect with VPN from your Windows PC you might need to do a one time registry change! This usually happens if you’re behind a NAT router.
First download this .reg file and run it as administrator : Download .reg file
And then run the follwong command using a command prompt as an administrator
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWO
For the changes to be applied a reboot of your PC is required!
Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS …github.com