Pritunl Vpn Client Download
Install and Configure Pritunl VPN server on Ubuntu 20.04
In our guide today, we are looking at how to install Pritunl VPN server on Ubuntu 20. 04. Pritunl VPN is an opensource VPN server and management system. It utilizes a graphical interface that is friendly and easy to use to the user. It is secure and provides a good alternative to the commercial VPN products. It has the ability to create a wide range of cloud vpn networks which can support over a thousands of users. Features of Pritunl VPNBelow are the most notable features of Pritunl VPN that makes it an option for many:Simple to install and configureSupports multi-cloud VPN peeringOffers upto five layers of authentication making it more pports Wireguard, giving clients theoption to connect with openvpn or WireguardQuickly and easily scale to thousands of users, having high availability in the cloud environment without the need for expensive proprietary hardwaresupports all OpenVPN clients with official clients for most devices and multi-cloud site-to-site links with VPC peering. VPC peering available for AWS, Google Cloud, Azure and Oracle terconnect AWS VPC networks across AWS regions and provide reliable remote access with automatic failover that can scale horizontallyPritunl is built on MongoDB, a reliable and scalable database that can be quickly deployedPritunl VPN Architecture ReviewPritunl VPN presents an distributed and scalable infrastructure that quickly and easily scale to thousands of users, having high availability in the cloud environment without the need for expensive proprietary hardware. It works on server-client architecture, where servers and users are configured on the VPN server and clients profiles are downloaded to be used on the itunl is built on MongoDB, a reliable and scalable database that can be quickly deployed. With built in support for replication a reliable database can be setup in minutes making a Pritunl cluster deployment fast and stalling Pritunl VPN server on Ubuntu 20. 04To install Pritunl VPN server on Ubuntu 20. 04, we are going to follow a number of steps as stated below:Step 1: Update your systemFirst update and upgrade your system before beginning installation by running the below commands:sudo apt-get update
sudo apt-get -y upgradeStep 2: Add Pritunl and MongoDB repositories and public keysNext, add Pritunl repository to your Ubuntu 20. 04 using the below “deb focal main” | sudo tee /etc/apt/ VPN is build from MongoDB. We will go ahead to also add Mongodb repository using the command below:echo “deb [ arch=amd64, arm64] focal/mongodb-org/4. 4 multiverse” | sudo tee /etc/apt/ add public keys for MongoDB and Pritunl -fsSL | sudo apt-key add –
sudo apt-key adv –keyserver hkp –recv 9DA31620334BD75D9DCB49F368818C72E52529D4
sudo apt updateStep 3: Install Pritunl and MongoDBInstall Pritunl and MongoDB on Ubuntu 20. 04 with the below commands:sudo apt –assume-yes install pritunl mongodb-serverNow start and enable Pritunl and MongoDB as below:sudo systemctl start pritunl mongodb
sudo systemctl enable pritunl mongodbStep 4: Configure Pritunl on Ubuntu 20. 04At this point, Pritunl VPN is installed and running. Access it from the browser using your server IP to configure it.
c76683c87efe4774887a9a223a2f1fd6Once you enter the setup-key and mongodb url, it will prompt you for username and default username and password are obtained with the below command:$ sudo pritunl default-password
[undefined][2020-11-15 18:01:55, 033][INFO] Getting default administrator password
Administrator default password:
username: “pritunl”
password: “xGupSTJtdiJ8″When you login with the provided credentials, you get a page as below:Set your new password and save and you should be taken to a page to configure organizations, users and add users, click on ‘Users’. This takes you to a window to first add on ‘Add organization’ then provide it a name then click ‘Add’ organization should now be added as belowClick on ‘Add user’ to create a user. Provide the required details and click ‘Add’ you want to add many users at once, click on ‘Bulk Add user’’s now create a Vpn server. Click on ‘servers’ then ‘Add server’Provide server particulars and click ‘Add’. You should see that the server has successfully been added as below:Remember to attach the server to an organization by clicking on ‘Attach organization’ and choosing your 5: Configure Pritunl Client on Ubuntu 20. 04We are now going configure Pritunl VPN client to connect to Pritunl server. For Ubuntu 20. 04, run the below commands to install Pritunl VPN tee /etc/apt/ << EOF
deb focal main
EOF
sudo apt-key adv --keyserver hkp --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get install pritunl-client-electronOnce client is installed, go back to the server to download user profile. Click on ‘Users’ select the particular user and click on the download icon to get the user profile. It should be similar to the below:Once you install Pritunl VPN client, you should be able to see Pritunl VPN client icon installed as part of your on it and import your profile in order to connect to the Pritunl VPN connect to the Pritunl VPN server from the terminal, we are going to use ‘nmcli’ command. Ensure that network manager is already installed on your Ubuntu 20. If not run the command below to install:sudo apt-get install network-manager network-manager-openvpn
# with Gnome Desktop environment, use:
sudo apt-get install network-manager-gnome network-manager-openvpn-gnomeNow run the below command to import openvpn profilesudo nmcli connection import type openvpn file
Connection 'Lorna_lorna_Pritunl-VPN' (17636314-1508-4828-9f95-65304af94660) successfully start using the profile, bring it up using:nmcli connection up Lorna_lorna_Pritunl-VPN. ovpnEnjoy using Pritunl VPN!! Check below more interesting Linux guides:Install and Configure OpenVPN Server on RHEL 8 / CentOS 8How to use nmcli to connect to OpenVPN Server on LinuxConnect to VPN Server with OpenConnect SSL VPN Client on LinuxThe necessity of Installing a VPN both on Computer and Smartphone.
