PritUNL
VPN Tool with OpenVPN Support
Installation
External MongoDB Server
- Visit mlab.com.
- Register for an account.
- Create a new 500MB free server on either Azure, AWS, or Google networks.
- Add a user and password to the database.
- Get the mlab uri: mongodb://(username):(password)@(mlaburl):(port)/(databasename)
Package Repositories
- Add Pritunl and MongoDB sources to apt-get files:
Note: Pritunl with a (free) external MongoDB does not need a local mongoDB installation, but will suffer from lower reliability and possibly speed. If this is acceptable, do not add the MongoDB source and key (the latter of sources and keys) listed below.
sudo nano /etc/apt/sources.list.d/pritunl.list
deb http://repo.pritunl.com/stable/apt trusty main Ctrl+X sudo nano /etc/apt/sources.list.d/mongodb-org-3.0.list deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse Ctrl+X
- Add public keys for the repositories:
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10
- Reload sources:
sudo apt-get update
Installation and Configuration
- Install and start pritunl:
sudo apt-get install pritunl mongodb-org
sudo service pritunl start
- Backup pritunl config:
sudo cp /etc/pritunl.conf /etc/pritunl.conf.backup
- Change pritunl default port:
pritunl set app.server_port (desiredportnumber) sudo nano /etc/pritunl.conf
"port": (desiredportnumber),
Ctrl+X
- Restart pritunl:
sudo service pritunl restart
- Get pritunl setup key:
sudo pritunl setup-key
- Navigate to pritunl webservice:
https://(domain):/(specifiedport)
- Enter setup key and mlab MongoDB uri.
- Continue to setup through the web console.
Webserver Compatibility
- Disable web server on port 80 (disables Let’s Encrypt certificates):
pritunl set app.redirect_server false
- Change web console server port:
pritunl set app.server_port (desiredportnumber)
Setting up the VPN
- Login to the Pritunl web console (default user:pass is pritunl:pritunl) at https://(domain):(port)/setup
- Change username and password
- Add organization at https://(domain):(port)/#/users
- Add users and PIN at https://(domain):(port)/#/users
- Add server at https://(domain):(port)/#/servers
- Attach organization/users to server
PritUNL Clients
PritUNL-based (OpenVPN + PritUNL features)
Ubuntu
sudo add-apt-repository -y ppa:pritunl sudo apt-get update sudo apt-get install pritunl-client
Arch
yaourt -S pritunl-client
OpenVPN-based (no PritUNL features)
Linux + Windows + iOS + Android
Connecting Users
Got to the Pritunl web admin page https://(domain):(port)/#/users
- Method 1: Click on the chain icon to get a 24-hour download link for use directly with a vpn client.
- Method 2: Click on the arrow icon to get a .tar file for a vpn client.
Cloudflare
Note: this will likely disable any other web servers on port 80 and 443 for a specific (sub)domain.
- Configure and create an SSL certificate (or use Let’s Encrypt functions built into Pritunl)
- Set server to “allow reverse proxy” and set server port as 443 at https://(domain):(port)/#/servers
- Set the domain at Cloudflare DNS
- Change Cloudflare settings:
Set Strict SSL on Crypto page
Disable browser integrity checking on Web Application Firewall page
Troubleshooting
If things are not working, do the following:
- Check the pritunl logs:
sudo nano /var/logs/pritunl.log
- Check that MongoDB is using small files on a local installation:
sudo nano /etc/mongod.conf storage: mmapv1: smallFiles: true Ctrl+X service mongod restart
- Manually run pritunl to see verbose information:
sudo service pritunl stop sudo pritunl sudo killall pritunl
- Open firewalled ports (with UFW):
sudo ufw enabled sudo ufw allow http sudo ufw allow https sudo ufw allow (desiredportnumber or 9700 for default)/udp sudo ufw enabled sudo ufw reload
Resetting options:
sudo service pritunl stop sudo pritunl version sudo pritunl reset-password (administrator login reverts to default of pritunl/pritunl) sudo pritunl reset-version (to downgrade pritunl version) sudo pritunl reset-ssl-cert (fix custom certificate configurations) sudo pritunl reconfigure (change mongo-db uri and start setup again)
OpenVPN Client and Certificates
Running OpenVPN on Linux
openvpn --config /PATH.TO.OVPN.FILE/NAME.ovpn
Extracting keys from an ovpn file
Extracting keys allows you to configure openvpn in a config file. Alternatively, run openvpn as a command as above.
- Open an .ovpn file.
- Info from between these tags go into:
<ca>: ca.crt
<cert>: client.crt
<key>: client.key
<tls-auth>: ta.key
Raspberry Pi
PritUNL does not run on a raspberry pi. Use OpenVPN insteadl.
Set up OpenVPN using the instructions here (1, 2, 3), or use the openvpn command tool above.
References: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14