Why choose Pritunl?!
Pritunl is an open-source VPN server solution built on OpenVPN, offering secure and scalable VPN services for enterprises and individuals.
Key Benefits:
OpenSource and can be easily Self Hosted
It is cheaper than commercial VPNs
Can integrate with the Zero Trust Models easily
Supports 2 Factor Authentication
Getting Started with Pritunl
If you're new to Pritunl, I highly recommend going through the Basic Setting up of Pritunl for an Organization
Project Setup on AWS
To better understand Pritunl’s functionality, we’ll focus on setting it up for multiple organizations. We'll deploy and configure it on AWS using the following setup.
Prerequisites for Demo
AWS Account
Foundational Understanding of VPC
Steps to be Followed
Step 1: Create a VPC named "Staging" with the following options
# The configuration of VPC is as follows
Resources to Create ==> VPC and more
name ==> staging
Staging IPv4 CIDR Block ==> 10.0.0.0/16
Tenancy ==> Default
No of AZ ==> 1 # Can select more if required
No of Public Subnet ==> 1
No of Pvt Subnet ==> 1
NAT Gateway ==> None
VPC Endpoints ==> S3 Gateway # No change required
DNS Options ==> NO Change Required
This would create the VPC and all the other requirements within the VPC now.
Repeat the same steps to create the Production VPC, but be sure to change the IPv4 CIDR range. A different range will be required for the Peering Connection to work properly.
We can set it to something like
Production IPv4 CIDR Block ==> 10.1.0.0/16
After the creation of both VPCs, it will be shown in the VPC Dashboard
All other resources like the Subnets, and Route Tables would also be created along with it.
Step 2: Creating the VPC Peering between the "Staging VPC" & "Production VPC"
Since both VPCs are in the same account, the steps remain largely the same even if they belong to different accounts. The required details for setup are as follows
Note: Regardless of whether the VPCs are in the same or different accounts, they must be in the same region. If they are in different regions, the connection will not work.
Peering name: staging-production-connection
VPC ID Requester: <VPC ID of Staging VPC>
VPC ID Accepter: <VPC ID of Production VPC>
# Rest of the Field to be kept as Default
After the creation, it should look like this
Save the Peering Connection ID & keep it handy for future reference.
Step 3: Creation of the Resources
Adding the Pritunl Instance in Staging VPC's Public Subnet
For this, we will need to make the change i.e. to Staging VPC from Default VPC within the Network Settings
The rest of the configuration will look like
name: pritunl-server
ami : ubuntu 24.04 Free tier eligible
instance type: t2 micro / t2 small
key Pair: <Your Key Pair>
Netwrok Settings : <Refer the Above Image>
After Creation, it will appear in the Dashboard
The same configuration we have to repeat for adding up the "Prod Private Instance" in the Private Subnet of Production VPC
For this, we will need to make the change i.e. to Production VPC from Default VPC within the Network Settings
As the instance is in the Private Subnet it will not be assigned with the Public IP by default; this is what the expected behavior lies upon.
The Rest of the configuration will look as follows
name: prod-pvt-instance
ami : ubuntu 24.04 Free tier eligible
instance type: t2 micro / t2 small
key Pair: <Your Key Pair>
Netwrok Settings : <Refer the Above Image>
After creation, it should look like this in the dashboard
Step 4: Attach the VPC Peering Connection to the Subnets
As we are going to connect the Production VPC's Private Instance to the Staging VPC's Public Pritunl VPN we need to make some changes in the Route Tables
For Staging VPC's Public Pritunl VPN
Check out the Routes tab => Click on the Edit Routes
We need to add the mapping as follows
# Mapping Should be
<Product VPC's [Pvt Subnet]> <==> Peering Connection ==> <pcx-your-peering-id>
10.1.0.0/16 <==> <pcx-your-peering-id>
---------------
It would look like
For Production VPC's Private Instance
Here the mapping would look like
<Staging VPC's [Pvt Subnet]> <==> Peering Connection ==> <pcx-your-peering-id>
10.0.0.0/16 <==> <pcx-your-peering-id>
---------------
Similarly follow the same steps for the following details
Step 5: Steup the Pritunl on the Pritunl Server
Step 6: Access the Pritunl Dashboard
Step 7: Add the Production Server
The details to be filled are as follows
Name: Production Server
PORT: 16858 UDP # Subjected to change; Add it to the Inbound Rules of the Instance
Virtual Network: <Add-IPV4-CIDR-PRODUCTION-VPN>
Enable Google Authenticator: YES
After adding it would look as follows
Step 8: Add the Staging Server
The details to be filled are as follows
Name: Staging Server
PORT: 13986 UDP # Subjected to change; Add it to the Inbound Rules of the Instance
Virtual Network: <Add-IPV4-CIDR-STAGING-VPN>
Enable Google Authenticator: YES
After adding it would look as follows
Step 9: Add Organization & Users to the Org
Add Production Org => Add user into that respective organization
It would look something like this
Add Staging Org => Add user into that respective Organization
It would look something like this
Step 10: Attaching the Organization to their respective Servers
Attach the Production Org <==> Production Server
Attach the Staging Org <==> Staging Server
Step 11: Sharing the Credentials to the Respective users
My preferred method is to share the Temporary URI [24 hrs validity] to the user
While if enable the 2FA then we also need to share the QR Code with the Authenticator APP
Step 12: Setting Up the PritUnl Client App
Step 13: Import the User Profile and add it here
Step 14: Try Accessing with the users on both the Servers
If the Profile has access to the Production Server then it will get the access or else the Connection Times out.
Also, the User will be shown online
A similar thing will happen with the staging server.
Voila, now the users are set to use the VPN and can access the applications using the encryption.
Survived this deep dive? Stay ahead; Subscribe to EzyInfra Knowledge Base for more DevOps wisdom.
EzyInfra.dev – Expert DevOps & Infrastructure consulting! We help you set up, optimize, and manage cloud (AWS, GCP) and Kubernetes infrastructure—efficiently and cost-effectively. Need a strategy? Get a free consultation now!
Share this post