From OpenVPN to Pritunl VPN: The transition – Mattermost
Usually, organizations use an internal network to prevent unauthorized people from connecting to their private network. By using their own network infrastructure and connectivity, they can maintain their desirable level of security for their data.
But it would be convenient for users to connect to that private network while they are away from the office through their own internet connection. To solve that problem, a virtual private network (VPN) is used to allow authorized remote access to an organization’s private network.
Working in a fully remote company like Mattermost creates the need for employees to use a VPN connection in order to be able to access internal private infrastructure and resources. A vast majority of companies use OpenVPN as a solution to host those VPN connections on their own servers.
OpenVPN is a widely used software and protocol which was also our selection to be used as a quick and reliable solution to access our internal infrastructure. After using it a while, we needed a better solution in terms of:
High availability (HA)AuditingSupporting better access control (e. g., only SREs can access production servers and only developers can access development accounts)Working with SSO, particularly OneLogin
After some investigation, we ended up with Pritunl because:
It’s built on the OpenVPN protocolIt’s open sourceThe Pritunl client can be installed on any platformIts pricing is reasonable for our scaleIt hides the complete configuration (user and server management) overhead behind the scenes of the web interface
Pritunl infrastructure
To deploy Pritunl in our infrastructure, we used Terraform. The module we wrote can be found here as an example for how to deploy Pritunl. The infrastructure consists of:
One Route 53 recordOne network load balancerTwo AutoScaling Groups (ASGs)One MongoDB Atlas
Why two Auto Scaling groups?
The selection of two ASGs with one instance has been done due to the necessity of having the same Elastic Network Interface (ENI), which results on having the same private and public IPs. This is useful when whitelisting those IPs into the Security Groups that Pritunl-VPN needs to access internally, such as our internal GitLab instance.
This can be achieved by attaching those ENIs as a secondary network interfaces on the instance, as outlined in the appendix below.
You can manually create two ENIs (we selected the sixth address of each subnet 10. 0. 6 and 10. 16. 6) and attach public IPs to them. Then you can provide the list of the ENI IDs with the variable (list) fixed_eni on Terraform.
MongoDB Atlas
Initially, we checked the AWS DocumentDB solution. But it was quite expensive, as it starts at $0. 28/hr for one instance. Next, we deployed two instances and installed and configured a MongoDB cluster, but maintaining and making sure that HA worked effectively was a big overhead.
Thus, we selected to use MongoDB Atlas as it is cheaper (starts from the free tier) and easier to set up. After the creation of the MongoDB Atlas, we added Pritunl’s public IPs on the whitelist of the Atlas cluster and we connected to the Atlas cluster locally to create a new database in it called pritunl (guide on how to connect). Also check Pritunl documentation for MongoDB Atlas.
To set up the MongoDB URI (mongodb+srvpritunl:[email protected]/pritunl) use the variable (string) mongodb_uri on Terraform.
Network Load Balancer
The Network Load Balancer (NLB), which is in front of the instances, has five listeners as shown below. There are three listeners for VPN (on ports 1194, 1195, 1196) that can be used for the servers inside the Pritunl. Currently, we are using only port 1194, so the rest are for future usage.
Pritunl configuration
Pritunl is installed via the userdata. As the instances do not store any configuration items except the MongoDB URI, each instance needs to connect to the MongoDB to obtain the required configuration and then the instance joins the Pritunl cluster.
Initial setup
As per Pritunl documentation:
SSH into one of the Pritunl instances by using Session sudo pritunl default-password to get the default username and vigate to the Pritunl log in page and use the credentials from the previous a user pritunl and add a new password.
Organization and server setup
Navigate to Users and create a new organization, e. g., devs_orgNavigate to Servers and create a new server:Name: devs_serverPort: 1194 (or any other port that you have setup for VPN access, check NLB)DNS Server: 10. 2, 8. 8. 8 where 10. 2 is the DNS resolution of the subnet. The second IP of each subnet is used for DNS resolution and our VPC where Pritunl is running has peering with all the other VPCs, so it is able to resolve all the names inside our your the 0. 0/0 route from the Attach Organization to attach devs_org with Attach host to attach the two hosts (instances) Add Route (ensure that the server points to devs_server)’ll need to add the DNS resolution as we have set it up above on the DNS Server:10. 2/32 DNS resolutionYou’ll need to add all the routes that this server will need to access (e. g., other VPCs) (add routes and each comment for clarity) e. g. :10. 0/16 prod VPC10. 0/16 staging VPCWherever else you want the Pritunl/VPN to have the server with Start Server button
Enabling OneLogin
To enable Onelogin, Pritunl Enterprise (with subscription) is needed. Otherwise, the configuration won’t display in the Settings. Then, you will need to set up a new app inside OneLogin (admin access is needed) and you will need to paste that information inside Pritunl:
Single Sign-On: OneLoginOneLogin App ID: 1234567SAML Sign-On URL: Issuer URL: API Client ID, OneLogin API Client Secret, and the SAML Certificate.
