Do you sometimes get the chills when you log into a public Wi-Fi? VPN can protect your traffic and Switzerlands laws can protect your data. Cost of hosting your own VPN on GCP is about $7 per month, you get $300 credits for the first year.

How to setup WireGuard

WireGuard connections are reliable and durable, latency is pretty low.

“Always free” f1-micro VMs are only available in us-west1, us-central1, us-east1

  1. Login to your GCP console and create a new project.

  2. Create a new VM (Compute Engine -> VM instances)

    • Region: europe-west6
    • Machine type: f1-micro
    • Networking > Network tags: wireguard-vpn
    • Networking > Network Interface > External IP: “Create IP address” and reserve a static IP address.
    • Networking > Network Interface > Turn on IP forwarding on the default interface.

  3. SSH into the machine and run the wireguard-install installer. Make sure you replace the PUBLIC_IP with the machines External IP.

    1
2

    wget https://raw.githubusercontent.com/l-n-s/wireguard-install/master/wireguard-install.sh -O wireguard-install.sh
sudo SERVER_HOST=PUBLIC_IP SERVER_PORT=53133 bash wireguard-install.sh

  4. After the installation finished you can use the QR code to setup WireGuard on your phone, but it does not work yet! We need to forward ports.

  5. Create a new Firewall Rule (VPC network > Firewall rules)

    • Target tags: wireguard-vpn
    • Source IP ranges: 0.0.0.0/0
    • Ports: UDP 53133

  6. Test the connection. Restart the VM and check if it still works.

  7. Setup a budget alert.

  8. If google.com does not work change MTU, because Google

In the client config add MTU = 1360 to the [interface]. On the server change it for the interface:

1

sudo ip link set dev wg0 mtu 1360 # on the server

It is also possible to deploy WireGuard as mesh between VPS servers so each VPS instance has each other VPS as peer, which is pretty awesome.

How to setup IPSec/Cisco VPN

  1. Login to your GCP console and create a new project.

  2. Create a new VM (Compute Engine -> VM instances)

    • Region: europe-west6
    • Machine type: f1-micro
    • Networking > Network tags: ipsec-vpn
    • Networking > Network Interface > External IP: “Create IP address” and reserve a static IP address.
    • Networking > Network Interface > Turn on IP forwarding on the default interface.

  3. configure a startup script, or SSH into the machine and run it manually

    1
2
3
4
5
6
7

    # All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " '
curl -sL https://git.io/vpnsetup -o vpnsetup.sh && sudo \
VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' \
sh vpnsetup.sh

  4. Create a new Firewall Rule (VPC network > Firewall rules)

    • Target tags: ipsec-vpn
    • Source IP ranges: 0.0.0.0/0
    • Ports: UDP 500 and 4500

  5. Wait until Virtual machine is ready, like 5 minutes.

  6. Configure IPsec/XAuth VPN Clients

  7. Test the connection. Restart the VM and check if it still works.

  8. Setup a budget alert.