Installation – Pritunl Documentation
Install and configure PritunlBelow are several methods available for installing Pritunl.
Pritunl includes full SELinux polices which cover both the main pritunl process and the isolated pritunl-web web server process. Running Pritunl with a Linux distribution that supports SELinux will significantly improve security. It is recommend to only use Red Hat Enterprise Linux, Oracle Linux or CentOS for Pritunl servers. The first log message shown when the Pritunl server is started will indicate the SELinux context. It should look similar to the log message below, if it is none or unconfined the SELinux policy is not functioning.
[pritunl0][2018-12-16 07:45:03, 406][INFO] Starting server
selinux_context = “system_u:system_r:pritunl_t:s0”
All development and testing of Pritunl software is done on Oracle Linux and it is the recommended distribution to use for Pritunl software. It will provide the highest level of compatibility, reliability and security. Oracle provides a script to switch CentOS to Oracle Linux if the chosen platform does not have Oracle Linux images.
If you intend on creating a Pritunl cluster with multiple hosts all the hosts will need to connect to the same MongoDB database. For cluster configurations it is best to have a dedicated server that is not running Pritunl for the MongoDB database. Single host configurations can run MongoDB with Pritunl on the same server.
For MongoDB servers with high memory are best (, ) are best. For Pritunl nodes high CPU with good single-threaded performance (higher core frequency) are best (). For large deployments several small nodes with fewer connections per node is better then fewer larger nodes with more connections per node. For the best performance it is recommended to spend $0. 50-$1. 00 per concurrent connection each month on server costs. More information on AWS recommendations can be found in the Scaling documentation.
To install Pritunl on Oracle Cloud click Create Instance and use the default Oracle Linux image. Then add SSH keys and create the instance.
After creating the instance SSH to the server with the username opc and run the commands below to install Pritunl and MongoDB.
Both iptables-services and firewalld must be disabled on the server to prevent interference with the Pritunl iptables rules. If the Pritunl iptables configuration is incorrectly modified by other software this can cause connection issues or inadvertent access to networks that are not permitted in the Pritunl server route configuration.
sudo tee /etc/ << EOF
[mongodb-org-4. 4]
name=MongoDB Repository
baseurl=gpgcheck=1
enabled=1
gpgkey=EOF
[pritunl]
name=Pritunl Repository
EOF
sudo yum -y install oracle-epel-release-el7
sudo yum -y update
sudo yum -y remove iptables-services
sudo systemctl stop rvice
sudo systemctl disable rvice
gpg --keyserver hkp --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A >; sudo rpm –import; rm -f
sudo yum -y install pritunl mongodb-org
sudo systemctl enable mongod pritunl
sudo systemctl start mongod pritunl
Amazon Linux does not support SELinux and should not be used with Pritunl. Pritunl includes full SELinux policies and an isolated web server process that significantly improve security. Only the Red Hat Enterprise Linux (includes software fee), Oracle Linux and CentOS support SELinux on AWS.
To install Pritunl on AWS open the create instance interface and search for the Oracle Linux owner ID 131827586825 then select the Community AMIs tab. Select the latest Oracle Linux AMI currently OL7. 9-x86_64-HVM-2020-12-07. This will use the free official Oracle Linux 7 image with SELinux support.
The AWS community AMI and marketplace sections contain public images that can be uploaded without any verification. These sections contain several packages with names containing Oracle Linux, CentOS and Pritunl. Using these unverified images could compromise the security of your network. Pritunl does not publish any AMIs or marketplace images. Only the Amazon provided images in the Quick Start section and the official Oracle Linux images from the Oracle owner ID above should be used.
After creating the EC2 instance SSH to the server with the username ec2-user and run the commands below to install Pritunl and MongoDB.
[mongodb-org-4. 2]
sudo yum-config-manager –enable ol7_developer_epel
The Pritunl Oracle Linux 7 and Oracle Linux 8 repositories provide the pritunl-openvpn package that replaces the openvpn package from the EPEL. This package provides a newer version of OpenVPN than is available on the EPEL. This package is currently required on RHEL 8 distributions including Oracle Linux 8 due to the issue explained in RHEL 8 Connection Fix. The command below will install the pritunl-openvpn package and replace the existing openvpn package.
