Namely, this article is aimed at showing readers how they can deploy Pritunl VPN on Ubuntu and then use the client for securing their network traffic. As the world becomes more connected with the internet, it is crucial to ensure that the content being transmitted is safe and private. VPNs also are key enablers in these tasks. Of the many VPN solutions, Pritunl can be distinguished by the fact that it is both a powerful VPN server and easy to use.
Table of Contents
Prerequisites
Before we dive into the installation process, make sure you have the following:
- A Ubuntu server: For this tutorial, it is best to go for a clean environment of either distribution.
- Root or sudo access: Root or elevated access on the system is necessary to install and set up the VPN connection.
- Basic understanding of terminal commands: Knowledge of how Linux works using command-line operations will be an added advantage.
Step 1: Update and Upgrade the System
The first step must be to synchronize the package lists for your specified sources and then upgrade the packages installed in the system. This step can prevent certain problems when installing packages that may arise because of their outdated versions.
Open a terminal and execute the following commands:
sudo apt updatesudo apt upgrade -yThis process may take a few minutes depending on how many packages the system is going to update. Finally, your system will be ready to install MongoDB and Pritunl independently.
Step 2: Install MongoDB
Pritunl’s database back end data are stored in MongoDB. MongoDB supplies all necessary data for correct functioning of the Pritunl, be it plain text or binary data. To work with MongoDB the very first thing is make some changes in the MongoDB repository and then install the required packages.
Adding the MongoDB Repository
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu $(lsb_release -cs)/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.listFirst, there is a creation of a new repository file that MongoDB will be utilizing. This allows the package manager to download MongoDB from any official MongoDB repository that may be available.
Import the MongoDB GPG Key
wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add –Next, import the GPG key to ensure the packages you download from the MongoDB repository are authenticated and secure:
Install MongoDB
With the repository added and the key imported, update your package list again and install MongoDB:
sudo apt updatesudo apt install -y mongodb-orgStart and Enable MongoDB
Once the installation is complete, start the MongoDB service and enable it to start automatically on system boot:
sudo systemctl start mongodsudo systemctl enable mongodYou can verify that MongoDB is running correctly by checking its status:
sudo systemctl status mongodIf all the procedures are properly done, then you will get a message showing that MongoDB service is up and running.
Step 3: Install Pritunl VPN
It is also important to check whether MongoDB has been installed and is running before proceeding to the installation of Pritunl. As it was mentioned with MongoDB, to use Pritunl one has to add its repository and import the GPG key.
Add the Pritunl Repository
Add the Pritunl repository to your system:
echo "deb http://repo.pritunl.com/stable/apt focal main" | sudo tee /etc/apt/sources.list.d/pritunl.listImport the Pritunl GPG Key
Import the Pritunl GPG key to ensure the packages are authenticated:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys BC14EFCF50C231A9Install Pritunl VPN
Now, update the package list again and install Pritunl:
sudo apt updatesudo apt install -y pritunlStart and Enable Pritunl
Start the Pritunl service and enable it to start automatically on system boot:
sudo systemctl start pritunlsudo systemctl enable pritunlYou can verify that Pritunl is running correctly by checking its status:
sudo systemctl status pritunlAfter successfully executing all the provided instruction, you should be presented with a message that the Pritunl service is running.
Step 4: Configure Pritunl VPN
Finally having Pritunl installed and executing means that it is time to configure the program via the web interface it comes with.
Accessing the Web Interface
Open your web browser and navigate to https:The website address will be in the form of //<your-server-ip>This can occur due to the use of a self-signed certificate and as a result you might experience a security warning. Logical, and you can now continue entering the web interface.
Initial Setup
- Setup User Account:During the initial launch of the application when starting from the web based graphical user interface, the user is required to setup the administrative user account. The admin account created herein will have complete sovereignty over the Pritunl server.
- Set Up MongoDB: This references the MongoDB URI. For a local MongoDB installation, the default URI is mongodb:://localhost:27017/pritunl.
Retrieve Setup Key
In the terminal, run the following command to get the setup key:
sudo pritunl setup-keySave the copied key and then input it in the setup page in the webpage interface. To finish the basic configurations, this key is rather imperative.
Initialize the Database
This involves visiting the Settings page of the installed web interface and starting the process of creating the database. This step creates appropriate tables in the database required for the proper functioning of Pritunl.
Step 5: Create a Pritunl Organization and User
During the setup process, there is no config file provided and user and organization must be created in Pritunl. Users are organized in organizations and connected to VPN servers.
Create an Organization
Go to the Organization tab and click on New Organization. This organization will hold the users who will access to the VPN connection. For practical purposes, it is advisable to give your organization a descriptive name so that people can identify it easily.
Create a User
In the organization, the setup of a new user. This user will also be able to connect to the VPN through the account credentials that will have been assigned. Make sure to provide the user with a strict username and a strong password.
Step 6: Configure a VPN Server
With an organization and user created, you can now set up a VPN server.
Create a Server
Go to the Servers node and create a new server. Setting up the server’s requirements, depending on the working network and encryption. It is recommendable that you come up with a suitable name that will help you identify your server easily.