Appendix
Attach second ENI
Below is the Bash script to attach a second ENI for Ubuntu 18. 04 as per AWS documentation.
That script can be used widely for other purposes, as well.
# —– Add fixed Network Interface —–
printf “n### Installing AWS CLI ###n”
apt install awscli -y
printf “n### Attaching ENI to instance ###n”
INSTANCEID=$(curl)
MACS=$(curl | head -n1)
SUBNETID=$(curl “MACS/subnet-id”)
NETWORKINTERFACEID=$(aws ec2 describe-network-interfaces –filters Name=tag:OnlyFor, Values=pritunl Name=status, Values=available Name=subnet-id, Values=$SUBNETID –query ‘NetworkInterfaces[0]. NetworkInterfaceId’ –region us-east-1 –output text)
NETWORKINTERFACEIP=$(aws ec2 describe-network-interfaces –network-interface-ids $NETWORKINTERFACEID –region us-east-1 –query ‘NetworkInterfaces[]. [PrivateIpAddress]’ –output text)
aws ec2 attach-network-interface –network-interface-id $NETWORKINTERFACEID –instance-id $INSTANCEID –device-index 1 –region us-east-1
printf “n### Configuring instance to use secondary ENI ###n”
SUFFIXDEFAULTIP=$(echo $NETWORKINTERFACEIP | sed ‘s/. [^. ]*$//’)
cat <
network:
version: 2
renderer: networkd
ethernets:
eth1:
addresses:
– $NETWORKINTERFACEIP/20
dhcp4: no
routes:
– to: 0. 0/0
via: $SUFFIXDEFAULTIP. 1 # Default gateway
table: 1000
– to: $NETWORKINTERFACEIP
via: 0. 0
scope: link
routing-policy:
– from: $NETWORKINTERFACEIP
EOF
netplan –debug apply
Pritunl API sample
In order to invoke the Pritunl API, we had to make some changes on the Python code that exists here as below:
import requests, time, uuid, hmac, hashlib, base64
BASE_URL = ‘localhost’
API_TOKEN = ‘p7g444S3IZ5wmFvmzWmx14qACXdzQ25b’
API_SECRET = ‘OpS9fjxkPI3DclkdKDDr6mqYVd0DJh4i’
def auth_request(method, path, headers=None, data=None):
auth_timestamp = str(int(()))
auth_nonce = uuid. uuid4()
auth_string = ‘&'([API_TOKEN, auth_timestamp, auth_nonce,
(), path])
auth_string_bytes = bytes(auth_string, ‘utf-8’)
api_secret_bytes = bytes(API_SECRET, ‘utf-8’)
auth_signature = base64. b64encode((
api_secret_bytes, auth_string_bytes, a256)())
auth_headers = {
‘Auth-Token’: API_TOKEN,
‘Auth-Timestamp’: auth_timestamp,
‘Auth-Nonce’: auth_nonce,
‘Auth-Signature’: auth_signature, }
if headers:
(headers)
return getattr(requests, ())(
BASE_URL + path,
headers=auth_headers,
data=data, )
Installation of Pritunl VPN client :
Pritunl is and Open Source OpenVPN Client. It is easy to install and coiffure using profile link you received from on the link you will lead you to your user profile on designated VPN in mind link is valid for 24 hours from sending! Your profile page will look similar to:First download the client, you can always install the latest version of client from here:once installed, start the client application and click on import profile enter the URI you can see in your pritunl user profile starts with pritunlNow you have a profile set connect to the VPN just click on menuand click on connect
Frequently Asked Questions about pritunl vpn client download
How install VPN on Pritunl?
To install Pritunl VPN server on Ubuntu 20.04, we are going to follow a number of steps as stated below:Step 1: Update your system. … Step 2: Add Pritunl and MongoDB repositories and public keys. … Step 3: Install Pritunl and MongoDB. … Step 4: Configure Pritunl on Ubuntu 20.04. … Step 5: Configure Pritunl Client on Ubuntu 20.04.Dec 23, 2020
How do I use Pritunl client?
Initial setupSSH into one of the Pritunl instances by using Session Manager.Run sudo pritunl default-password to get the default username and password.Navigate to the Pritunl log in page and use the credentials from the previous step.Create a user pritunl and add a new password.Jun 11, 2020
How do I import Pritunl?
First download the client software. and click on import profile URI. Now enter the URI you can see in your pritunl user profile page. Now you have a profile set up.Aug 26, 2019