My new VPN setup on Oracle Cloud


January 4, 2023

Why Oracle Cloud?

The setup I am going to describe has been working on my dedicated server for some time without any problems. But last year I have decided to decided to reduce my costs and consolidate my dedicated servers (three of them) to only one to save costs and complexity (giving up some fail-over scenarios).

While doing so the dedicated server who served my VPN was cancelled by me and I moved the majority of the hosted services to my main machine. But as this machine hosts some kind of critical services I did not want to add high traffic (VPN) and a custom DNS setup (PiHole) to it. So I decided to move the VPN Oracle Cloud.

So why Oracle? I do use in my professional life a lot of AWS, GCloud and Azure but I have not much used Oracle Cloud. And there is a very interesting always free tier available…

Oracle Cloud free tier

Getting the Oracle instance

Well, this normally would not be an own chapter - but it turns out it needs to be one.

First I registered with Oracle Cloud and got the free tier. Nothing special about this with the exception that everything felt a little bit overcomplicated / dated.

Next I wanted to create a new instance. And this instance I wanted to max out the free tier while also using state-of-the-art technology - an ARM based server. The free tier includes one instance (or you could even split the hardware) with 4 cores and 24 GB of RAM - plenty of ressources for my VPN and the to-be-installed playgrounds and pet projects (there will be a Kong instance on that machine for sure).

And here starts the trouble - yes, this config is available in the free tier - but no hardware in the Frankfurt AD available (everytime I tried to create the instance I got the message no ressources could be allocated and I shall come back later). I started to try to get my instance on 2022-12-12 and it took me many, many tries until 2023-01-03 to finally get the instance up and running. Isn’t one of the benefits of the cloud I don’t need to worry about the hardware being available…?

My instance hardware overview

Setting up Wireguard

There are many tutorials out there how to setup Wireguard on a Linux machine. I decided to go (again) with my Docker based setup which I copied over from my old dedicated server. I had to change nothing and got my Wireguard restored in a few minutes.

By nothing I mean I have pointed my DNS to the new IP of my Oracle instance.

I am using WireGuard Easy with docker-compose and this is my configuration:

version: "3.3"
      - PASSWORD=xxxx
      # this is my PiHole in the Docker vpn network
    image: weejewel/wg-easy
    container_name: wg-easy
      - ./config:/etc/wireguard
      - "51820:51820/udp"
      - ""
    restart: unless-stopped
      - NET_ADMIN
      - SYS_MODULE
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      name: vpn

Now a docker compose up -d brought up the Wireguard server and after I opened the port in the Oracle Cloud firewall I could connect to it with my Wireguard clients. As I have also copied the config directory (see volumes in above YAML) all settings and clients were restored.

WireGuard overview


I am using Pi-hole at my home for many years and it always shocks me when using “normal internet” (like my cell phone) how much s**t is loaded without it. The internet is doomed due to marketing and sales guys… :(

So I wanted to have Pi-hole also in my VPN so I can use the internet everywhere without all this bloated crap. And long story short: I have also used docker-compose for this and copied the config over, started it and it works perfectly.

    container_name: pihole
    image: pihole/pihole:latest
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - ""
      TZ: 'Europe/Berlin'
      WEBPASSWORD: xxxxx
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    restart: unless-stopped
      name: vpn

Pi-hole overview


The move from the dedicated server to the Oracle Cloud was extremely easy - thanks to Docker and the mounted configuration directories I only needed to copy those folders, open the firewall and done.

But Oracle Cloud did not have a good start for me - the user interface and the lack of available hardware have been disappointing so far. But I hope this will improve over time.