Pritunl is an open source management interface for OpenVPN. It allows for private networks, has native IPv6 support, and is relatively simple to use.
That said, it also receives regular updates, and allows for full customization. In addition to the features above, custom routes are supported, and key size can be selected for increased performance.
Prerequisites
In order to install Pritunl, you'll need:
- A CentOS 7 system (both 32 and 64 bit systems are supported).
- Root access (determine whether you are root by executing the following command:
whoami
). - A minimum of 512 MB of RAM, or the lowest plan.
- MongoDB.
- Either
nano
orvim
(text editor). - SELinux disabled.
Installation
Installing dependencies
In order to install Pritunl, we'll need to add the necessary repositories to yum
. Yum is essentially the package manager for CentOS and RHEL systems. It is similar to apt-get
, so don't worry if this is your first time.
We'll be using nano
for this tutorial, but you may use vim
, if you prefer.
The first thing we'll be doing is adding the MongoDB repository:
nano /etc/yum.repos.d/mongodb-org-3.4.repo
Once you've entered the file, it should be blank. Paste the following in:
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
Exit and save by pressing CTRL
and O
simultaneously. Once you do, simply press the "enter" key.
Now that we've added the repository for MongoDB
(database software for Pritunl), we need to add the Pritunl repository.
nano /etc/yum.repos.d/pritunl.repo
When the file loads in your text editor, paste the following:
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/7/
gpgcheck=1
enabled=1
Exit and save.
Continuing on, we need to install epel-release
:
yum -y install epel-release
We now have all of the dependencies required. We'll need to disable SELinux before continuing:
nano /etc/selinux/config
It should say the following once opened:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing .
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Change the SELINUX=enforcing
line to SELINUX=disabled
.
Reboot your server, and log back in.
Installing Pritunl
We've added all of the necessary packages and changed the necessary settings to install Pritunl.
Before we install, we need to add some keys (necessary for the repositories to function):
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > temp.tmp; sudo rpm --import temp.tmp
We can now delete the temporary key:
rm -f temp.tmp
Now, we'll run yum
to install Pritunl:
yum -y install pritunl mongodb-org
Once yum
finishes, we'll make it so Pritunl and MongoDB run on startup:
systemctl start mongod pritunl
systemctl enable mongod pritunl
Pritunl is now installed.
Configuration
After installing Pritunl, run the following:
pritunl setup-key
Make note of the key that comes from running the command above.
Now, visit your server:
https://YOUR_IP_ADDRESS
You should see the following:
Paste the key that you were given from pritunl setup-key
.
Once you hit the "Save" button, you will be prompted to set credentials. You will then be redirected to the login page:
Sign in with your credentials. Proceed to the next section on adding users, and creating your first VPN server.
Adding Users
If you wish to allow other users (whether it be a friend, or colleague), click the "Users" link on the navigation bar:
You should have created an organization already, and creating a user is simple. Click "Add User", and you will be prompted with the following:
Creating the VPN server
As mentioned previously, Pritunl simply manages OpenVPN.
Head to the "Servers" tab in the navigation bar and click "Add Server." You will be prompted with the following:
Fill in the fields with the appropriate information. You may choose the protocol (UDP is better for speed, and shorter distances), local IP range, and other options available through the "Advanced" tab.
Once you hit "Add," the dialog will close. After it does, click "Attach Organization".
Select the organization we created in the previous section, and the VPN server created in this section.
Hit "Attach."
Connecting to your VPN server
As Pritunl uses OpenVPN, connecting should be a breeze. You can choose to install the Pritunl client, or the standalone OpenVPN client.
Note: Installing a client is necessary in order to connect.
Before installing the client, proceed back to the "Users" tab in the management interface. You should see icons next to the user you created:
A tar.gz
file will begin to download. Upon extraction, you'll receive the profile required to connect. Save the file in a safe place.
You can download the Pritunl client from the official site. The client supports all OpenVPN servers.
Enhancing Security
For enhanced security, enable two-factor authentication with Pritunl! Two factor authentication is available with Pritunl. It adds the functionality to OpenVPN. You can use Authy, or any supported app to generate the code that you can use to connect.
Conclusion
Congratulations! You've installed and configured your own VPN server.
If you need to uninstall, the process is simple. Run: yum remove -y pritunl mongodb-org
Enjoy!