Pritunl is an open source VPN server and management panel. It uses OpenVPN protocol to run the VPN server. It uses Let's Encrypt certificate to secure the VPN server and it's web user interface. Pritunl uses MongoDB to store its database. Pritunl is a very useful application as it uses the most popular open source VPN protocol which is OpenVPN.
Installing OpenVPN server is very complicated and needs expertise to install and configure. Pritunl automates the installation process and also provides a powerful web user interface to manage VPN servers, organisations and users.
In this tutorial we will learn how to install latest version of Pritunl server on CentOS 7.x server.
Pritunl does not require any special hardware to run but the performance and speed may vary according to your hardware specifications. You will need a VPS running CentOS 7.x with a static IP address. Additionally you will also need access to the
root user. If you are logged in as a non root user, run
sudo su to switch to
root account. You will also need a domain, so that you can point your server to that domain. Without a domain pointing at your server, you will not be able to issue Let's Encrypt SSL.
It is important that you point your domain name to your webserver using
A records in your domain control panel. Open your domain control panel, from where you have purchased the domain. Now configure the DNS for the domain to set up an
A type record. A typical
A record look like following.
Type Host Points to TTL A @ 220.127.116.11 3600
Atype records are used to point a domain name to an IPv4 address. Host defines the domain name which is being pointed.
@defines the hostname which is same as the zone name, zone name is typically the domain name itself. Next value is point to, or the destination, it is the IP address of your VPS. Finally TTL (Time to Live), it tells the DNS resolver about the expiry of the record.
3600denotes 1 hours.
Before installing any package, it is a good practice to update your system and repositories using the following command.
yum -y update
Once the system is updated you will need to create repositories to install MongoDB and Pritunl. In this tutorial we will be using the
nano editor to create the files and to add content in them. If you don't have
nano installed, you can run
yum -y install nano to install
nano editor, or you can also use any other editor of your choice. Create a new file using the following command.
Now add the following content in it.
[mongodb-org-3.2] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc
Now save the file and exit the editor. Create another repository using the following command.
And the the following content in it.
[pritunl] name=Pritunl Repository baseurl=http://repo.pritunl.com/stable/yum/centos/7/ gpgcheck=1 enabled=1
Now save the file and exit the editor.
You will also need to disable your SELinux module. Run the following command to edit your SELinux configuration file.
Find the following line in the file.
Change the value of
Now you will need to add EPEL repository to your system as Pritunl uses OpenVPN, and it is not available on default YUM repository. Use the following command for same.
yum -y install epel-release
Now add the key required to validate the installation using the following commands.
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys CF8E292A gpg --armor --export CF8E292A > key.tmp; rpm --import key.tmp; rm -f key.tmp
Finally install the softwares using the following command.
yum -y install pritunl mongodb-org
Now start MongoDB and Pritunl and configure them to start at boot time using the following command.
systemctl start mongod systemctl start pritunl systemctl enable mongod systemctl enable pritunl
Now you can access your Pritunl dashboard by going to following link. Make sure that you use
https, because Pritunl is configured to load on Port
443 which is secured http port and accessible using a secured connection only.
You will get a certificate error as Pritunl is installed using self signed certificate, you will stop getting this error once Let's Encrypt SSL will be installed on your server.
Proceed further by ignoring the certificate error, you will see following web page.
To proceed further you will need to enter the setup key, you can obtain the setup key by running the following command in terminal.
Copy the key and paste it into the web UI, do not change anything on MongoDB URI. Click on Save button to proceed further. Once the database has been written, you will get a login prompt to login into dashboard.
Use username pritunl and password pritunl for first time login. Once you are logged in you will get the initial setup dialogue.
Enter a new username, and password. Provide your public IP address, and Web console or Web UI port. This information will be automatically filled, no need to change unless required.
Finally enter your domain name, on which Let's Encrypt will generate a certificate.
Click Save button to proceed further, now let's encrypt will generate a SSL and will automatically attach it to the web console. You will be automatically redirected to Pritunl web console.
