Cloud server with Pritunl

Last update: May 29 2025

Cloud server with Pritunl

Pritunl is an open source software for creating VPN infrastructure. It allows you to create a secure and convenient site-to-site connection to the local network.

You can create a cloud server with an out-of-the-box Pritunl application and then configure a VPN server on it. Once the VPN server is configured, users can connect to the VPN.

Create a cloud server with Pritunl⁠

1. In the dashboard, on the top menu, click Products and select Cloud Servers.

2. Click Create Server.

3. In the Name and Location block:

   3.1 In the Name field, enter the name of the server. This will be set as the host name in the operating system.

   3.2 In the Region and Pool fields, select the region and pool segment in which the server will be created. The list of available server configurations and resource costs depends on the pool segment. Once the server is created, the pool segment cannot be changed.

4. In the Source block, click the default source name → Applications tab, select Cloud Pritunl <version> 64-bit, and click Select.

5. In the Configuration block, select a server configuration from 1 vCPU, RAM from 1 GB and boot disk size from 10 GB. You can select:

   • fixed configuration — rulers in which the ratio of resources is fixed;
   • or an arbitrary configuration in which any resource ratio can be specified.

   The configurations use different processors depending on the line and pool segment.

   5.1 To select a fixed configuration, click Fixed, open the tab with the desired ruler, and select the configuration.The amount of RAM that is allocated to the server may be less than the amount specified in the configuration — the operating system kernel reserves some RAM depending on the kernel version and distribution. You can check the allocated amount on the server by using the sudo dmesg | grep Memory command.

   After the server is created, you can change the configuration.

   5.2 To select an arbitrary configuration, click Arbitrary, specify the number of vCPUs and the RAM size.

   5.3 Select the server boot disk:

   • If you want to select a local disk as the server boot disk, check the Local SSD NVMe disk checkbox;
   • If you want to select a network disk as the server boot disk, clear the Local SSD NVMe disk checkbox . In the Disk Type field, select the type of network boot disk. And specify the disk size in GB or TB. Take into account the maximum size limits of network disks.

   5.4 Optional: to add additional network disks to the server. In the Disk Type field, select the network disk type and specify the network disk size in GB or TB. Observe the maximum size limits of network disks.

   Once the server is created, you can disconnect additional disks from it or connect new ones.

6. In the Network block, connect an existing private subnet with the cloud router or create a new one:

   Existing private subnet

   6.1 Click Private Subnet.

   6.2 In the Public IP Address for Internet Access field, select New Public IP Address.

   6.3. Expand the block with private subnet settings.

   6.4. In the Subnet field, select an existing subnet.

   6.5. In the Private IP field, specify the private IP address of the server. The public IP address will be automatically connected to the private address.

   New private subnet

   6.1 Click Private Subnet.

   6.2 In the Public IP Address for Internet Access field, select New Public IP Address.

   6.3. Expand the block with private subnet settings.

   6.4 If you have existing networks in the project, select New Subnet in the Subnet field.

   6.5 Optional: Change the CIDR of the subnet.

   6.6 Optional: enable the DHCP toggle switch.

   6.7. Optional: in the Gateway field, change the IP address of the default gateway.

   6.8. In the Network field, select the existing network where the subnet will be created or New network. For a private subnet with a public IP address, router-<network_name>, where <network_name> is the network name, will be automatically created.

   6.9. If you selected New Network, enter the name of the network.

7. Select security groups to filter traffic on server ports. Without security groups, traffic will not be allowed. If there is no block, port security is disabled on the server network . With traffic filtering disabled, all traffic will be allowed.

8. In the Access block:

   8.1 Place an SSH key on the server for secure connection:

   • If an SSH key is added to the cloud platform, in the SSH key field, select an existing key;
   • If the SSH key is not added to the cloud platform, click Add SSH Key, enter the key name, paste the public SSH key in OpenSSH format, and click Add.

   8.2 Optionally: in the Password for "root" field, copy the password of the root user (a user with unlimited rights to all actions on the system). Save the password in a safe place and do not pass it on publicly.

