Creating a free VPN via Google Cloud

Last week, I moved from a flex-2 in Hell's Kitchen to a small bedroom in Bushwick. One consequence was that I no longer had control over the apartment's router. Out of curiosity, I wondered if I could obfuscate my Internet traffic from and to the black-box router using tools that are (1) free, (2) easy to deploy, and (3) not too shady. It turns out that Google Cloud Platform's f1-micro instance might work well for this purpose, and in case it's helpful to anyone else, I've outlined my method below.

Creating a project on Google Cloud Platform

If this is your first time working with Google Cloud Platform (“GCP”), you'll first need to agree to GCP's terms of service. Visit the main console page, read their terms of service, and click Agree and Continue as applicable.

  1. Go to the Manage resources page in the GCP console.
  2. Click Create Project.
  3. In the New Project page, enter a project name, select a billing account as applicable, and click Create.

Creating a free f1-micro instance

  1. Go to GCP's main console page.
  2. If your new project is not visible, click on the bottom arrow button to the right of the main Google Cloud Platform banner. Select your new project from the dropdown menu and click Open.
  3. Click on the hamburger menu to the left of the main Google Cloud Platform banner.
  4. In the Compute > Compute Engine section, click VM instances.
  5. Click Create instance.
  6. In the Create an instance section, complete the following fields with values shown below:
    • Name: personal-vpn
    • Region: us-east1
    • Zone: us-east1-b
    • Machine type: micro (1 shared vCPU)
    • Note: After selecting this machine type, you should see the message “your first 744 hours of f1-micro instance usage are free this month” on your screen.
    • Boot disk: Debian GNU/Linux 9 (stretch)
  7. Click Create.

Configuring the firewall rule and static IP

  1. Go to GCP's main console page.
  2. Click on the hamburger menu to the left of the main Google Cloud Platform banner.
  3. In the Networking > VPC network section, click Firewall rules.
  4. In the Firewall rules section, click Create firewall rule.
  5. In the Create a firewall rule section, complete the following fields with values shown below:
    • Name: allow-openvpn
    • Direction of traffic: Ingress
    • Action on match: Allow
    • Targets: All instances in the network
    • Source IP ranges: 0.0.0.0/0
    • Protocols and ports: Allow UDP 1194
  6. Click *Create.
  7. On the left sidebar, click External IP addresses.
  8. Click *Reserve static address.
  9. In the Reserve a static address section, complete the following fields with values shown below:
    • Name: personal-vpn-ip
    • Attached to: personal-vpn
  10. Click Reserve.
  11. In the table containing external IP addresses, take note of the External Address value next to the personal-vpn-ip row. (You'll need this information for the next section.)

Installing OpenVPN and downloading OVPN configuration file

  1. Go to GCP's main console page.
  2. Click on the hamburger menu to the left of the main Google Cloud Platform banner.
  3. In the Compute > Compute Engine section, click VM instances.
  4. In the table containing your VM instances, click on the row with the value personal-vpn.
  5. In the row with the value personal-vpn, click on the button with three vertical dots and click Start. (This button may be grayed out; if so, skip this step.)
  6. In the row with the value personal-vpn, click on SSH.
  7. In the new window that appears, wait for the terminal to complete loading.
  8. In the terminal, run curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh to download Stanislas Lange's OpenVPN install script.
  9. In the terminal, run chmod +x openvpn-install.sh to make the script executable.
  10. In the terminal, run sudo ./openvpn-install.sh and follow the instructions on the screen.
    • Note 1: You'll need the external IP address that you reserved in the Configuring the firewall rule and static IP section above.
    • Note 2: Note the .ovpn filename that you choose in one of the installation steps.
  11. In the terminal, run pwd to get the present working directory.
  12. In the terminal, click the gray gear icon on the top-left corner of the window and click Download file.
  13. In the Fully qualified file path field, type the path of the present working directory and the .ovpn filename:
    • Example: /home/test_user/personalvpn1.ovpn
  14. Click Download. Your browser should now be downloading the .ovpn file that you generated earlier in this section.

Installing the OVPN file on your local computer's OpenVPN client

This section depends on which operating system you have. At this time, I use Tunnelblick, a free open-source VPN client for macOS. For Windows users, it looks like Pritunl is one of the more popular OpenVPN client. Once you vet and install an OpenVPN client of your choosing, import the .ovpn file into your client. You can check that your VPN is working by connecting to the VPN and checking that your public IP address sources from Google.