Pritunl
Pritunl is an open source software for creating VPN infrastructure. It allows you to create a secure and convenient site-to-site connection to the local network.
You can create a cloud server with a ready-made Pritunl application and then set up a VPN server on it. After configuring the VPN server, users will be able to VPN.
Create a cloud server with Pritunl
-
In control panels go to Cloud platform → Servers.
-
Click Create a server.
-
In the block Name and location:
3.1 In the field Name enter the server name. This will be set as the host name in the operating system.
3.2 In the fields Region and Poole select region and pool segment The pool segment determines the list of available server configurations and the cost of resources. The list of available server configurations and the cost of resources depends on the pool segment. Once the server is created, the pool segment cannot be changed.
-
In the block Source click on the default source name → tab Appendicesselect
Cloud Pritunl <version> 64-bit
and press Select. -
In the block Configuration select a server configuration from 1 vCPU, RAM from 1 GB and boot disk size from 10 GB. You can select:
- fixed configuration — rulers in which the ratio of resources is fixed;
- or arbitrary configuration, where any resource ratio can be specified.
The configurations use different processors depending on the lineup and pool segment.
5.1. To select a fixed configuration, press FixedOpen the tab with the required line and select the configuration. The amount of RAM allocated to the server may be less than the amount specified in the configuration — the operating system kernel reserves some RAM depending on the kernel version and distribution. You can check the allocated capacity on the server using the command
sudo dmesg | grep Memory
.Once the server is created, you can reconfigure.
5.2 To select an arbitrary configuration, press Arbitrary, specify the number of vCPUs and the size of RAM.
5.3. Select the server boot disk:
- if you want to select the following as the server boot disk local disk and check the box Local SSD NVMe disk;
- if you want to select the following as the server boot disk network disk uncheck the box Local SSD NVMe disk. In the field Disk type select network boot disk type. And specify the disk size in GB or TB. Keep in mind network disk limits to the maximum size.
5.4 Optional: to add additional network drives of the server. In the field Disk type select network drive type and specify the size of the network disk in GB or TB. Take into account network disk limits to the maximum size.
Once the server is created, you can disconnect additional disks from it or connect new ones.
-
In the block Network:
- If you have created a private subnet and a cloud router connected to an external network, in the field Subnetwork select Private + 1 public IPin the field Private subnet select the created subnet, in the Private IP specify the private IP address of the server. If the server has a public IP address, tap Connect existing and select a public IP address;
- If you have not created a private subnet and cloud router, in the field Subnetwork select Private + 1 public IP. A private network will be automatically created
nat
, private subnet, router.router-nat
and a public IP address.
-
In the block Access:
7.1 Place on the server SSH key for a secure connection:
- if the SSH key is added to the cloud platform, in the field SSH key select an existing key;
- If the SSH key is not added to the cloud platform, click Add an SSH keyenter the key name, insert the public SSH key in OpenSSH format, and then click Add.
7.2 Optionally: in the field Password for "root" copy the user's password
root
(a user with unlimited rights to all system operations). Save the password in a safe place and do not share it in public. -
In the block Additional settings:
8.1 Optionally: if you plan to create multiple servers and want to increase the fault tolerance of your infrastructure, add a server in the placement group. To create a new group, press Create a group, enter a group name, and select a policy for hosting on different hosts:
- preferably — the system will try to place servers on different hosts (soft-anti-affinity). If there is no suitable host when creating a server, it will be created on the same host;
- mandatory — servers in the group must be located on different hosts (anti-affinity). If there is no suitable host when creating a server, the server will not be created.
If the group is created, in the field Accommodation group select a placement group.
8.2 Optional: to add additional information or filter the servers in the list, add tags servers. Operating system and configuration tags are automatically added. To add a new tag, in the Tags enter tag.
-
Check the price of the cloud server.
-
Click Create.
Set up a VPN server
- Initialize Pritunl.
- Create an organization where the VPN server will be located.
- Create a VPN server.
- Add a VPN server to the organization.
- Configure routing through the VPN server.
- Start the VPN server.
- Create a custom configuration.
initialize Pritunl
-
Generate a key to install Pritunl:
sudo pritunl setup-key
-
Copy the generated key.
-
Open the page in your browser:
http://<ip_address>
Specify
<ip_address>
— The public IP address of the cloud server can be viewed in control panels under Cloud platform → Servers → server page → tab Ports → column Public IP. -
In the field Enter Setup Key paste the key you copied in step 3.
-
Click Save.
-
The browser will warn you that the connection is not secure due to a missing certificate. Ignore the warning and open the page.
-
In the CLI, print the login and password for authorization:
sudo pritunl default-password
-
Copy the username and password.
-
In your browser, log in to the pritunl panel. In the field Username и Password paste the login and password you copied in step 9.
-
Click Sign in. Wait until the initialization of settings is complete.
-
Uncheck the box Accept IPv6 Connections.
-
Optional: in the field New Password enter a new password. For security reasons, we recommend changing your password.
-
Optional: in the field Lets Encrypt Domain enter the domain whose A record leads to the IP address of the server.
-
Click Save.
Create an organization
- In the pritunl panel, open the tab Users.
- Click Add Organization.
- In the field Name enter the name of the organization.
- Click Add.
Create a VPN server
- In the pritunl panel, open the tab Servers.
- Click Add Server.
- In the field Name enter the name of the server.
- Click Add.
Add a VPN server to the organization
- In the pritunl panel, open the tab Servers.
- Click Attach Organization.
- In the field Select an organization select the organization to which you want to add the VPN server.
- In the field Select a server select VPN server.
- Click Attach.
Configure routing through the VPN server
- In the pritunl panel, open the tab Servers.
- Select the desired VPN server.
- In the block
0.0.0.0/0
click Remove Route. - To confirm the deletion of the default route, tap Remove.
- Click Add Route.
- In the field Network enter the private subnet where the cloud server is located. You can look in control panels → section Cloud platform → Network → tab Private networks.
- In the field Select a server select VPN server.
- Click Attach.
Start the VPN server
- In the pritunl panel, open the tab Servers.
- Select the desired VPN server.
- Click Start Server.
Create a custom configuration
- In the pritunl panel, open the tab Users.
- Click Add User.
- In the field Name enter a user name.
- In the field Select an organization select the organization to which you want to add the custom configuration.
- Click Add.
- In the user line, click Get temporary profile links.
- Copy and give the VPN server user a suitable link to download the configuration file.
Connect to VPN
Install Pritunl Client
On Pritunl website download the Pritunl Client and install it.
Download the configuration file
- Open the Pritunl Client.
- Click Import.
- In the field Profile URL paste a link to the configuration file that the VPN server administrator gave you.
- Click Import.
Connect to the server
- Open it up Pritunl Client.
- Navigate to the VPN server client profile.
- Click Connect.