Install A VPN Server On Google Compute Engine

photo_openswanIn this tutorial, we will go over the simple steps to install an IPSec/L2TP VPN server on google compute engine.
There are many cases that we need to use a secure channel between a local machine (it might be the firewall of our office or just your development laptop) and our cloud infrastructure. The answer (in most cases) is to have a VPN server in our cloud that will be the entry point. Here we are going to look at a client-server solution. If you are looking at a solution that will give you server to server configuration please go to this post:

First, I’m going to assume you have an account with Google cloud and you already know how to launch an instance on Google Compute Engine. If not, this post could help you do it in less then 5 min.

First steps after we launch a new instance is to set its networking rules. Btw, when you click on ‘New Instance’ make sure to choose: debian-7-wheezy.

  • Allow traffic to TCP port 500, and UDP ports 500 and 4500.
    Screenshot 2014-08-10 08.50.20
  • Add a rule to allow SSH (22 or change it in order to make it a bit more secure).

Install the VPN (openswan) on Google Compute Engine

  • gcutil to your instance and copy this script  into:
[gist b9c11fdb7dd3b0d2093c]
  • Change the default value for 5 variables:
    1. Public IP, private IP – You get this information from cloud console (see the image below).
    Screenshot 2014-08-10 10.25.55
    2. IPSEC_PSK, VPN_USER and VPN_PASSWORD - Give your own values here.
  • sudo ./
  • As of today (8/8/2014) it seems that the latest security update of debian wheezy for openswan is blocking VPN connections with l2tp.
    So in order to by pass it type:
    apt-get install openswan=1:2.6.37-3
    and you will get a working version of openswan.

Checkout the logs on the server

tail -f /var/log/auth.log

tail -f /var/log/syslog

In case we have any issues you will be able to see them in the log files.

Screenshot 2014-08-10 11.12.49

Configure the VPN on your Chromebook

On chromebook it’s very quick and easy to configure our VPN settings. All you need to do is to go to the bottom-right side and click on the network icon. On the pop-up dialog you will have an item: “VPN” – Click on it and later “Join Others”.

You will get this dialog:


  • Fill the fields that are in red with the same values you type into the vpn-startup script.
  • Fill the fields that are in black with information that will help you remember what is this service.
  • A cool way to check what is going on with the network after you are connected is to open a new tab with: chrome://network
    It will show you a lot of data about your network connection.

Configure the VPN on your Mac

  • Open your network settings and click on the “+” button in the top-left corner of the interfaces list
  • Select a VPN interface, with ‘IPSec L2TP’ and give it a name. For example: VPN-GCE-1
    • In the address field, put the public IP of your server. You can see it as ‘external IP’ in your cloud console.
    • In the account name field, put the value of the VPN_USER variable that you defined earlier.
    • Click on auth settings, fill your VPN_PASSWORD in the first field and your IPSEC_PSK in the second box. Click Ok
    • Click on Advanced Settings, select “Send all traffic” and click ok.
  • Click Connect, it should take a few seconds and you should be online. Unless, something is broken and then you will get a dialog that asking you to call

In order to confirm that you are connected and everything is working well, go to: google and write ’what is my ip address’, you should see the public/external IP address.


Happy and secure hacking.


17 thoughts on “Install A VPN Server On Google Compute Engine

  1. A says:

    Hi, thank you for detailed instructions. I followed these instructions and manage to make it work on my mac. However, I am having some issues connecting to VPN from Windows 10 machine. Can you provide me some steps to conenct from windows 10 as well ?

  2. I so appreciate this article that got me thinking about the possibilities though my purpose is different. I want a VPN connection with my vm instance (win server 2012) and my pc is win7. Hope you can shed some light on this on how to achieve it.

  3. Ed says:

    Could you possibly make a video about how to do this?

    Or could you explain in a lot of detail how to put the script on, and how to execute it?

    Sorry, this is my first time trying to do this, and I need a bit of a push!

  4. Just desire to say your article is as amazing.

    The clearness in your post is just excellent and i can assume you’re an expert on this subject.
    Fine with your permission let me to grab your feed to keep updated with forthcoming post.
    Thanks a million and please carry on the enjoyable work.

  5. It’s actually a great and useful piece of information.
    I’m satisfied that you just shared this helpful info with us.
    Please keep us up to date like this. Thank you for sharing.

  6. SANJEET JOSHI says:

    Thanks a lot for this post IDO.
    Thanks to VLAD for pointing out the difference for Deb 8. With that one change, it worked like a charm.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s