Attach the Organization
Next, link the previously created organization to the server. This enables these users within the organization to be able to connect to the server. Click the organizations link under the server configuration tab and then click on the organization that you created before.
Start the Server
A VPN server must be started to allow connections as per the following:Go back to the Interfaces tab, then click on the Start button, select the server you just created under the Servers tab. The server will now be listening to clients, preparing for connection from the users or clients.
Step 7: Configure Firewall and Networking
To ensure proper operation of your VPN, you need to configure your firewall and enable IP forwarding.
Adjust UFW (Uncomplicated Firewall)
Allow the necessary ports through the firewall for pritunl vpn to work properly. Execute the following commands to allow traffic on these ports:
sudo ufw allow 443/tcpsudo ufw allow 80/tcpsudo ufw allow 1194/udpsudo ufw allow OpenSSHEnable the firewall:
sudo ufw enableConfigure IP Forwarding
Edit the sysctl configuration file to enable IP forwarding. This step allows traffic to be routed through the Pritunl VPN server.
Open the sysctl configuration file with a text editor:
sudo nano /etc/sysctl.confUncomment the following line by removing the # at the beginning:
net.ipv4.ip_forward=1Save the file and apply the changes:
sudo sysctl -pStep 8: Connect to the VPN
Everything being set up with your VPN server, you can now establish a connection to it via a VPN client.
Download the Pritunl VPN Profile
Through the Pritunl web-based control panel, click on Users to access the menu then click the user you have created and download the VPN profile. This profile includes everything required to connect to the VPN, profile.
Import the Profile into a Pritunl VPN Client
Import the profile to use with any OpenVPN-compatible client, and enjoy the protection of the VPN. The specific destination that Pritunl gives various clients explicit instructions on the website.
- Windows: Please download the OpenVPN client from the official website and follow the instructions to install it. Download the profile and then connect with the VPN server that was imported.
- MacOS: Install the OpenVPN client or Tunnelblick instead. Familiarize with the avatar and login to the VPN.
- Linux: Basically on this one, make use of the OpenVPN package that is in your distribution’s repository. When both are set, import the profile and connect using the terminal.
Example command to connect using the OpenVPN client on Linux:
sudo openvpn --config /path/to/your/profile.ovpnStep 9: Advanced Configuration (Optional)
Some of these are as follows: Pritunl offers several advanced options for security and interconnectivity improvements.
Custom SSL Certificates
If your production environment is involved, consider using the custom SSL certificate from the reliable Certificate Authority instead of operating the default self-signed certificate. It improves security and the removal of browser warning messages.
- Obtain the SSL Certificate: Obtain your SSL certificate files from your preferred CA and download them in your server.
- Install the Certificate: Pritunl has a detailed guide that you need to follow to install SSL certificate properly.
Integrate with LDAP
It is important to note that LDAP support for user management can also be used for the authentication of Pritunl users. This is especially advantageous in large business settings where there are many employees and complex operations.
- Enable LDAP: In the web interface setting, there is an option called LDAP, which must be turned on.
- Configure LDAP: In this step, input your LDAP server information including the address for your LDAP server, base DN, and bind credentials. Under this section, check the connection to see if everything is properly set up.
Multi-Factor Authentication (MFA)
Adding user account security by introducing multi-factor authentication for its users. Pritunl supports the two-step verification and allows using Google Authenticator as a second factor.
- Enable MFA: Going through the available settings, turn on the Multi-Factor Authentication option in the web interface.
- Configure MFA: Choose the MFA method that you want to employ, and set it up based on the guide that has been given above.
Step 10: Maintenance and Monitoring
This can only be possible by having frequent maintenance as well as monitoring of the VPN server system to avoid major hitches.
Backup MongoDB
On the other hand, the backup process should be automated through the use of cron job to ensure its frequent execution.
mongodump --db pritunl --out /path/to/backupMonitor Logs
It is recommended to go through the logs as often as possible to avoid potential issues and correct them if necessary.
sudo journalctl -u pritunlUpdate Pritunl VPN
This will allow for Pritunl to remains up to date for new features and security patches. Update Pritunl by running:
sudo apt updatesudo apt upgrade pritunlSecurity Audits
Ensure that security is frequently audited within your organization to uncover strengths and weaknesses. This includes taking action such as reviewing the users granted access, reviewing the firewall rules and making certain that all software is updated.
Conclusion
Installation and configuration of Pritunl VPN on Ubuntu is quite simple as it involves installation of MongoDB then after that installation of Pritunl vpn and configuration of VPN server and users. In conclusion, I would like to point out that Pritunl vpn is a very efficient and versatile VPN service which will meet the needs of both personal and business users.
Likewise, it is advisable that periodic checks or maintenance be conducted to guarantee its dependability as a secure communication tunnel. The step by the step guide outlines all the procedures that you would need to put in place so as to come up with a strong and reliable VPN which will safeguard the traffic of your network as well as your privacy. In this day and age where everyone is working remotely and downloading private information on the internet, pritunl vpn also offers solutions to these necessities.
For more blogs related to Linux do visit our website simplealltech.com