Custom VPN using PiVPN and public cloud
Motivation: Many public Wi-Fi networks block certain internet ports and protocols. For example, a public library might only allow ports 80 and 443 and the TCP protocol. Leaving aside the logic of such decisions by network owners, they prevent users from taking advantage of many commercial VPN products that rely on other ports. The goal of this article is to create a custom VPN solution to improve privacy even on such restricted public networks.
Create public cloud compute instance
Login to GCP console. Create an Ubuntu machine and make sure to allow https traffic. Then locate your public IP which is where your traffic will be routed. In GCP, you can find it using the following steps (as of Dec 2018): VPC network > External IP addresses > switch the type of your instance IP from “Ephemeral” to “Static”. This will be your public IP.
Create PiVPN instance
Login to your compute instance and download PiVPN using the following command:
curl -L https://install.pivpn.io | bash
Follow all setup steps using default values except for port and protocol. Select port 443 and protocol TCP. Select reboot at the end of the installation.
Create VPN credentials
Enter your custom username and password. Download credentials to your computer from your newly create cloud computer instance. Credentials are typically located at ~/ovpns on your Ubuntu instance.
Download a VPN client for your platform
For MacOS you may use Tunnelblick. Then drag credentials (.ovpn) from the previous step to the Tunneblick app icon. Click on Tunneblick icon to connect to your VPN with your custom username and password.
- use port 80 instead of 443 above if necessary.
- to minimize cost, remember to shut down your compute instance when you are not using the VPN. The typical cost is < $20 for 100GB of traffic and 24/7 usage which is in line with respectable third-party VPN providers. However, your cost may be significantly lower if you shut down unused instances and use pre-emptible instances (GCP-specific).