In this tutorial, we will go over the simple steps to install an IPSec/L2TP VPN server on google compute engine.
There are many cases that we need to use a secure channel between a local machine (it might be the firewall of our office or just your development laptop) and our cloud infrastructure. The answer (in most cases) is to have a VPN server in our cloud that will be the entry point. Here we are going to look at a client-server solution. If you are looking at a solution that will give you server to server configuration please go to this post: greenido.wordpress.com/2014/04/10/how-to-set-a-vpn-on-google-compute-engine/
First, I’m going to assume you have an account with Google cloud and you already know how to launch an instance on Google Compute Engine. If not, this post could help you do it in less then 5 min.
First steps after we launch a new instance is to set its networking rules. Btw, when you click on ‘New Instance’ make sure to choose: debian-7-wheezy.
- Allow traffic to TCP port 500, and UDP ports 500 and 4500.
- Add a rule to allow SSH (22 or change it in order to make it a bit more secure).
Install the VPN (openswan) on Google Compute Engine
- gcutil to your instance and copy this script into: vpn-installtion.sh
- Change the default value for 5 variables:
1. Public IP, private IP – You get this information from cloud console (see the image below).
VPN_PASSWORD - Give your own values here.
- sudo ./vpn-installtion.sh
- As of today (8/8/2014) it seems that the latest security update of debian wheezy for openswan is blocking VPN connections with l2tp.
So in order to by pass it type:
apt-get install openswan=1:2.6.37-3
and you will get a working version of openswan.
Checkout the logs on the server
tail -f /var/log/auth.log
tail -f /var/log/syslog
In case we have any issues you will be able to see them in the log files.
Configure the VPN on your Chromebook
On chromebook it’s very quick and easy to configure our VPN settings. All you need to do is to go to the bottom-right side and click on the network icon. On the pop-up dialog you will have an item: “VPN” – Click on it and later “Join Others”.
You will get this dialog:
- Fill the fields that are in red with the same values you type into the vpn-startup script.
- Fill the fields that are in black with information that will help you remember what is this service.
- A cool way to check what is going on with the network after you are connected is to open a new tab with: chrome://network
It will show you a lot of data about your network connection.
Configure the VPN on your Mac
- Open your network settings and click on the “+” button in the top-left corner of the interfaces list
- Select a VPN interface, with ‘IPSec L2TP’ and give it a name. For example: VPN-GCE-1
- In the address field, put the public IP of your server. You can see it as ‘external IP’ in your cloud console.
- In the account name field, put the value of the VPN_USER variable that you defined earlier.
- Click on auth settings, fill your VPN_PASSWORD in the first field and your IPSEC_PSK in the second box. Click Ok
- Click on Advanced Settings, select “Send all traffic” and click ok.
- Click Connect, it should take a few seconds and you should be online. Unless, something is broken and then you will get a dialog that asking you to call
In order to confirm that you are connected and everything is working well, go to: google and write ’what is my ip address’, you should see the public/external IP address.
Happy and secure hacking.