How to create a VPN server with Google Cloud
Learn how to build your own VPN server with Google Cloud and Meshnet.
Last updated
Was this helpful?
Learn how to build your own VPN server with Google Cloud and Meshnet.
Last updated
Was this helpful?
Building your own VPN server can be an empowering experience because it puts you in control of your online privacy and promotes your digital autonomy.
While it's possible to set up a VPN server on your own hardware, using a cloud platform offers certain benefits. First, it gives you access to a wide range of server locations, which can be helpful if you're looking to access content that is restricted by geographic location. Plus, cloud platforms allow you to easily adjust your server resources as needed to ensure that your VPN server always runs smoothly.
Google Cloud is another reliable cloud provider for creating virtual machines (VM), joining the ranks of such established platforms as , , and Though Google Cloud hosting isn't entirely free, the provider does offer limited resources at no cost.
The article details setting up a VPN server using the capabilities of GCP and the power of Meshnet. Meshnet provides secure connectivity and advanced traffic routing features, enabling seamless access to your VPN server from any location and device.
Before you begin, make sure you have a Google Cloud account with billing activated. As a new customer, you are eligible to receive free credits.
This section will guide you through the process of setting up and launching a VM instance using the Compute Engine service offered by Google Cloud.
To get started with VM instances on Google Cloud:
Sign in to your Google Cloud account.
If necessary, activate Compute Engine by selecting the Enable button.
To configure and launch a VM instance:
Select Create instance.
Select the appropriate region, zone, and machine configuration for your VM instance.
Under Boot disk, select Change, then choose an operating system for your VM, such as Ubuntu, and the latest LTS version.
In the Firewall section, select Allow HTTPS traffic to permit secure web connections to your VM.
Keep the default settings for other configurations.
Select Create to start the VM.
Your VM instance may require some time to initialize. A green check mark in the Status column signifies that the VM is up and running.
To connect to the VM instance from a local machine using SSH, it is necessary to have a public-private key pair for authentication. To create a new SSH key pair:
Open the terminal on your local machine.
Enter the following command, replacing </path/key-filename> with the desired path and filename for the key pair and <username> with the username associated with your VM instance:
Example
This command generates a private key (key-filename) and a public key (key-filename.pub) at the specified path.
To protect your private key, make sure that only you have read access to it by setting the appropriate permissions.
Right-click the private key.
Select Properties, choose the Security tab, and click Advanced.
Click Disable inheritance > Convert inherited permissions into explicit permission on this object.
Back in the Advanced security settings window, remove access for all users except your own account by selecting a permission entry and clicking Remove.
To associate the public key with your VM instance, add it to the instance metadata, as follows:
On your local computer, open the terminal (PowerShell on Windows).
Display the contents of the public SSH key file by entering the cat command followed by the path to the file.
Example
The contents of your SSH key will be displayed in the terminal. Select and copy the output.
Click Edit at the top of the page.
Scroll down to the Security and access section, and under SSH Keys, click Add item.
Paste the public key you copied earlier into the text box and click Save.
To establish an SSH connection to your VM instance:
Locate the external IP address of your VM instance on the VM instances page of the Google Cloud console.
Open the terminal on your local machine.
Enter the command below, replacing the placeholders with the appropriate values for your VM instance, where:
</path/private-key-file> is the path to your private SSH key file.
<username> is the username you specified when generating the key pair.
<external-ip-address> is the external IP address of your VM instance.
Example
When establishing a connection to the server for the first time, the SSH client asks you to review and confirm the host key's fingerprint. To proceed with the connection, type yes in response to the prompt.
You should now be successfully connected to your VM instance.
To set up NordVPN on your instance, follow these steps:
Download and install the NordVPN Linux client by entering this command in the instance terminal:
Log in to your NordVPN account.
You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:
By running the nordvpn login command with the --token flag
By running the nordvpn login command with the --callback flag
Instructions for both methods are outlined below.
Tip
To preserve your token when logging out of the NordVPN app, use the nordvpn logout --persist-token command. Otherwise, your token will be revoked.
To view the Nord name and Meshnet IP address of your instance, enter the following command.
To begin using the VPN server, you need to grant the traffic routing permission for each peer device that you want to have access to the server. Enable this permission from the server machine using the following command:
Example
To begin using your instance as a VPN server, you need to route traffic from a client device through the instance. Follow these steps:
On your client device, open NordVPN and log in to your account.
Start routing traffic through the linked host device you set up. Example
In the Google Cloud console, navigate to the page.
Specify a name for your VM, adhering to the for Compute Engine resources.
You can now access your VM instance from the Google Cloud console by clicking in the row of the instance or connecting from your local machine using an SSH client. This guide will concentrate on the latter approach.
Navigate to the page and click the name of your VM.
On any device, log in to your dashboard and select the Meshnet (by NordVPN) card.
On your instance, by typing this command:
Additionally, you will see all the devices connected to your network. Depending on the granted to each device, they will have access to this server via Meshnet.
For more information, see the page.
For detailed guidance on enabling traffic routing, refer to .
should now match the public IP address of your instance. This way, your real IP address remains secure, and the websites you visit will detect the location of your VPN server instead of your actual device.
