Run VaultWarden and VPN on same e2 micro instance

I’ll keep this short and sweet hopefully

I’m working with a non-profit to get a VaultWarden server set up for them to store all our passwords on. I need to demo it to the board so I can get them to approve a budget for it, so I’m currently running it in a Docker container on a Google Cloud free-tier e2 micro instance. What I would like to do is add a VPN server onto this instance as well, so I can show them that only people with access to the VPN can load the webpage for the vault, plus they have to have a log-in to the vault as well. Does anyone know of any free or cheap VPN servers that I can use to demo this, and let the board use to access the vault as well so I can prove to them this is a wonderful thing to have, and they should add money into the budget for it? The trick is, until I get a budget approved for this, I’m hoping it can all run on the same e2 instance.

Openvpn or Wireguard are popular free vpn servers. You need to setup a client for the end user.

If you have control of your domain name then a Cloudflare tunnel could provide a connection without the need of a client software.

Algo VPN (click for a link) can be installed on your instance, then use the Wireguard VPN client (click for a link) on Windows / Android / etc. I’ve done this on a free Oracle Cloud instance and it works very well.

Why are you setting up VW to require a VPN? Extra security? I have VW running in AWS, accessible only via CloudFlare. AWS GuardDuty monitors the instance for unusual activity, Google Cloud will probably have something similar. In CloudFlare I’ve locked down the countries I want to have access, plus I’ve added some other security settings.