What is Pritunl?
Pritunl is a self-hosted vpn server solution. You can create a cloud vpn with Pritunl and you can secure your network with it. The pritunl has simple web UI and bunch of features.
The article was prepared according to Ubuntu 22.04 server. You can find other installation alternatives for other OS at the bottom.
Prequirites
- 512 MB RAM
- 1 Core CPU
- 10 GB Disk Space
- Ubuntu 22.04
- Root access
Pritunl Installation on Ubuntu 22.04
Firstly, add pritunl repository.
sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb http://repo.pritunl.com/stable/apt jammy main
EOF
Then, import the signing key.
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
If the keyserver is offline, you can download it via curl and import it.
curl https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc | sudo apt-key add -
Add MongoDB repository.
sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list << EOF
deb https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse
EOF
Then, import the signing key for mongodb.
wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add -
Update the packages.
sudo apt update
sudo apt --assume-yes upgrade
Disable ufw.
sudo ufw disable
Install the printunl and the mongodb.
sudo apt -y install pritunl mongodb-org
Enable and start the both services.
sudo systemctl enable mongod pritunl
sudo systemctl start mongod pritunl
Setup Pritunl and configure
When services started, you can access pritunl web UI on your browser like this
https://YOURIP/
Database Setup
You should give setup key to pritunl for complete database setup. You can run this command to take it: sudo pritunl setup-key
After the database setup, you should access to pritunl web UI. Pritunl creates a default user and password while database setup. You can get default credentials via this command: sudo pritunl default-password
I suggest you should change your username and password after the login. I don’t suggest using pritunl username because of brute-force attack. Its a known username.
Create an Organization
You should create an organization. Navigate to Users link and then click Add Organization button. Give a name for organization. You will attach your vpn server later to this organization.
Create a Server
You should create a server. Navigate to Servers link and then click Add Server button. Give a name for your server. You can change default dns server if you wish. Also, you can change virtual network, udp port etc.
Attach Server to Organization
You should attach your server to organization. Navigate to Servers link and then click Attach Organization.
Start Server
You can start your server. Navigate to Servers link and then click Start Server button. If there isn’t an error, then you can add your first user.
Add User
Navigate Users link again and click Add Users button. Give a name for your vpn user and select an organization. Choose a pin with at least 8 numbers.
Download Your OpenVPN Profile
Navigate Users link again and click first permalink icon next to the user. You can download your profile ovpn file as a zip and extract it on your PC.
OpenVPN Client
- Download OpenVPN Client for Windows - it’s for Windows 10 and 11.
- Download OpenVPN Client for MacOS - it’s for macOS versions titled Catalina, Big Sur, Monterey, Ventura, Sonoma and Sequoia.
Security Notes
- Never use 0.0.0.0/0 on the routes. I suggest adding the network address you want to hide yourself from. No need to expose your VPN IP address to whole internet. May you wanna just use the VPN to accessing for your servers.
- Change your SSH port and use keys instead of password. Then, disable login via password.
- Maybe you can consider restrict web UI and SSH access via iptables except your IP address, if you’re using static IP address on your ISP.