In today’s article we shall look at the steps required to install and configure Pritunl VPN on Debian 11 / Debian 10 / Proxmox VE. Pritunl VPN is an opensource VPN server that you can adopt as an alternative to Aviatrix and Pulse Secure solutions. In Pritunl all configurations are done from a web interface which makes it easy to manage irregardless of the size of an organization or complexity of where it’s deployed. Security is a top priority in Pritunl solution, all traffic between clients and the server is encrypted. You can optionally enable two-step authentication using Google Authenticator.
Here are some notable features of Pritunl VPN;
- It has support for multi-cloud VPN peering
- It is simple to install, configure and manage
- You can configure upto five layers of authentication giving it better security.
- Wireguard and OpenVPN clients are supported
- Highly scalable for upto thousands of users – both in Cloud and On-prem infrastructures
- Can be configured for multi-cloud site-to-site links with VPC peering. VPC peering is available for Google Cloud, AWS, Azure and Oracle Cloud.
- Interconnect AWS VPC networks across AWS regions and provide reliable remote access with automatic failover that can scale horizontally
Architecture of Pritunl VPN
Pritunl VPN presents a distributed and scalable infrastructure that can be easily scaled to thousands of users. MongoDB clusters can be deployed in HA setup to guarantee availability of VPN system in your environment. Pritunl works on client-server architecture, where user profiles are downloaded on clients, while servers and users are configured on the VPN server.
Pritunl is built on MongoDB – a highly scalable, and reliable NoSQL database solution. MongoDB has support for replication that can be done in minutes making a Pritunl cluster deployment fast and easy.
Setup Pritunl VPN on Debian 11 / Debian 10 / Proxmox VE
In this section we’ll discuss the installation and configurations of Pritunl VPN server on Debian 11 / Debian 10 / Proxmox VE. We recommend you perform this installation on a fresh installation of Debian Linux. Also ensure you access the server as user with sudo privs or as root user.
Step 1: Update Debian system
Login to your Debian machine and perform an update and optionally upgrade all packages on the system.
sudo apt update && sudo apt -y full-upgrade
After updates are committed, check if a reboot is required on the system.
[ -f /var/run/reboot-required ] && sudo reboot -f
Step 2: Add MongoDB and Pritunl repositories
Install basic utility packages required for this operation:
sudo apt update sudo apt install gpg curl gnupg2 software-properties-common apt-transport-https lsb-release ca-certificates
Import MongoDB APT repository keys to your system.
curl -fsSL https://www.mongodb.org/static/pgp/server-5.0.asc|sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/mongodb-5.gpg
Import Pritunl VPN GPG keys:
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7AE645C0CF8E292A Executing: /tmp/apt-key-gpghome.6ZjhVSgCdC/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com --recv 7AE645C0CF8E292A gpg: key 7AE645C0CF8E292A: public key "Pritunl <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1
Add Pritunl repository:
echo "deb http://repo.pritunl.com/stable/apt $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/pritunl.list
Add Mongodb repository by running the commands below:
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
Step 3: Install Pritunl and MongoDB
With both repositories added and confirmed to be working let’s proceed to install
sudo apt update sudo apt install mongodb-org pritunl
Now start and enable Pritunl and MongoDB as below:
sudo systemctl start pritunl mongod sudo systemctl enable pritunl mongod
Step 4: Configure Pritunl VPN Server
Our Pritunl VPN server is now installed and running. Next we access its web console on a web browser server’s IP to configure it. http://<your_server_ip>.
You’ll need Setup Key to proceed. Run the command
setup-key to generate it:
$ sudo pritunl setup-key c76683c87efe4774887a9a223a2f1fd6
Once you enter the setup-key and mongodb url, it will prompt you for username and password.
The default username and password are obtained with the below command:
$ sudo pritunl default-password [undefined][2022-06-28 15:13:50,043][INFO] Getting default administrator password Administrator default password: username: "pritunl" password: "vzjTDicF92Ol"
You’ll land on a page like below where you can change admin user and password, set domain and Let’s Encrypt SSL.
Next configure organizations, users and servers.
VPN users are added by clicking on ‘Users’. Users are mapped to server in an organization.
To create a new organization click on ‘Add organization’ then specify a name and ‘Add’.
Create a VPN server by clicking on ‘servers’ then ‘Add server’
Provide server information required then click ‘Add’.
Finally attach the server to an organization by clicking on ‘Attach organization’ and choosing your organization.
Click on ‘Add user’ to create a user profile on your VPN server.
To add many users at once use the ‘Bulk Add user’ function on the web interface.
Step 5: Configure Pritunl Clients
Visit the Pritunl VPN clients page and choose one for your Workstation to download and install.
Once VPN client has been installed, login to Pritunl VPN server to download user profile. Click on ‘Users’ select the particular user and click on the download icon to get the user profile.
Launch your Pritunl VPN client, then choose “Import Profile”
Locate user’s profile .tar file downloaded and import it, then you’ll be able to connect to Pritunl VPN server.