What Is Pritunl?
Pritunl is an enterprise distributed OpenVPN server. It is excellent for simple VPN setups and further up to much more complicated setups. It could be compared to OpenVPN’s own access server. It works so well that we use it ourselves here at Impact VPS.
How Much Does It Cost?
Pritunl comes with a few different options. The basic software itself is free, though if you want some more of its advanced features you have to pay. One big plus for Pritunl is that the software is open source on github. For most people, the free plan is more than enough.
Adding Software Repos
Before we can start installing the software, we need to add the repos so Debian can find it.
Create a file for the mongodb repo:
And then paste in the following text:
deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main
Once you do that close and save the file with:
ctrl + o and then
ctrl + x.
Next we need to add one more repo for Pritunl itself:
And paste in:
deb http://repo.pritunl.com/stable/apt jessie main
Close and save the file once again.
Adding Trusted Keys
Now we need to add the keys to our system for those repos. Run the commands:
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10 apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A
Installing The Software
Once all of that has been done we can finally begin to install the software. Run the commands:
apt-get update apt-get install pritunl mongodb-org
Then start it up.
systemctl start mongod pritunl systemctl enable mongod pritunl
Increase Open Files Limit
Sometimes when servers have high loads they can run into connection issues with Pritunl. Running these commands will increase the number of allowed open files to hopefully prevent such issues.
sudo sh -c 'echo "* hard nofile 64000" >> /etc/security/limits.conf' sudo sh -c 'echo "* soft nofile 64000" >> /etc/security/limits.conf' sudo sh -c 'echo "root hard nofile 64000" >> /etc/security/limits.conf' sudo sh -c 'echo "root soft nofile 64000" >> /etc/security/limits.conf'
Next we need to setup Pritunl to use the mongodb that we setup earlier. Go to the url: https://<yourserverip>. You will see a page that looks similar to:
It will ask for both the mongodb uri and the setup key. To get the setup key, run the command:
on the command line and paste it into the textbox. The Monogodb uri should automatically be filled out for a local mongo instance.
Once you click save to save the database information you will be presented with a login screen. The default username and password are both:
Once you successfully login you will be presented with an initial setup page to change a few settings. The only main setting you should have to change is the username and password. Please change this to something secure. If you are using a domain or subdomain for this VPN server you can also set what the domain is that is being used for the setup so the system can automatically configure a Let’s Encrypt SSL certificate.
Before you can connect to your new VPN server you first need to add an organization, users and a server. To add an organization click on the “Add organization” on the organizations page in the web console.
And then give the organization a name
Then once you add that you need to add a user that you will be connecting as. Click on the “Add User” button.
Then give the user a name and select the organization they are supposed to be a part of. Email and pin are both optional.
Create A Server
Once you have the users setup, you need to create a server to connect to. Go to the Servers tab and click on the “add server” button.
Once the popup comes up give the server a name and click on the advanced section in the top right. Then check the “allow multiple devices” box to allow you to connect from multiple devices for the same user at the same time. Once done click add.
Once you have created the server you need to attach the organization you created earlier to the server you just made.
Once you click the “attach organization” button a popup will come up for you to select the organization you created earlier and the server you just made.
Once you do that click on the “start server” button to start the server to be available for user connections.
Picking A Client
Now that you have configured the server and setup your users, you need to setup your client to use the VPN server. Pritunl supports any VPN client that supports OpenVPN.
If you just want a basic client to connect to your server and do not have one already, Pritunl provides a free on that can be used on Linux, Mac OS X and Windows. It can be found here: http://client.pritunl.com/.
My personal recommendation for the client that I use is Viscosity. It is not free, but is $9 and supports both Mac OS X and Windows.
Downloading User Profile
Once you have picked your client you need to download your connection profile for your user. Find your user in the users list and click on the get temporary download links button. It is right to the left of the “download profile” button.
Once you click the button you will be given a popup with a bunch of different links. The only difference between the links is the format of the file and if the link is temporary (good for giving out profile access to someone securely).
It is also possible to import the profile directly into the Pritunl provided client using one of the URLs.
Importing Profile Into Client
Now that you have downloaded your user profile, you need to important that profile into your client. Because there are so many clients, it is impossible to show how to do it on all of them. For the purposes of this guide, I will show you have to do it on the Pritunl provided client.
Launch up the client and select the “import profile URI” button. Then take the temporary link that is labeled as being for the Pritunl client and paste the url in the box that shows up. Click import and your client is now setup.
To connect to the VPN you setup just click on the 3 white bars to the right of the VPN listing and click on the connect button.
You now have your own private VPN setup on Debian 8. If you go to google and lookup what your ip is, it should now show that your computer’s IP is the same as your servers.
This work is licensed under a Creative Commons Attribution 4.0 International License.