How to Set up a Hetzner VPN Server With UTunnel

This guide describes how to set up a Hetzner VPN gateway using UTunnel's Cloud VPN as a Service.

UTunnel facilitates quick and easy VPN gateway deployment with prominent IaaS providers in the industry and Hetzner is one among them. UTunnel’s hassle-free Access Gateway deployment process makes it easy for users to deploy and manage a VPN gateway with Hetzner.

1. Log in to your Hetzner account and create a Virtual Private Server on the Hetzner cloud console. While creating the VPS, make sure that you select Ubuntu 20.04 server.

2. After creating the Hetzner VPS, copy and note down the newly created instance’s IP address.

3. Create a UTunnel account and log in to your account. Navigate to the CREATE button in the Create an Access Gateway section.

4. Fill in your billing address and click on the PROCEED button to advance to the next step. You can also skip this step by clicking on the Skip button.

5. You can customize your Hetzner VPN gateway by managing the following options:

• Package: Select a package (Basic or Standard) according to your preference.
• Access Gateway Type: Select the Access Gateway type to be On-Premise
• Access Gateway Name: Provide an easily identifiable name of your choice as the Access Gateway name.
• IP Address: Key in your Hetzner server instance’s IP address
• VPN Accounts: Select the number of VPN user licenses required on the VPN gateway
• Coupon: Enter the coupon code if you have any

Click on the PROCEED button once you finish customizing the Access Gateway configurations to advance to the next step.

6. You can review your Access Gateway details from the Order Summary page. Click on the PROCEED button to progress to the next step.

7. Enter your credit card details as required and click on the Start Your Trial/Pay Now button to initiate the Access Gateway creation.

8. You will be directed to the Access Gateway Overview page where you can check the VPN gateway deployment status.

9. Once the Access Gateway deployment is initiated, you will get a registration token, which you need to register your Hetzner VPN gateway.

10. To execute the next steps to deploy your Hetzner VPN gateway, you need to connect to your server via SSH and run the following commands. You need to have sudo access to run these commands.

Create a directory named utunnel and make it the current working directory:

Download the required files and extract them with the command:

Register your Hetzner VPN gateway after replacing YOUR_REG_TOKEN with the registration token you received earlier

Now start the VPN service with the command: 

 

11. You also have to make sure that inbound connections to the following ports are allowed to accept VPN connections.

Ports used for OpenVPN connections

• TCP 443
• UDP 443
• UDP 53 (if scramble/obfuscate VPN is enabled)

Ports used for IPSEC connections

• UDP 4500
• UDP 500

Ports used for managing UTunnel services like live sessions, firewall, and site-to-site tunneling.

• TCP 38081

Now your Hetzner VPN gateway is ready for use. You can invite users into your Access Gateway and start using the VPN.