How to Create or Delete a Virtual Private Network

Validated on 7 Aug 2024 • Last edited on 18 Dec 2024

Machines are Linux and Windows virtual machines with persistent storage, GPU options, and free unlimited bandwidth. They’re designed for high-performance computing (HPC) workloads.

A Virtual Private Network (VPN) is a secure, encrypted network that runs over a public network, like the internet. A VPN typically consists of at least one gateway, a private network, and a tunnel.

  • VPN gateway: An entry point that connects the machines within your private network to machines external to Paperspace, such as your local machine.
  • VPN tunnel: An encrypted connection that secures and encrypts data transferred between machines. The VPN gateway creates a Protocol Security (IPSec) site-to-site VPN tunnel. This protocol ensures your machines communicate securely with a direct and encrypted connection.
  • Private network: A dedicated network that’s logically isolated from other networks on Paperspace. A private network is required to create a VPN, as a VPN gateway connects to your private network which then establishes a VPN tunnel.

The Paperspace API and Paperspace CLI cannot create VPNs. You can only create a VPN via the Paperspace console by submitting a VPN request to Paperspace support.

Create a Virtual Private Network

The VPN is manually created by Paperspace after submitting a request with the necessary specs. You need to provide the following resources for Paperspace to create a VPN: a private network, a public IP address, a pre-shared key, and internal networks.

To submit your VPN request, go to the Paperspace console, in the top-left corner, click the dropdown menu, select CORE, click the VPN tab, then click CREATE VPN to open the Create VPN request form.

The Create VPN request form of the Core dashboard's VPN page.

Choose or Set Up a Private Network

Before creating a VPN, you need a private network and the IP address of the machine you want to use as the VPN gateway.

If you do not have any private networks, create a private network for your VPN. Within your private network, attach the machines you want connected to the VPN.

Retrieve Public IP Address

Before you create a VPN, get the public IP address of the machine you want to use as a VPN.

To find your machine’s IP address, go to the Paperspace console, in the top-left corner, click the dropdown menu, select CORE, click Machines tab, then select the machine you want to get the IP address of.

From the machine’s overview page, in the top-right corner, click the Settings tab. In the Settings page, in the Public IP section, copy your machine’s IP address for later use.

If your machine doesn’t have a public IP address, assign a public IP address to your machine.

The IP address section of the machine's Settings page.

Choose a Network

In the Select a network section, click the dropdown menu to select the private network you want connected to your VPN.

Assign a VPN Public IP Address

In the VPN Public IP Address section, type the public IP address of the machine you’re using as a VPN.

Add a Pre-shared Key

A pre-shared key is a secret key shared between your machines and a physical or third-party location, such as a local machine.

Pre-shared keys secure the connection between machines by ensuring that only authorized machines can establish a connection to your VPN and its machines.

To add a pre-shared key, in the Pre-shared Key section, type the pre-shared key.

If you need to generate a pre-shared key, we recommend using OpenSSL, an open source library that implements protocols, such as the Secure Socket Layer (SSL), and offers cryptography methods, such as generating random keys.

Generate a pre-shared key using OpenSSL

To generate a pre-shared key using OpenSSL:

  1. Download and install the OpenSSL library onto your local machine.

  2. Open a terminal, run an openssl rand command that generates a random key. You can specify the byte format and the number of random bytes in your key. For example, the following openssl rand command outputs a pre-shared key encoded using the base64 format with 24 random bytes generated.

openssl rand -base64 24
  1. The command should output a random generated key, which you can use as your pre-shared key.

Add Internal Networks

Internal networks are the machines you want connected to your VPN.

In the Internal Network(s), separated by commas section, list the IP addresses of the machines you want accessible through your VPN.

After configuring your VPN, click CREATE VPN. A VPN may take up to 24-48 hours to create. Once your VPN is created, Paperspace support notifies you via email that your VPN is created and connected.

The VPN is not visible on the Paperspace console as it runs in the background and connects the machines in your private network, by default.

If you want to delete your VPN from your Paperspace account, contact Paperspace support. Paperspace support notifies you via email once the VPN is deleted.

Test VPN Connectivity

To test your VPN, go to the Paperspace console, in the top-left corner, click the dropdown menu, select CORE, click the Machines tab, then find and select a machine belonging to your VPN’s private network.

On the machine’s overview page, click the Details tab, in the Details page, on the right side, under the Private IP section, copy the private IP address.

Then, connect to your machine, in your machine, open a terminal, and run a Internet Control Message Protocol (ICMP) (ping) command.

ICMP (Internet Control Message Protocol) sends and receives ping requests to test network connectivity. You can use a ping command to verify whether your machine can reach the VPN gateway and receive a response.

ping 203.0.113.0

Your VPN is working properly if the packets line indicates data was sent and received with minimal packet loss.

...
--- 203.0.113.0 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3068ms
...

If your ping command outputs a request timeout, you may need to enable ICMP command on your machine.

PING 203.0.113.0 (203.0.113.0): 56 data bytes
Request timeout for icmp_seq 0
...
Enable ICMP

For Windows-based machines, configure your Windows firewall to enable ICMP.

Note
As of 1 July 2024, Windows-based templates are retired and unavailable to new Paperspace users. If you joined Paperspace prior to this date, you can still start, manage, and create Windows-based template machines.

To enable ICMP for Linux-based machines:

  1. Run the iptables command to check the current rules on your machine.

    sudo iptables -L -v

    If ICMP is enabled, the output should show that echo-request and echo-reply is accepted.

    ACCEPT     icmp -- anywhere             anywhere             icmp echo-request
ACCEPT     icmp -- anywhere             anywhere             icmp echo-reply

  2. If ICMP isn’t enabled, enable it by allowing ICMP echo requests and replies.

    sudo iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
sudo iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT

  3. Afterwards, save the new rules you’ve added.

    sudo iptables-save | sudo tee /etc/iptables/rules.v4

  4. Then, reboot your machine.

    sudo reboot

  5. To verify if ICMP is enabled, re-run the iptables command and find ACCEPT icmp for echo-request and echo-reply.

    sudo iptables -L -v

After enabling ICMP on your machine, attempt to re-run your ping command. If you continue to receive timeout requests or other errors such as denied permissions, contact Paperspace Support.

Control Panel Blog Pricing Careers Terms Privacy Status API Docs Tutorials Support