VPN
Setup

Setup Pritunl VPN with step-by-step guidelines

Setting up the Pritunl VPN with the step-by-step details and illustrations

It enables the users to connect to a private network securely over the internet, ensuring encryption between the user’s device and network.

Eg: You can securely access your EC2 instance inside the Private network using Private IP using VPN.

Why Pritunl?

Pritunl is an open-source VPN Server Solution which is based on OPEN-VPN that provides secure and scalable VPN Services.

Features:

  • It's Open Source so we can have our custom configuration in code.

  • Its Platform Agnostic i.e. it supports various Operating systems including Windows, macOS, and Linux and provides a client application for these platforms.

  • Easy to use Web Interface for managing the servers, users and configurations and also simplifies the management and monitoring of the servers, and users.

  • Designed to handle the scalability which makes it suitable for small and large deployments.

  • Enhanced security features like 2FA(Two Factor Authentication) and strong encryption standards like (AES, and SHA).

  • Custom Configuration options like DNS Servers, Routes, and IP Address Pools and supports multiple VPN Protocols like OpenVPN and Wireguard.

  • Enterprise Edition includes additional features like SSO, Audit Loggin,g and many more features.

Setting up the Pritunl in AWS EC2 Instance

  1. Create an EC2 instance with the following configuration

instance name => pritunl-vpn
instance type => t2-medium
os => Ubuntu 22.04 (Free Tier Eligible)
Key => prinunl-key(Setup New Key)

2. Connect to the instance via the SSH or EC2 Instance Connect.

## FOR SSH
ssh -i <location to pem file> ubuntu@<Public IP of Instance>

3. (MUST DO) Add Ports in Security Group for AWS Instance.

SSH (22)
UDP (1192) #changes dynamically depending on pritunl servers
HTTP (80)
HTTPS (443)

4. After Connecting the Instance; Check for the OS updates and install the updates

sudo su
sudo apt-get update

5. Install Pritunl in EC2 Instance

sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb http://repo.pritunl.com/stable/apt jammy main
EOF

#### Import signing key from keyserver
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A

#### Alternative import from download if keyserver offline
curl https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc | sudo apt-key add -

#### Update the mongodb sources list
sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list << EOF
deb https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse
EOF

#### Add pgp liscense update
wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add -

#### Update the packages
sudo apt update
sudo apt --assume-yes upgrade

#### Add Wireguard server Support
sudo apt -y install wireguard wireguard-tools

#### Disable the firewall in ubuntu
sudo ufw disable


#### Install Pritunl
sudo apt -y install pritunl mongodb-org
sudo systemctl enable mongod pritunl
sudo systemctl start mongod pritunl

sudo systemctl status mongod pritunl

6. Copy the Public IP Address of the Instance and run it on the Browser. Asking for Private Connection just proceed to get the Initial Dashboard.

7. Setting Up the Pritunl Setup Key

Run the Command presented in the Modal Window in The EC2 Terminal

sudo pritunl setup-key



8. Now it will reset the page in Browser and re-enter into the dashboard via proceeding the private connection; Showing us the login page

Use the Command to proceed the logging in via default credentials.

sudo pritunl default-password

9. Add the Username and Password (Temporary; Need to set after logging in first time)

10. Add the Username, Password and Lets Encrypt Certificate (If having domain then can directly add here the subdomain to add the SSL Certificate in place.)

11. Considering we have the sub-domain resolved earlier; We can add it in the Lets Encrypt Domain as like below. (Don’t Worry without it; it will also work).

vpn.examplewebsite.com

12. Just refresh the page and try with the Subdomain Set to get the Pritunl dashboard.

Adding Server in the Pritunl

  1. In Top Navigation Click on the Server > Add Server

2. Add the PORTS and things like Google Two Factor Authentication > Hit ADD

NOTE: To START the server we must have to setup the Organization.

Adding Organization

In Top Navigation Click on the Users > Add Organization

Adding User

Similar to Adding the Organization

name devops
organization: demo
email <OPTIONAL>
PIN: <OPTIONAL>

Attach Organization to the Server

NOTE: The UDP Port Number generated here is NOT Static i.e. it can change in your case; it actually depends on the number of virtual servers you have. So add PORT Numbers carefully into the AWS Security Groups.

Using this we can launch the server and we can see the logs generated.

Move to Users TAB

  1. Checkout the Temporary Profile Links in the user > Clicking on the link icon.

  2. Now we shall get the modal with the links as below.

  • Checkout the content in Link on the Temporary URL to view Profile Links add it to the new tab on the Browser.

  • Further there is a need to install the Google Authenticator Application in the Andorid/ IOS Device from their Respective Stores; Scan the QR Code to map device with the user.

    NOTE: Save the ProfileURI somewhere safe we will need it in a while while setting up the Pritunl Client.


    Install the Pritunl Client for the OS

    • Click on the Download Client button(into another browser tabs).

    • As a Ubuntu user steps I am following the Steps for Ubuntu 22.04 further other major OS support is present here like Windows, MacOS, Arch Linux etc.

    • Installation Steps for Ubuntu

      sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb https://repo.pritunl.com/stable/apt noble main
EOF

sudo apt --assume-yes install gnupg
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A | sudo tee /etc/apt/trusted.gpg.d/pritunl.asc
sudo apt update
sudo apt install pritunl-client-electron

      Adding the Profile in the Pritunl Client

      • Import the Profile here using the ProfileURI which we have kept safe above.

    • Add the ProfileURI and try connecting with the Respective User created before.

    • The Profile will get added > Hit Connect Button; It will ask for the Authentication Code from the Google Authenticator.

    • The Pritunl client will show connected and can be verified it from the Pritunl Dashboard.

      Voila the users are now set to use the VPN and can access the applications using the encryption.

      EzyInfra.dev is a DevOps and Infrastructure consulting company helping clients in Setting up the Cloud Infrastructure (AWS, GCP), Cloud cost optimization, and manage Kubernetes-based infrastructure. If you have any requirements or want a free consultation for your Infrastructure or architecture, feel free to schedule a call here.

Share this post

Want to discuss about DevOps practices, Infrastructure Audits or Free consulting for your AWS Cloud?

Prasanna would be glad to jump into a call
Loading...
Copyright © 2025, EzyInfra Knowledge Base - DevOps, AWS, Kubernetes. All rights reserved