Last active
August 28, 2022 02:25
-
-
Save kordless/de9854c9334f00f4176fac8c0ca67d0e to your computer and use it in GitHub Desktop.
VPN Server for Google Cloud
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| NEW_UUID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 4 | head -n 1) | |
| SERVER_NAME=vpn-$NEW_UUID | |
| gcloud compute instances create $SERVER_NAME \ | |
| --machine-type "n1-standard-1" \ | |
| --image-family ubuntu-1604-lts \ | |
| --image-project "ubuntu-os-cloud" \ | |
| --boot-disk-size "20" \ | |
| --boot-disk-type "pd-ssd" \ | |
| --boot-disk-device-name "$NEW_UUID" \ | |
| --tags https-server,http-server \ | |
| --zone us-west1-b \ | |
| --labels ready=true \ | |
| --preemptible \ | |
| --can-ip-forward \ | |
| --metadata startup-script='#! /bin/bash | |
| sudo su - | |
| cd /root | |
| echo "[Unit]" >> /lib/systemd/system/mongod.service | |
| echo "Description=database" >> /lib/systemd/system/mongod.service | |
| echo "After=network.target" >> /lib/systemd/system/mongod.service | |
| echo "[Service]" >> /lib/systemd/system/mongod.service | |
| echo "User=mongodb" >> /lib/systemd/system/mongod.service | |
| echo "ExecStart=/usr/bin/mongod --config /etc/mongod.conf" >> /lib/systemd/system/mongod.service | |
| echo "[Install]" >> /lib/systemd/system/mongod.service | |
| echo "WantedBy=multi-user.target" >> /lib/systemd/system/mongod.service | |
| echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" > /etc/apt/sources.list.d/mongodb-org-3.2.list | |
| echo "deb http://repo.pritunl.com/stable/apt xenial main" > /etc/apt/sources.list.d/pritunl.list | |
| apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 42F3E95A2C4F08279C4960ADD68FA50FEA312927 | |
| apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A | |
| apt-get update -y | |
| apt-get install pritunl mongodb-org -y | |
| systemctl start pritunl mongod | |
| systemctl enable pritunl mongod | |
| # Collect setup key | |
| echo "setup key follows:" | |
| pritunl setup-key | |
| ' | |
| IP=$(gcloud compute instances describe $SERVER_NAME --zone us-west1-b | grep natIP | cut -d: -f2 | sed 's/^[ \t]*//;s/[ \t]*$//') | |
| gcloud beta compute firewall-rules create vpn-allow-8787-$NEW_UUID --allow tcp:8787 --network default --priority 65535 --source-ranges $IP/32 | |
| gcloud beta compute firewall-rules create vpn-allow-3838-$NEW_UUID --allow tcp:3838 --network default --priority 65535 --source-ranges $IP/32 | |
| gcloud beta compute firewall-rules create vpn-allow-443-$NEW_UUID --allow tcp:443 --network default --priority 65535 --source-ranges $IP/32 | |
| echo "VPN server will be available for setup at https://$IP in a few minutes." |
Once the server is up, an organization and user needs to be added to it, then it needs to be started. After it starts, it will show a UDP port which will need to be added to the firewall on Google:
gcloud beta compute firewall-rules create vpn-allow-udp-$NEW_UUID --allow udp:<port> --network default --priority 65535 --source-ranges $IP/32
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You bet. Thanks for the great feedback.