9. In the Advanced Settings block:

   9.1 Optional: If you plan to create multiple servers and want to increase the fault tolerance of your infrastructure, add a server to a placement group. To create a new group, click Create Group, enter a group name, and select a placement policy on different hosts:

   • preferably — the system will try to place servers on different hosts (soft-anti-affinity). If there is no suitable host when creating a server, it will be created on the same host;
   • mandatory — servers in the group must be located on different hosts (anti-affinity). If there is no suitable host when creating a server, the server will not be created.

   If a group has been created, select a placement group in the Placement Group field.

   9.2 Optional: to add additional information or filter servers in the list, add server tags. Operating system and configuration tags are automatically added. To add a new tag, enter a tag in the Tags field.

10. Check the price of the cloud server.

11. Click Create.

Set up a VPN server⁠

1. Initialize Pritunl.
2. Create an organization in which to host the VPN server.
3. Create a VPN server.
4. Add a VPN server to the organization.
5. Configure routing through the VPN server.
6. Start the VPN server.
7. Create a custom configuration.

1. Initialize Pritunl⁠

1. Connect to the cloud server.

2. Generate a key to install Pritunl:

   sudo pritunl setup-key

3. Copy the generated key.

4. Open the page in your browser:

    http://<ip_address>

   Specify <ip_address> — public IP address of the cloud server, can be viewed in the control panel in the top menu click Products → Cloud Servers → Server page → Ports tab → in the port card click next to the public IP address.

5. In the Enter Setup Key field, paste the key you copied in step 3.

6. Click Save.

7. The browser will warn you that the connection is not secure due to a missing certificate. Ignore the warning and open the page.

8. In the CLI, print the login and password for authorization:

   sudo pritunl default-password

9. Copy the username and password.

10. In your browser, log in to the pritunl panel. In the Username and Password field, paste the login and password you copied in step 9.

11. Click Sign in. Wait for the settings initialization process to complete.

12. Clear the Accept IPv6 Connections checkbox.

13. Optional: enter a new password in the New Password field. For security reasons, we recommend changing the password.

14. Optional: In the Lets Encrypt Domain field, enter the domain whose A-record leads to the server IP address.

15. Click Save.

2. Create an organization⁠

1. In the pritunl panel, open the Users tab.
2. Click Add Organization.
3. In the Name field, enter the name of the organization.
4. Click Add.

3. Create a VPN server⁠

1. In the pritunl pane, open the Servers tab.
2. Click Add Server.
3. In the Name field, enter the name of the server.
4. Click Add.

4. Add a VPN server to the organization⁠

1. In the pritunl pane, open the Servers tab.
2. Click Attach Organization.
3. In the Select an organization field, select the organization to which you want to add the VPN server.
4. In the Select a server field, select the VPN server.
5. Click Attach.

5. Configure routing through the VPN server⁠

1. In the pritunl pane, open the Servers tab.
2. Select the desired VPN server.
3. In the 0.0.0.0.0/0 block, click Remove Route.
4. To confirm the removal of the default route, tap Remove.
5. Click Add Route.
6. In the Network field, enter the private subnet where the cloud server is located. You can view it in the control panel in the top menu, click Products → Cloud Servers → Network → Private Networks tab.
7. In the Select a server field, select the VPN server.
8. Click Attach.

6. Start the VPN server⁠

1. In the pritunl pane, open the Servers tab.
2. Select the desired VPN server.
3. Click Start Server.

7. Create a custom configuration⁠

1. In the pritunl pane, open the Users tab.
2. Click Add User.
3. In the Name field, enter the user's name.
4. In the Select an organization field, select the organization to which you want to add the custom configuration.
5. Click Add.
6. In the user line, click Get temporary profile links.
7. Copy and give the VPN server user a suitable link to download the configuration file.

Connect to VPN⁠

1. Install Pritunl Client.
2. Download the configuration file.
3. Connect to the server.

1. Install Pritunl Client⁠

From the Pritunl website, download the Pritunl Client and install it.

2. Download the configuration file⁠

1. Open the Pritunl Client.
2. Click Import.
3. In the Profile URL field, type a link to the configuration file that the VPN server administrator gave you.
4. Click Import.

3. Connect to the server⁠

1. Open the Pritunl Client.
2. Navigate to the VPN server client profile.
3. Click Connect.