It’s recommended to always use this package when available as it will provide the latest release of OpenVPN and replace the often outdated OpenVPN builds on the EPEL. Only the Oracle Linux 7 and 8 repositories provide this package. It is recommended to use these repositories on all RHEL Linux distributions including CentOS. Oracle Linux shares full compatibility with RHEL.
sudo yum swap openvpn pritunl-openvpn
sudo yum –allowerasing install pritunl-openvpn
Automatic updates should always be enabled to ensure Linux security updates are always applied. The Pritunl service will not restart when updating and no downtime will occur from updates. To complete updates to Pritunl the service must be restarted by running sudo systemctl restart pritunl.
sudo yum -y install yum-cron
sudo sed -i ‘s/^update_cmd =. */update_cmd = default/g’ /etc/yum/
sudo sed -i ‘s/^download_updates =. */download_updates = yes/g’ /etc/yum/
sudo sed -i ‘s/^apply_updates =. */apply_updates = yes/g’ /etc/yum/
sudo systemctl enable yum-cron
sudo systemctl start yum-cron
When running on Oracle Cloud live kernel patches with Ksplice are included at no additional cost. These updates will not impact system availability and can be applied automatically by running the command below.
sudo sed -i ‘s/^autoinstall =. */autoinstall = yes/g’ /etc/uptrack/
Pritunl is packaged for several Linux distributions. All available distributions can be found on the Repositories page.
Continue to ConfigurationUpdated 16 days ago Table of Contents
SELinux Support
Oracle Linux
Enterprise Clusters
Recommended Instance Types
Oracle Cloud Install
AWS Install
OpenVPN Update
Automatic Updates
Linux Repositories
Configuration
How to setup a VPN Server using Pritunl on Ubuntu 18.04 LTS
How to setup a VPN Server using Pritunl on Ubuntu 18. 04 LTS
There is a new version of this tutorial available for Ubuntu 20. 04 (Focal Fossa).
This tutorial exists for these OS versions
Ubuntu 20. 04 (Focal Fossa)Ubuntu 18. 04 (Bionic Beaver) On this page
Requirements
Install Pritunl
Configure Pritunl
Pritunl Commandline
View Version
Repair Database
Reset Password
Changing Web Console Port
Pritunl is a VPN Server Software based on the popular OpenVPN platform. In this tutorial, you will learn how to set up and use Pritunl on your Ubuntu 18. 04 LTS based server.
You will need an Ubuntu 18. 04 based server. If you are running server software, you will need to stop them because Pritunl requires both 80 and 443 ports to run.
Make sure your system is upgraded.
$ sudo apt update$ sudo apt upgrade
If you are using a firewall, then we need to open some ports so that Pritunl works properly.
If you are using ufw firewall, use the following commands. You can learn more about how to install and use the UFW firewall from our tutorial.
$ sudo ufw allow $ sudo ufw allow $ sudo ufw allow 10447/udp$ sudo ufw reload
If you look carefully, we have opened port 10447 over UDP. We will be using this port for running our VPN. So note down the port number. You can choose any port number you like though.
Step 1: Add Pritunl Repository.
$ echo “deb bionic main” | sudo tee /etc/apt/
Step 2: Add Mongodb Repository.
$ sudo nano /etc/apt/
Paste the following line in the Nano editor.
deb bionic/mongodb-org/4. 0 multiverse
Save the file by pressing Ctrl + X and then selecting Y.
Step 2: Add Public Keys for Pritunl and Mongodb repositories.
$ sudo apt-key adv –keyserver hkp –recv 9DA31620334BD75D9DCB49F368818C72E52529D4$ sudo apt-key adv –keyserver hkp –recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A$ sudo apt update
Step 3: Install Pritunl and Mongodb.
$ sudo apt –assume-yes install pritunl mongodb-server$ sudo systemctl start pritunl mongodb$ sudo systemctl enable pritunl mongodb
Your Pritunl server is up and running. We need to configure it before we can start using it. Pritunl’s admin page is protected by a self signed SSL certificate. Your browser will raise objection for the first time. Add as an exception and it should work fine from thereon.
You will be greeted by the following screen when you first launch Pritunl on browser.
You need a setup key here. To generate your setup key, run the following command.
$ sudo pritunl setup-key
Paste the key that is generated in the box and press Save. You will be greeted by the following screen.
Advertisement
As per the instruction given, run the following command to get your login credentials.
$ sudo pritunl default-password
Sign in to proceed to the Initial Setup screen. Enter the domain you have registered for your VPN site in the Lets Encrypt domain text field. If you want to change your password, you can enter a new password. You can also change your username here. Press Save to continue.
