How to Set up a Hetzner VPN Server With UTunnel

This guide describes how to set up a Hetzner VPN gateway using UTunnel's Cloud VPN as a Service.

UTunnel facilitates quick and easy VPN gateway deployment with prominent IaaS providers in the industry and Hetzner is one among them. UTunnel’s hassle-free Access Gateway deployment process makes it easy for users to deploy and manage a VPN gateway with Hetzner.

1. Log in to your Hetzner account and create a Virtual Private Server on the Hetzner cloud console. While creating the VPS, make sure that you select Ubuntu 20.04 server.

2. After creating the Hetzner VPS, copy and note down the newly created instance’s IP address.

3. Create a UTunnel account and log in to your account. Navigate to the CREATE button in the Create an Access Gateway section.

hetzner vpn server empty server list

4. Fill in your billing address and click on the PROCEED button to advance to the next step. You can also skip this step by clicking on the Skip button.

hetzner vpn server billing address

5. You can customize your Hetzner VPN gateway by managing the following options:

  • Package: Select a package (Basic or Standard) according to your preference.
  • Access Gateway Type: Select the Access Gateway type to be On-Premise
  • Access Gateway Name: Provide an easily identifiable name of your choice as the Access Gateway name.
  • IP Address: Key in your Hetzner server instance’s IP address
  • VPN Accounts: Select the number of VPN user licenses required on the VPN gateway
  • Coupon: Enter the coupon code if you have any

Click on the PROCEED button once you finish customizing the Access Gateway configurations to advance to the next step.

hetzner vpn server creation form

6. You can review your Access Gateway details from the Order Summary page. Click on the PROCEED button to progress to the next step.

hetzner vpn server order summary

7. Enter your credit card details as required and click on the Start Your Trial/Pay Now button to initiate the Access Gateway creation.

hetzner vpn server payment confirmation

8. You will be directed to the Access Gateway Overview page where you can check the VPN gateway deployment status.

hetzner vpn server build progress

9. Once the Access Gateway deployment is initiated, you will get a registration token, which you need to register your Hetzner VPN gateway.

hetzner vpn server registration token

10. To execute the next steps to deploy your Hetzner VPN gateway, you need to connect to your server via SSH and run the following commands. You need to have sudo access to run these commands.

Create a directory named utunnel and make it the current working directory:

sudo mkdir /utunnel && cd /utunnel

Download the required files and extract them with the command:

sudo wget
sudo tar -xf install_bundle_20.tar

Register your Hetzner VPN gateway after replacing YOUR_REG_TOKEN with the registration token you received earlier

sudo /utunnel/bin/utnservice register YOUR_REG_TOKEN

Now start the VPN service with the command: 

sudo /utunnel/bin/utnservice start


11. You also have to make sure that inbound connections to the following ports are allowed to accept VPN connections.

Ports used for OpenVPN connections

  • TCP 443
  • UDP 443
  • UDP 53 (if scramble/obfuscate VPN is enabled)

Ports used for IPSEC connections

  • UDP 4500
  • UDP 500

Ports used for managing UTunnel services like live sessions, firewall, and site-to-site tunneling.

  • TCP 38081

Now your Hetzner VPN gateway is ready for use. You can invite users into your Access Gateway and start using the VPN.

Popular Support Articles

How to setup a VPN server in AWS

How to Redeploy a Cloud VPN Server

How to deploy an On-Premise VPN server

How to Deploy a Cloud VPN server

Setup Oracle Cloud VPN server with UTunnel

How to set up a UTunnel VPN Server with Vultr