In recent past we all have been forced to work from Home. This gets IT thinking on how to allow the business data connect safely and securely with WFH (working from home) staff. As we know Data is the primary building block for our business and it is very critical for any company.
For this there is lot of VPN solutions available, primarily like OpenVPN, Pritunl, Cisco VPN etc.
Here in this blog I want to discuss about installation of one of the Open source tool Pritunl.
Why Pritunl:
- Simple to install and configure
- Supports multi-cloud VPN peering
- Supports Wireguard, giving clients the option to connect with openvpn or Wireguard
- Quickly and easily scale to thousands of users, having high availability in the cloud environment without the need for expensive proprietary hardware
- Create multi-cloud site-to-site links with VPC peering. VPC peering available for AWS, Google Cloud, Azure and Oracle Cloud.
Pritunl is packaged for several Linux distributions. All available distributions can be found on the Repositories page. I would suggest you to first visit the repo and ensure the OS is supported.
Installing Pritunl VPN server on Ubuntu (Any Version):
Preparation
Before starting, it is recommended to update your system packages to the latest version. You can update all packages by running the following command:
| sudo apt-get update sudo apt-get -y upgrade |
Once all the packages are updated, install other required dependencies by running the following command:
| sudo apt-get install curl gnupg2 wget unzip -y |
Once all the packages are successfully installed you can proceed to next steps.
Installation of Pritunl:
Pritunl is not available in Ubuntu as the default repository, so you will need to add GPG Key and the repository to your system. Go to the Pritunl repo page and run the command based on the Ubuntu version you intend to use.
For eg: If using bionic
| sudo tee /etc/apt/sources.list.d/pritunl.list << EOF sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A sudo apt-get update |
Or if using focal
| sudo tee /etc/apt/sources.list.d/pritunl.list << EOF sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A |
Once you have completed the above steps, continue installing Pritunl
| sudo apt-get install pritunl -y |
Once the installation is finished, start the Pritunl service and enable it to start at system reboot with the following command:
sudo systemctl start pritunl
sudo systemctl enable pritunl
You can also verify the Pritunl listening port with the following command:
ss -antpl | grep pritunl
Once you are finished, you can proceed to the next step.
Installation of MongoDB:
Pritunl built on MongoDB so you will need to install the MongoDB server in your system. By default, MongoDB is not available in the Ubuntu default repository so you will need to add the MongoDB repository to your system.
The detail documentation for MongoDB on Ubuntu can be found here
First, download and add the MongoDB key with the following command:
sudo curl -fsSL https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add -
Next, add the MongoDB repository with the following command:
We can refer from the MongoDB documentation for that
For Eg: if using Bionic
sudo echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
Or if using Focal
sudo echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
Once the repository is added, update the repository and install the MongoDB server with the following command:
sudo apt-get update -y
sudo apt-get install mongodb-server -y
Once the installation is finished, start the MongoDB service and enable it to start at system reboot with the following command:
sudo systemctl start mongodb
sudo systemctl enable mongodb
Once you are finished, you can proceed to the next step.
Login Pritunl Web Interface
Now, open your web browser and access the Pritunl web installation wizard using the URL https://your-server-ip. You should see the following screen:
As shown in the screen, open your terminal connect(ssh) to the server and run the following command to generate a key:
sudo pritunl setup-key
You should get similar output:
Copy the key from the above output then go to the web interface, paste the key and click on the Save button. You will be redirected to the Pritunl Sign in page:
Now, open your terminal and run the following command to generate a password:
sudo pritunl default-password
You should get the following output:
Copy the username and password from the above output then go to the web interface, type your username, password and click on the Sign in button. You will be redirected to the initial setup screen:
Change your password or user if you wish then click on the Save button. You should see the following page.
Provide your Organization name and click on the Add button. You should see the following page:
Click on the Add User button. You should see the following page:
Provide your username, pin and click on the Add button. You should see the following page:
Now, click on the Servers tab. You should see the following page:
Click on the Add Server button. You should see the following page:
Provide your server name, port, DNS IP, Virtual network and click on the Add button. You should see the following page:
Click on the Attach Organization button to attach your Organization to the server. You should see the following page:
Click on the Attach button. You should see the following page:
Click on the Start Server button to start the VPN server. You should see the following page:
At this point, the Pritunl server is installed and configured. Now, you will need to install and configure the VPN client on the client machine.
For VPN client you may use OpenVPN or Pritunl Client. We are not discussing the client installation in this blog.
Next, you will need to open your VPN client application and connect to the VPN server.
Before starting, go to the Pritunl web interface, click on the Users tab and download the user profile on your client machine:
Click on the download button to download the user profile to the client machine.
Once the download is completed, extract the downloaded tar file, it will extract *.ovpn file. Now access the VPN client and import the .ovpn into the profile.Once Imported you should be able to connect to VPN.
Enjoy using Pritunl VPN!!