Before we can start a VPN server, we will need to create a VPN organisation first. To create an organisation, go to Users tab from the top menu bar, this will take you to User and Organisations interface. Now click on Add Organisation button at the top and Enter a name for organisation. While giving a name for your organisation, please avoid using blank spaces and special characters as they will be trimmed from the name of organisation.
Now click Add button to create the organisation. After adding organisation, you can add your VPN server. Go to Server tab and click on Add Server button.
While giving a name for your VPN server, please avoid using blank spaces and special characters as they will be trimmed from the name of VPN server. In DNS Server, you can use any DNS resolver you like, or you can simply use the Google's public DNS resolver which is
18.104.22.168. Choose a port on which you want to run your VPN server, also choose the protocol to use while connecting. You can also leave the prefilled settings as it is. Next choose a network on which your private VPN will be running. You can leave the setting as it is, if you have less than 253 user, if you have more than 253 users, you can change the network to
192.168.1.0/22 which will allow you to connect up to 1,000 users or you can also use
172.16.0.0/16 which will allow up to 65,000 user to connect to your network. Click Add button once done. You will see the details of the server.
After adding the server, you will need to attach an organisation to the server, click on Attach Organisation button. You will see the name of server and name of organisation. Click save button to attach the organisation to the server.
After attachment of organisation and server, you can start the server by clicking the green Start Server button. This will start your server and you will see the log messages in Server Output screen.
After running the VPN server, you can add users to your VPN server. To add user to the VPN server go to users tab and click on Add User button.
You will see following prompt.
Enter the name of the user, make sure that you do not put a space or special characters, as this is going to be the username of the user and will be required during connecting the VPN server. Select the organisation and provide an email. Enter the PIN, this will be the password required during connecting the VPN server. Click Add button and user will be added to the organisation as well as with server. You can also add multiple users at a time. Click on Bulk Add Users button from top and you will see following prompt.
Enter the list of username and email (Optional) of the user, separated by a comma, one user in each line. Select the organisation on which you want to add the users and finally click Add button.
Once the users are created, you can view the list of users in Users tab.
You can download the profile through here by clicking on the Download icon next to the user. You will get a compressed archive in which you will have an OpenVPN client config file. Or you can also click on the Link icon next to the name of user, on which you will get the temporary links to the user profile, which can be sent to the user.
For the users created in bulk who do not have PIN setup, they will need to set their PIN using the profile page. A typical profile page for a user created in bulk is shown here.
User can download the OpenVPN settings in either tar archive or in zip archive. Users can also change their PIN through there.
So now we have our VPN server up and running also we have a user created. We have also downloaded the user profile. Now we can connect the user to the VPN server.
Connecting to Pritunl Server on Windows
Pritunl Server is based on OpenVPN protocol, hence a client can connect to server using various platform. Some of them are on Microsoft Windows both OpenVPN client and Pritunl client, almost all Linux based distributions, using both OpenVPN client and Pritunl client, On Mac OS X both OpenVPN client and Pritunl client. You can also connect your android and IPhone using OpenVPN client.
Using OpenVPN Client
Download OpenVPN client to your computer by going to this link. Once downloaded, install the software on your computer.
Now extract the User Profile archive you obtained from server, you will get a file with
.ovpn extension. Right click on that file and you will see an option saying Start OpenVPN on this Config File.
Click on the option and you will see a prompt to enter the Auth username and Password, enter the same username and PIN which we have created during signup. If the credentials are correct you will be directly connected to the private network.
You can verify this by opening a command prompt and entering the following command.
Scroll down and you will see an interface with a description TAP Windows Adapter V9 and you will find the address of your private network.
Using Pritunl Client
You can download Pritunl Client using this link. Once installed you can directly import the profile configuration files or Pritunl profile links to the client.
In this tutorial we have learned to easily install Pritunl on CentOS 7.x. Pritunl provided automation in installing, configuring and running OpenVPN server. You can now easily deploy a VPN server and use it for various applications.