VPN Tool with OpenVPN Support


External MongoDB Server

  1. Visit
  2. Register for an account.
  3. Create a new 500MB free server on either Azure, AWS, or Google networks.
  4. Add a user and password to the database.
  5. Get the mlab uri: mongodb://(username):(password)@(mlaburl):(port)/(databasename)

Package Repositories

  • Add Pritunl and MongoDB sources to apt-get files:

Note: Pritunl with a (free) external MongoDB does not need a local mongoDB installation, but will suffer from lower reliability and possibly speed. If this is acceptable, do not add the MongoDB source and key (the latter of sources and keys) listed below.

sudo nano /etc/apt/sources.list.d/pritunl.list deb trusty main

sudo nano /etc/apt/sources.list.d/mongodb-org-3.0.list
     deb trusty/mongodb-org/3.0 multiverse
  • Add public keys for the repositories:
apt-key adv --keyserver hkp:// --recv CF8E292A

apt-key adv --keyserver hkp:// --recv 7F0CEB10
  • Reload sources: sudo apt-get update

Installation and Configuration

  • Install and start pritunl:
sudo apt-get install pritunl mongodb-org sudo service pritunl start
  • Backup pritunl config: sudo cp /etc/pritunl.conf /etc/pritunl.conf.backup
  • Change pritunl default port:
pritunl set app.server_port (desiredportnumber)

sudo nano /etc/pritunl.conf     "port": (desiredportnumber), Ctrl+X
  • Restart pritunl: sudo service pritunl restart
  • Get pritunl setup key: sudo pritunl setup-key
  • Navigate to pritunl webservice: https://(domain):/(specifiedport)
  • Enter setup key and mlab MongoDB uri.
  • Continue to setup through the web console.


Webserver Compatibility

  1. Disable web server on port 80 (disables Let’s Encrypt certificates): pritunl set app.redirect_server false
  2. Change web console server port: pritunl set app.server_port (desiredportnumber)


Setting up the VPN

  1. Login to the Pritunl web console (default user:pass is pritunl:pritunl) at https://(domain):(port)/setup
  2. Change username and password
  3. Add organization at https://(domain):(port)/#/users
  4. Add users and PIN at https://(domain):(port)/#/users
  5. Add server at https://(domain):(port)/#/servers
  6. Attach organization/users to server


PritUNL Clients

PritUNL-based (OpenVPN + PritUNL features)

Mac + Linux + Windows


sudo add-apt-repository -y ppa:pritunl
sudo apt-get update
sudo apt-get install pritunl-client


yaourt -S pritunl-client

OpenVPN-based (no PritUNL features)

Linux + Windows + iOS + Android


Connecting Users

Got to the Pritunl web admin page https://(domain):(port)/#/users

  1. Method 1: Click on the chain icon to get a 24-hour download link for use directly with a vpn client.
  2. Method 2: Click on the arrow icon to get a .tar file for a vpn client.



Note: this will likely disable any other web servers on port 80 and 443 for a specific (sub)domain.

  1. Configure and create an SSL certificate (or use Let’s Encrypt functions built into Pritunl)
  2. Set server to “allow reverse proxy” and set server port as 443 at https://(domain):(port)/#/servers
  3. Set the domain at Cloudflare DNS
  4. Change Cloudflare settings:

Set Strict SSL on Crypto page
Disable browser integrity checking on Web Application Firewall page



If things are not working, do the following:

  • Check the pritunl logs:
sudo nano /var/logs/pritunl.log
  • Check that MongoDB is using small files on a local installation:
sudo nano /etc/mongod.conf 

      smallFiles: true

service mongod restart
  • Manually run pritunl to see verbose information:
sudo service pritunl stop
sudo pritunl

sudo killall pritunl
  • Open firewalled ports (with UFW):
sudo ufw enabled
sudo ufw allow http
sudo ufw allow https
sudo ufw allow (desiredportnumber or 9700 for default)/udp
sudo ufw enabled
sudo ufw reload

Resetting options:

sudo service pritunl stop

sudo pritunl version
sudo pritunl reset-password (administrator login reverts to default of pritunl/pritunl)
sudo pritunl reset-version (to downgrade pritunl version)
sudo pritunl reset-ssl-cert (fix custom certificate configurations)
sudo pritunl reconfigure (change mongo-db uri and start setup again)


OpenVPN Client and Certificates

Running OpenVPN on Linux

openvpn --config /PATH.TO.OVPN.FILE/NAME.ovpn

Extracting keys from an ovpn file

Extracting keys allows you to configure openvpn in a config file. Alternatively, run openvpn as a command as above.

  1. Open an .ovpn file.
  2. Info from between these tags go into:
    <ca>: ca.crt
    <cert>: client.crt
    <key>: client.key
    <tls-auth>: ta.key


Raspberry Pi

PritUNL does not run on a raspberry pi. Use OpenVPN insteadl.

Set up OpenVPN using the instructions here (1, 2, 3), or use the openvpn command tool above.



References: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14