How to create a VPN server with Google Cloud
Learn how to build your own VPN server with Google Cloud and Meshnet.
Building your own VPN server can be an empowering experience because it puts you in control of your online privacy and promotes your digital autonomy.
While it's possible to set up a VPN server on your own hardware, using a cloud platform offers certain benefits. First, it gives you access to a wide range of server locations, which can be helpful if you're looking to access content that is restricted by geographic location. Plus, cloud platforms allow you to easily adjust your server resources as needed to ensure that your VPN server always runs smoothly.
The article details setting up a VPN server using the capabilities of GCP and the power of Meshnet. Meshnet provides secure connectivity and advanced traffic routing features, enabling seamless access to your VPN server from any location and device.
While setting up your own VPN server enhances your online privacy, it may not provide the same level of protection as connecting to a standard VPN server offered by NordVPN. NordVPN follows a strict no-logs policy, which is crucial for ensuring your online activities remain confidential.
Before you begin, make sure you have a Google Cloud account with billing activated. As a new customer, you are eligible to receive free credits.
- 2.Sign in with your Google Account if prompted.
- 3.Specify the required information, accept the terms of service, and select Continue.
- 4.Fill in your billing details and select Start my free trial.
This section will guide you through the process of setting up and launching a VM instance using the Compute Engine service offered by Google Cloud.
Although the guide focuses on setting up an Ubuntu-based VM, the steps below are applicable to other operating system (OS) images available on Compute Engine, such as Windows Server or various Linux distributions.
To get started with VM instances on Google Cloud:
To configure and launch a VM instance:
- 1.Select Create instance.
- 3.Select the appropriate region, zone, and machine configuration for your VM instance.
- 4.Under Boot disk, select Change, then choose an operating system for your VM, such as Ubuntu, and the latest LTS version.
- 5.In the Firewall section, select Allow HTTPS traffic to permit secure web connections to your VM.
- 6.Keep the default settings for other configurations.
- 7.Select Create to start the VM.
Your VM instance may require some time to initialize. A green check mark in the Status column signifies that the VM is up and running.
You can now access your VM instance from the Google Cloud console by clicking SSH in the row of the instance or connecting from your local machine using an SSH client. This guide will concentrate on the latter approach.
To connect to the VM instance from a local machine using SSH, it is necessary to have a public-private key pair for authentication. To create a new SSH key pair:
- 1.Open the terminal on your local machine.
- 2.Enter the following command, replacing
</path/key-filename>with the desired path and filename for the key pair and
<username>with the username associated with your VM instance:ssh-keygen -t rsa -f </path/key-filename> -C <username>Examplessh-keygen -t rsa -f /Users/MeshnetUser/Desktop/keys/ssh_key_meshnet -C meshnet_userThis command generates a private key (
key-filename) and a public key (
key-filename.pub) at the specified path.
If you are using a Windows machine, specify the custom path using the Windows format, such as
To protect your private key, make sure that only you have read access to it by setting the appropriate permissions.
From macOS or Linux
- 1.Right-click the private key.
- 2.Select Properties, choose the Security tab, and click Advanced.
- 3.Click Disable inheritance > Convert inherited permissions into explicit permission on this object.
- 4.Back in the Advanced security settings window, remove access for all users except your own account by selecting a permission entry and clicking Remove.
- 1.Open the terminal.
- 2.Enter the
chmod 400command followed by the path to the generated private key:chmod 400 </path/private-key-filename>Example
To associate the public key with your VM instance, add it to the instance metadata, as follows:
- 1.On your local computer, open the terminal (PowerShell on Windows).
- 2.Display the contents of the public SSH key file by entering the
catcommand followed by the path to the file.cat </path/public-key-filename>Examplecat /Users/MeshnetUser/Desktop/keys/ssh_key_meshnet.pub
- 3.The contents of your SSH key will be displayed in the terminal. Select and copy the output.
- 5.Click Edit at the top of the page.
- 6.Scroll down to the Security and access section, and under SSH Keys, click Add item.
- 7.Paste the public key you copied earlier into the text box and click Save.
By default, Compute Engine VMs created from public images do not permit root login with a password over SSH.
To establish an SSH connection to your VM instance:
- 1.Locate the external IP address of your VM instance on the VM instances page of the Google Cloud console.
- 2.Open the terminal on your local machine.
- 3.Enter the command below, replacing the placeholders with the appropriate values for your VM instance, where:
</path/private-key-file>is the path to your private SSH key file.
<username>is the username you specified when generating the key pair.
<external-ip-address>is the external IP address of your VM instance.ssh -i </path/private-key-file> <username>@<external-ip-address>Example
- 4.When establishing a connection to the server for the first time, the SSH client asks you to review and confirm the host key's fingerprint. To proceed with the connection, type
yesin response to the prompt.
You should now be successfully connected to your VM instance.
To set up NordVPN on your instance, follow these steps:
- 1.Download and install the NordVPN Linux client by entering this command in the instance terminal:sh <(wget -qO - https://downloads.nordcdn.com/apps/linux/install.sh)
- 2.Log in to your NordVPN account.
You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:
- By running the
nordvpn logincommand with the
- By running the
nordvpn logincommand with the
Instructions for both methods are outlined below.
- 1.On any device, log in to your Nord Account dashboard and, under NordVPN Meshnet free, select View details.
- 2.Scroll down until you see Manual setup, and select Set up NordVPN manually.
- 3.Enter the verification code sent to your email address.
- 4.Under Access token, select Generate new token.
- 5.In the dialog that appears, choose either a token that expires in 30 days or one that never expires, and then select Generate token.
- 6.Select Copy and close.
- 7.On your VM, enter the
nordvpn login --tokencommand along with the copied token:nordvpn login --token <your_token>Examplenordvpn login --token 3fe460cefb8dcf1478c92e45908cec9f9bdbadf7a456a6dfb35dc2c58ee39d5b
You should now see a welcome message.
- 1.Run the following command:nordvpn login
- 2.Open the provided link on any device in your browser.
- 3.Complete the login procedure.
- 4.Right-click the Continue button and select Copy link address.
- 5.Run the following command, replacing
<URL>with the previously copied link address:nordvpn login --callback "<URL>"Examplenordvpn login --callback "nordvpn://login?action=login&exchange_token=MGFlY2E1NmE4YjM2NDM4NjUzN2VjOWIzYWM3ZTU3ZDliNDdiNzRjZTMwMjE5YjkzZTNhNTI3ZWZlOTIwMGJlOQ%3D%3D&status=done"
You should now see a welcome message.
To preserve your token when logging out of the NordVPN app, use the
nordvpn logout --persist-tokencommand. Otherwise, your token will be revoked.
If you encounter the error message “Whoops! Permission denied accessing /run/nordvpn/nordvpnd.sock,” enter
sudo usermod -aG nordvpn $USER. Then, reboot your instance and log back in.
nordvpn set meshnet on
To view the Nord name and Meshnet IP address of your instance, enter the following command.
nordvpn meshnet peer list
To begin using your instance as a VPN server, you need to route traffic from a client device through the instance. Follow these steps:
- 1.On your client device, open NordVPN and log in to your account.
Your device's IP address should now match the public IP address of your instance. This way, your real IP address remains secure, and the websites you visit will detect the location of your VPN server instead of your actual device.