5 Minute Tutorial Install OpenVPN on Google Cloud

Must read:

Ferdian Alfianto

Ferdian Alfianto

Ferdian Alfianto is an Internet enthusiast, Mac Lover; likes using Wordpress, experimenting with Linux (especially Debian and Ubuntu), tinkering with pfSense routers, happy experimenting with LEMP (Linux, Nginx, MariaDB, PHP) and Redis. You can contact me here.

I've written a tutorial before build OpenVPN using Pritunl, but there is an even easier way to build an OpenVPN server, namely with the script "OpenVPN Road Warrior“.

And this time we will install OpenVPN Road Warrior on Google Cloud. OpenVPN server specifications for personal needs don't need to be high, just the type of machine f1-micro (1 CPU, 614 MB RAM).

VM configuration

Create a Virtual Machine (VM) in your Google Cloud account, with machine type f1-micro, if you want to use a machine with higher specs, it's up to you. Make sure the boot disk is using Ubuntu 18.04.

Google Cloud VM

And in the Networking configuration, make sure IP Forwarding is enabled (On).

Google Cloud VM

OpenVPN Road Warrior setup

Now login to your VM, and first update all components with the command:

sudo apt update && sudo apt upgrade -y

Next we download the OpenVPN Road Warrior script with the command:

wget https://git.io/vpn -O openvpn-install.sh

Example of the command output above:

Install OpenVPN

sudo bash openvpn-install.sh

Then we install the script with the command:

The following questions will appear before the installation is executed.

Install OpenVPN

Public IPv4 address is the IP address that will be used to connect to the OpenVPN server.

To Protocol recommended using UDP, press enter or number 1 and enter.

Port how much will OpenVPN run? The default is port 1194. You can use any other port. Press enter if using the default port, or enter another port and enter.

DNS What will OpenVPN use? Do you use the default DNS from the VM, or use Cloudflare DNS (1.1.1.1), Google DNS (8.8.8.8), or OpenDNS (208.67.222.222) or Verisign DNS? Enter the numbers according to the selected DNS, and press enter.

What is your name OpenVPN client which is desired. This is only used to name the certificate file which we will later download and use for authentication to connect to OpenVPN.

If that's all, press any keyboard key, or press enter. And the script will start the installation process, sample output like this:

Hit: 1 http://asia-southeast1.gce.archive.ubuntu.com/ubuntu bionic InRelease
Hit: 2 http://asia-southeast1.gce.archive.ubuntu.com/ubuntu bionic-updates InRelease        
Hit: 3 http://asia-southeast1.gce.archive.ubuntu.com/ubuntu bionic-backports InRelease      
Hit: 4 http://archive.canonical.com/ubuntu bionic InRelease                                                            
Hit: 5 http://security.ubuntu.com/ubuntu bionic-security InRelease               
Reading package lists ... Done
Reading package lists ... Done
Building dependency tree       
Reading state information ... Done
ca-certificates is already the newest version (20180409).
ca-certificates set to manually installed.
iptables is already the newest version (1.6.1-2ubuntu2).
iptables set to manually installed.
openssl is already the newest version (1.1.1-1ubuntu2.1 ~ 18.04.4).
openssl set to manually installed.
The following packages were automatically installed and are no longer required:
  grub-pc-bin libnuma1
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  libpkcs11-helper1
Suggested packages:
  easy-rsa resolvconf
The following NEW packages will be installed:
  libpkcs11-helper1 openvpn
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 514 kB of archives.
After this operation, 1274 kB of additional disk space will be used.
Get: 1 http://asia-southeast1.gce.archive.ubuntu.com/ubuntu bionic / main amd64 libpkcs11-helper1 amd64 1.22-4 [43.5 kB]
Get: 2 http://asia-southeast1.gce.archive.ubuntu.com/ubuntu bionic-updates / main amd64 openvpn amd64 2.4.4-2ubuntu1.3 [470 kB]
Fetched 514 kB in 1s (666 kB / s)
Preconfiguring packages ...
Selecting previously unselected package libpkcs11-helper1: amd64.
(Reading database ... 60069 files and directories currently installed.)
Preparing to unpack ... / libpkcs11-helper1_1.22-4_amd64.deb ...
Unpacking libpkcs11-helper1: amd64 (1.22-4) ...
Selecting previously unselected package openvpn.
Preparing to unpack ... / openvpn_2.4.4-2ubuntu1.3_amd64.deb ...
Unpacking openvpn (2.4.4-2ubuntu1.3) ...
Setting up libpkcs11-helper1: amd64 (1.22-4) ...
Setting up openvpn (2.4.4-2ubuntu1.3) ...
 * Restarting the virtual private network daemon. [OK] 
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn.service → /lib/systemd/system/openvpn.service.
Processing triggers for systemd (237-3ubuntu10.31) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...

Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: / etc / openvpn / server / easy-rsa / pki

Generating RSA private key, 2048 bit long modulus (2 primes)
.........+++++
..............................+++++
e is 65537 (0x010001)
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
139796838121920: error: 2406F079: random number generator: RAND_load_file: Cannot open file: ../ crypto / rand / randfile.c: 88: Filename = / etc / openvpn / server / easy-rsa / pki / .rnd

Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
139863712911808: error: 2406F079: random number generator: RAND_load_file: Cannot open file: ../ crypto / rand / randfile.c: 88: Filename = / etc / openvpn / server / easy-rsa / pki / .rnd
Generating a RSA private key
....................................+++++
..........+++++
writing new private key to '/etc/openvpn/server/easy-rsa/pki/private/server.key.elOzK2jz9S'
-----
Using configuration from ./safessl-easyrsa.cnf
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
140024860680640: error: 2406F079: random number generator: RAND_load_file: Cannot open file: ../ crypto / rand / randfile.c: 88: Filename = / etc / openvpn / server / easy-rsa / pki / .rnd
Can't open /etc/openvpn/server/easy-rsa/pki/index.txt.attr for reading, No such file or directory
140024860680640: error: 02001002: system library: fopen: No such file or directory: ../ crypto / bio / bss_file.c: 72: fopen ('/ etc / openvpn / server / easy-rsa / pki / index.txt. attr ',' r ')
140024860680640: error: 2006D080: BIO routines: BIO_new_file: no such file: ../ crypto / bio / bss_file.c: 79:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName: ASN.1 12: 'server'
Certificate is to be certified until Oct 19 05:52:11 2029 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
140350084571584: error: 2406F079: random number generator: RAND_load_file: Cannot open file: ../ crypto / rand / randfile.c: 88: Filename = / etc / openvpn / server / easy-rsa / pki / .rnd
Generating a RSA private key
.........+++++
...............................................................+++++
writing new private key to '/etc/openvpn/server/easy-rsa/pki/private/tuts_web_id.key.6pHvrZbZ23'
-----
Using configuration from ./safessl-easyrsa.cnf
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
140674233160128: error: 2406F079: random number generator: RAND_load_file: Cannot open file: ../ crypto / rand / randfile.c: 88: Filename = / etc / openvpn / server / easy-rsa / pki / .rnd
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName: ASN.1 12: 'tuts_web_id'
Certificate is to be certified until Oct 19 05:52:11 2029 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018
Using configuration from ./safessl-easyrsa.cnf
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
139786385244608: error: 2406F079: random number generator: RAND_load_file: Cannot open file: ../ crypto / rand / randfile.c: 88: Filename = / etc / openvpn / server / easy-rsa / pki / .rnd

An updated CRL has been created.
CRL file: /etc/openvpn/server/easy-rsa/pki/crl.pem

Created symlink /etc/systemd/system/multi-user.target.wants/openvpn-iptables.service → /etc/systemd/system/openvpn-iptables.service.
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn-server@server.service → /lib/systemd/system/openvpn-server@.service.

Finished!

Now exit the SSH of the OpenVPN server. We will download the OpenVPN client file. Run the command:

scp userSSH @ IPserver: /home/userSSH/tuts_web_id.ovpn.

Or you can use SFTP software like Filezilla to connect to an OpenVPN server, and download the OpenVPN client file in the folder / home / userSSH /

Google Cloud firewall

So that we can connect to the OpenVPN server, we have to open port 1194 UDP by creating firewall rules for our VM.

Please navigate to the menu Networking -> VPC Network -> Firewall Rules.

Then "Create Firewall Rule“.

Give the firewall rule a name, for example "openvpn-port". In section target tags, give the tag a name, for example "openvpn". And on Source IP ranges, enter the IP 0.0.0.0/0, which means the OpenVPN server will accept connections from any IP.

Scroll down, on Protocols and ports, choose "Specified protocols and ports“, Tick udp, and input port 1194. And press the button Create.

Next we go back to our VM, and click menu Edit.

In the Network tags section, type "openvpn,"Don't forget the comma (,) in the openvpn tags. Then click Save.

Now the OpenVPN server is ready to accept connections.

OpenVPN Client Application

To connect to the OpenVPN server from an iOS device, you can follow this tutorial. For Android can use OpenVPN Connect. Meanwhile, if you are using Mac OS, you can connect with the application Tunnelblick, being for a Windows PC, can use OpenVPN Client.

That's the tutorial on installing OpenVPN on Google Cloud, hopefully it's useful!

Share on facebook
Facebook
Share on twitter
Twitter
Share on whatsapp
WhatsApp
Share on telegram
Telegram
Share on email
E-mail

Latest articles:

MongoDB logo
Linux

Easy to Install MongoDB on Ubuntu 20.04

This tutorial explains how to install and configure MongoDB Community Edition on Ubuntu 20.04. MongoDB is a free, open-source document database. Belongs to the so-called database family

Related article:

www

World's First Website

On 6 August 1991, without fanfare, British computer scientist Tim Berners-Lee published his first website while working at CERN, the large particle physics laboratory.

Spotify

Karaoke on Spotify, why not?

For karaoke fans, Spotify will probably become one of their best friends. Because Spotify has started testing new features in certain countries where users are