VPN on Demand for Just Pennies

---

VPN on Demand for Just Pennies

In my last post, we explored the benefits of Tailscale for easy, secure connections across devices. This time, let’s extend Tailscale’s use to create an on-demand VPN setup that’s cheap, easy to manage, and perfect for those who need it only occasionally—like when connecting to public Wi-Fi, traveling, or bypassing geoblocking.

Why I Needed an On-Demand VPN

I rarely use VPNs. My primary use cases are connecting to public Wi-Fi networks at hotels and airports or getting around geoblocking restrictions. Instead of paying for a monthly VPN subscription, I wanted a solution that I could activate on demand, pay just pennies for, and easily tear down when I no longer needed it.

Setting Up Cloud-Based VPN Exit Nodes

Cloud providers make this setup straightforward. I personally use Hetzner Cloud because of its affordability, but this approach works with any cloud provider, including AWS, Azure, and Google Cloud. With Hetzner, you can spin up a server for just a few cents, configure it as a Tailscale exit node, and then delete it when you’re done. On average, this setup costs me around $0.50 per month!

Why Tailscale?

Tailscale allows me to create a secure, personal network over the internet using WireGuard. It’s super fast, doesn’t require complex firewall or port forwarding rules, and makes adding new devices or exit nodes to my network a breeze.

How I Do It: Ansible Automation

To make this process even simpler, I’ve written an Ansible playbook that spins up a new cloud server, configures it with Tailscale, and sets it up as an exit node in about 30 seconds. Here’s a snippet of the code I use:

- name: Create a basic server with ssh key
  hetzner.hcloud.server:
    name: vpn-exitnode-fsn1
    api_token: 
    server_type: cx22
    image: debian-12
    location: fsn1
    ssh_keys:
      - 
    state: present
    user_data: ""

The cloud_init configuration, located in files/cloud_init, handles the initial setup on the new server:

#cloud-config

runcmd:
  - ["sh", "-c", "curl -fsSL https://tailscale.com/install.sh | sh"]
  - [
      "sh",
      "-c",
      "echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && sudo sysctl -p /etc/sysctl.d/99-tailscale.conf",
    ]
  - ["tailscale", "up", "--authkey=<auth_key>"]
  - ["tailscale", "set", "--ssh"]
  - ["tailscale", "set", "--advertise-exit-node"]

Final Thoughts

This setup has been a game-changer for me, offering the flexibility and security of a VPN without the commitment of a subscription. It’s super cheap, easy to set up, and allows you to connect to different VPN locations across the globe in minutes.

If you’re looking for an affordable, flexible VPN solution, try this approach—your wallet will thank you!