Go to the Users tab. To connect to the VPN, you would need to create an organization and a user. Click on Add Organization first. Once you have created that, Add a user to that organization by clicking on Add User.
It is time to create a server to which your users can connect. Go to the Servers tab and click on Add a Server.
Choose a name for your server. Select the Protocol as UDP and the Port as 10447 which we added earlier to our firewall. You can, of course, use whatever port you had added to your firewall.
If you want to control how many clients and how many devices can connect to your server, you can configure that by clicking the Advanced button. Here’s how it will look. Make sure Allow multiple devices is selected first.
Click Add to proceed.
The next step is to attach the server we just created to our Organization. Click Attach Organization to do that.
Once that is done, click on Start Server to start your VPN service.
You have completed the configuration of your Pritunl VPN server.
Connect to Pritunl
Since Pritunl is an OpenVPN based software you can use any OpenVPN compatible client to connect. Pritunl provides clients for Linux, macOS, and Windows. You can use any of them.
To connect via OpenVPN client, you will need the configuration file for it. Switch to the Users tab and click on the Download button.
You can extract the configuration file and import it into your OpenVPN client to connect. To confirm whether you are connected successfully via the VPN, one of the ways is to visit It will show your changed IP and location if your connection is successful.
There is one last thing to talk about before finishing the tutorial and that is about the command-line tool.
Pritunl VPN comes with a command-line tool that allows you to perform certain tasks like resetting the password, resetting SSL, resetting version in case of a downgrade, reconfiguring and repairing the database, viewing logs and changing properties.
To check which version of Pritunl you are running, use
$ sudo pritunl version
In case, Pritunl’s database becomes corrupted, you can repair it by running the following commands.
$ sudo systemctl stop pritunl$ sudo pritunl repair-database$ sudo systemctl start pritunl
In case you forget the login details of the web console, reset the credentials using the following commands.
$ sudo pritunl reset-password
By default, Pritunl runs on port 443. If you want to change it, use the following command.
$ sudo pritunl set rver_port 443
Change the number 443 with whatever port you want to choose. Pritunl also runs a web server on port 80 for Let’s Encrypt verification and redirecting HTTP requests to HTTPS. If you don’t want it to run, use the following command.
$ sudo pritunl set direct_server false
There is a lot more stuff you can do with the command line. Check the official docs for more.
That’s all to this tutorial. If you have any questions, ask in the comments below.
×
This feature is only available to subscribers. Get your subscription here.
Install and Configure Pritunl VPN server on Ubuntu 20.04
In our guide today, we are looking at how to install Pritunl VPN server on Ubuntu 20. 04. Pritunl VPN is an opensource VPN server and management system. It utilizes a graphical interface that is friendly and easy to use to the user. It is secure and provides a good alternative to the commercial VPN products. It has the ability to create a wide range of cloud vpn networks which can support over a thousands of users. Features of Pritunl VPNBelow are the most notable features of Pritunl VPN that makes it an option for many:Simple to install and configureSupports multi-cloud VPN peeringOffers upto five layers of authentication making it more pports Wireguard, giving clients theoption to connect with openvpn or WireguardQuickly and easily scale to thousands of users, having high availability in the cloud environment without the need for expensive proprietary hardwaresupports all OpenVPN clients with official clients for most devices and multi-cloud site-to-site links with VPC peering. VPC peering available for AWS, Google Cloud, Azure and Oracle terconnect AWS VPC networks across AWS regions and provide reliable remote access with automatic failover that can scale horizontallyPritunl is built on MongoDB, a reliable and scalable database that can be quickly deployedPritunl VPN Architecture ReviewPritunl VPN presents an distributed and scalable infrastructure that quickly and easily scale to thousands of users, having high availability in the cloud environment without the need for expensive proprietary hardware. It works on server-client architecture, where servers and users are configured on the VPN server and clients profiles are downloaded to be used on the itunl is built on MongoDB, a reliable and scalable database that can be quickly deployed. With built in support for replication a reliable database can be setup in minutes making a Pritunl cluster deployment fast and stalling Pritunl VPN server on Ubuntu 20. 04To install Pritunl VPN server on Ubuntu 20. 04, we are going to follow a number of steps as stated below:Step 1: Update your systemFirst update and upgrade your system before beginning installation by running the below commands:sudo apt-get update To install Pritunl VPN server on Ubuntu 20.04, we are going to follow a number of steps as stated below:Step 1: Update your system. … Step 2: Add Pritunl and MongoDB repositories and public keys. … Step 3: Install Pritunl and MongoDB. … Step 4: Configure Pritunl on Ubuntu 20.04. … Step 5: Configure Pritunl Client on Ubuntu 20.04.Dec 23, 2020 Pritunl supports the OpenVPN protocol so any OpenVPN compatible client will be able to connect to a Pritunl server. … There are several methods of downloading the clients configuration. The configuration can be directly downloaded from the web interface or a temporary link can be generated to give a user access to a key.Dec 18, 2014 If you are running server software, you will need to stop them because Pritunl requires both 80 and 443 ports to run. Make sure your system is upgraded.
