This repo includes terraform code to deploy a Pritunl VPN server instance on Google Cloud Platform (GCP). Also, we will leverage the Identity-Aware Proxy to provide secure SSH access to the VM instance, needed to a final step to configure your Pritunl VPN server.
A client-site VPN establishes a secure and encrypted connection between a user and a private network, typically the organization's internal network. The use of a client-site Virtual Private Network (VPN) can be justified for several reasons: Enhanced Security, Remote Access, Protection on Public Networks, Data Privacy and Compliance, Securing Sensitive Transactions, Access Control, Reduced Cybersecurity Risks, etc.
The Pritunl VPN is an open-source solution that provides an intuitive and secure platform for the implementation of Virtual Private Networks (VPNs), emphasizing ease of use and administration. Pritunl VPN
Terraform is an Infrastructure as Code (IaC) tool that allows for the automated and declarative provisioning and management of infrastructure resources. Terraform
The Google Cloud Platform (GCP) is a cloud computing services platform from Google, which includes storage, data processing, machine learning, analytics, and various other resources to facilitate the development, deployment, and scalability of applications. Google Cloud Platform
With TCP forwarding, IAP can protect SSH and RDP access to your VMs hosted on Google Cloud. Not this case but, your VM instances don't even need public IP addresses.
-
A Google Cloud Platform (GCP) project. For that all you need is a @gmail account and a credit card (Is totally charge safe, you won’t be charged until you upgrade). You can use this link to claim $300 in free credits, Try Google Cloud Platform for free. Also I recommend read Creating and managing projects.
-
Terraform. Install Terraform
-
gcloud CLI Install the gcloud CLI
The following Terraform code deploys a Pritunl VPN server on the Google Cloud Platform (GCP).
- Clone the repository:
git clone https://github.com/marcelotpcosta/pritunl-vpn-gcp-terraform
- Into the directory:
cd pritunl-vpn-gcp-terraform
- Make a copy of the
terraform.tfvars.exampletoterraform.tfvars
cp terraform.tfvars.example terraform.tfvars
- Fill the values and save it. Note that the
variables.tffile contains the declaration of variables used by tfvars configuration file.
project_id: Your GCP project ID. See Creating and managing projectsregion: The GCP region where the resources will be created. See GCP regions and zoneszone: The GCP zone where the resources will be created. See GCP regions and zonesserver_port: Server port which VPN clients will connect, for example the standard OpenVPN port "1194"instance_type: The intance size. See GCP machine typesserver_name: The server name on GCP console and OS hostname, for example "my-vpn-server"
- Authenticate on GCP (Assuming you have already installed and configured gcloud)
gcloud auth application-default loginand follow link
- Then perform the following commands on the root folder:
terraform initto get the pluginsterraform planto see the infrastructure planterraform applyto apply the infrastructure build
- When necessary
terraform destroyto destroy the built infrastructure
- Pritunl setup: After resources creation, the output will show the public IP to access the Pritunl web interface, so access the Pritunl web interface and follow this instructions to the basic and secure configuration. The page may take take a while to load.
- Important: In order to perform the upcoming procedures, it is essential to connect to the server via SSH. As we utilize IAP (Identity-Aware Proxy), accessing SSH is conveniently achieved through the GCP console. Simply navigate to the console, choose the project, go to the compute engine section, select your virtual machine (VM), and then click on the SSH access button. Please note that being a project owner is a prerequisite for this process.