How to Setup OpenVPN Server on Google Cloud Platform
STEP 1: Navigate to Google Marketplace
- Top left click on three horizontal lines
- Search for Marketplace (aka Cloud Launcher)
STEP 2: Search for OpenVPN
- In search box type “openvpn” and hit enter
- In my case it is first result click on it to navigate to OpenVPN server page
STEP 3: OpenVPN Access Server Overview
- With OpenVPN Access Server free option you will get two concurrent VPN connections for free.
- You can obtain a software license if more than two concurrent connections are needed.
- You can customise the configuration later when deploying this solution.
- Ensure to check the monthly estimate total.
STEP 4: Enable Google APIS
Enable below Google APIs before deploying Virtual Instance with OpenVPN Access Server
Enable these APIs navigating to “APIs and Service page” or directly as instructed in below image
- Compute Engine API : compute.googleapis.com
Creates and runs virtual machines on Google Cloud Platform.
- Cloud Deployment Manager V2 API: deploymentmanager.googleapis.com
The Google Cloud Deployment Manager v2 API provides services for configuring, deploying, and viewing Google Cloud services and APIs via templates which specify deployments of Cloud resources.
- Cloud Runtime Configuration API: runtimeconfig.googleapis.com
This Runtime Configurator allows you to dynamically configure and expose variables through Google Cloud Platform. In addition, you can also set Watchers and Waiters that will watch for changes to your data and return based on certain conditions.
You will see something similar image after clicking on ENABLE button as per the above image
STEP 5: OpenVPN Server Deployment Configuration
- Choose deployment name
- Select zone, machine type and set source ip to access this instance
- Check infrastructure fee before proceeding to deploy.
Once all set then click on DEPLOY
STEP 6: Enable SSH Access to OpenVPN Access Server (Option)
use below GCloud Command or create new firewall from GCP Console
gcloud compute — project=<project-name> firewall-rules create vm-openvpn-access-server-tcp-22 — direction=INGRESS — priority=1000 — network=<vpc-name> — action=ALLOW — rules=tcp:22 — source-ranges=0.0.0.0/0 — target-tags=<vm-tag>
STEP 7: Access OpenVN Server Admin URL
- Type https://<OpenVPN-Access-Server-IP>:943/admin/ in browser and you will see something similar
- Type your username and password and post successful login you will be navigated to “Status Overview” page
from Admin page you can do configurations as per your need.
STEP 8: Access to Non-Admin Page
- https://<OpenVPN Access Server IP>:443/
- if no user user is created then you can use same Admin credential to login
- Download and Install OpenVPN Client Connection profile as per your machine OS (Go with latest only)
STEP 9: Click on OpenVPN Connect Icon
- I have installed on my MacBook laptop
- Click on OpenVPN Client to connect to OpenVPN Server
STEP 10: Connect to OpenVPN Server
- Enter your user/admin credential to connect
- Post login status will set to CONNECTED if all good
STEP 11: Validate Private IP
- Check private ip assigned to your machine.
- In my case this is 172.27.232.3 because from the admin console I provided this CIDR 172.27.224.0/20 which means every time I reconnect to OpenVPN Access Server private IP to my machine will only be assigned from within this CIDR IP Range 172.27.224.0–172.27.239.255 only
- The same CIDR you can now whitelist in GCP Firewall to allow access to instance so then using VM private IP you can access the VM instance
STEP 12: Access OpenVPN Access Server using Its Private IP
- Navigate to GCP Firewall and select “vm-openvpn-access-server-tcp-22” if already created
- If not then create one
- I have already one created and so updating it by replacing 0.0.0.0/0 with 172.27.224.0/20 in Source IP filter range.
- Copy machine private IP and telnet on port 22
All DONE ! Would appreciate for any honest feedback / input.
Happy Learning! and
Lean by doing!