sudo apt-get -y upgradeStep 2: Add Pritunl and MongoDB repositories and public keysNext, add Pritunl repository to your Ubuntu 20. 04 using the below “deb focal main” | sudo tee /etc/apt/ VPN is build from MongoDB. We will go ahead to also add Mongodb repository using the command below:echo “deb [ arch=amd64, arm64] focal/mongodb-org/4. 4 multiverse” | sudo tee /etc/apt/ add public keys for MongoDB and Pritunl -fsSL | sudo apt-key add –
sudo apt-key adv –keyserver hkp –recv 9DA31620334BD75D9DCB49F368818C72E52529D4
sudo apt updateStep 3: Install Pritunl and MongoDBInstall Pritunl and MongoDB on Ubuntu 20. 04 with the below commands:sudo apt –assume-yes install pritunl mongodb-serverNow start and enable Pritunl and MongoDB as below:sudo systemctl start pritunl mongodb
sudo systemctl enable pritunl mongodbStep 4: Configure Pritunl on Ubuntu 20. 04At this point, Pritunl VPN is installed and running. Access it from the browser using your server IP to configure it.
c76683c87efe4774887a9a223a2f1fd6Once you enter the setup-key and mongodb url, it will prompt you for username and default username and password are obtained with the below command:$ sudo pritunl default-password
[undefined][2020-11-15 18:01:55, 033][INFO] Getting default administrator password
Administrator default password:
username: “pritunl”
password: “xGupSTJtdiJ8″When you login with the provided credentials, you get a page as below:Set your new password and save and you should be taken to a page to configure organizations, users and add users, click on ‘Users’. This takes you to a window to first add on ‘Add organization’ then provide it a name then click ‘Add’ organization should now be added as belowClick on ‘Add user’ to create a user. Provide the required details and click ‘Add’ you want to add many users at once, click on ‘Bulk Add user’’s now create a Vpn server. Click on ‘servers’ then ‘Add server’Provide server particulars and click ‘Add’. You should see that the server has successfully been added as below:Remember to attach the server to an organization by clicking on ‘Attach organization’ and choosing your 5: Configure Pritunl Client on Ubuntu 20. 04We are now going configure Pritunl VPN client to connect to Pritunl server. For Ubuntu 20. 04, run the below commands to install Pritunl VPN tee /etc/apt/ << EOF
deb focal main
EOF
sudo apt-key adv --keyserver hkp --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get install pritunl-client-electronOnce client is installed, go back to the server to download user profile. Click on ‘Users’ select the particular user and click on the download icon to get the user profile. It should be similar to the below:Once you install Pritunl VPN client, you should be able to see Pritunl VPN client icon installed as part of your on it and import your profile in order to connect to the Pritunl VPN connect to the Pritunl VPN server from the terminal, we are going to use ‘nmcli’ command. Ensure that network manager is already installed on your Ubuntu 20. If not run the command below to install:sudo apt-get install network-manager network-manager-openvpn
# with Gnome Desktop environment, use:
sudo apt-get install network-manager-gnome network-manager-openvpn-gnomeNow run the below command to import openvpn profilesudo nmcli connection import type openvpn file
Connection 'Lorna_lorna_Pritunl-VPN' (17636314-1508-4828-9f95-65304af94660) successfully start using the profile, bring it up using:nmcli connection up Lorna_lorna_Pritunl-VPN. ovpnEnjoy using Pritunl VPN!! Check below more interesting Linux guides:Install and Configure OpenVPN Server on RHEL 8 / CentOS 8How to use nmcli to connect to OpenVPN Server on LinuxConnect to VPN Server with OpenConnect SSL VPN Client on LinuxThe necessity of Installing a VPN both on Computer and Smartphone.
Frequently Asked Questions about setup pritunl
How do I set up Pritunl?
How does Pritunl VPN Work?
What ports does Pritunl need?