Welcome to this guide on how to install and configure the Pritunl VPN server on Amazon Linux 2. A Virtual Private Network, abbreviated as VPN is a vital component as it protects and masks users from untrusted networks. This adds security to a connection since all geo-restrictions are bypassed. Therefore, one is able to surf using public networks while their data is kept private.
Pritunl VPN is one of the best open-source tools. It serves as the best alternative to commercial products such as Aviatrix and Pulse Secure. It is preferred due to its simple and easy-to-use graphical interface.
Other amazing features associated with Pritunl VPN are:
- Open Source with all the source code publicly available on Github. This allows complete transparency and customization.
- Free to Use with no registration or credit card necessary.
- Easy to configure since all configurations are done on the web interface. This makes it easy to manage large environments with complex configurations.
- Supports multiple Protocols – it can be used with both OpenVPN and WireGuard clients. IPsec is used for site-to-site links and VPC peering
- REST API that makes it easy to integrate and configure Pritunl with other services
- Improved security with all the traffic between clients and the server encrypted. There is also an optional two-step authentication with the Google authenticator.
Let’s dive in and enjoy the awesomeness of this tool.
Step 1 – Add the Required Repositories.
We will begin by adding the Pritunl repository on Amazon Linux 2 as below:
sudo tee /etc/yum.repos.d/pritunl.repo<< EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/amazonlinux/2/
gpgcheck=1
enabled=1
EOF
Next, add the EPEL repository to provide other packages required.
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
MongoDB is also required when running Pritunl. Add the MongoDB repository on Amazon Linux 2 as shown:
sudo tee /etc/yum.repos.d/mongodb-org-5.repo<<EOF
[mongodb-org-5.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/5.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-5.0.asc
EOF
Proceed to import the GPG key signing.
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
Step 2 – Install Pritunl VPN server on Amazon Linux 2
Once all the required repositories have been added, we will install the Pritunl VPN server and MongoDB on Amazon Linux 2 using the command:
sudo yum install pritunl mongodb-org -y
Once the installation is complete, start and enable the MongoDB and Pritunl services.
sudo systemctl enable --now mongod pritunl
Check if the services are running:
$ systemctl status mongod pritunl
● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-04-13 09:52:36 UTC; 21s ago
Docs: https://docs.mongodb.org/manual
Process: 2975 ExecStart=/usr/bin/mongod $OPTIONS (code=exited, status=0/SUCCESS)
Process: 2971 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited, status=0/SUCCESS)
Process: 2968 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb (code=exited, status=0/SUCCESS)
Process: 2967 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited, status=0/SUCCESS)
Main PID: 2979 (mongod)
CGroup: /system.slice/mongod.service
└─2979 /usr/bin/mongod -f /etc/mongod.conf
.....
● pritunl.service - Pritunl Daemon
Loaded: loaded (/etc/systemd/system/pritunl.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-04-13 09:52:25 UTC; 31s ago
Main PID: 2966 (pritunl)
CGroup: /system.slice/pritunl.service
└─2966 /usr/lib/pritunl/bin/python /usr/lib/pritunl/bin/pritunl st...
Apr 13 09:52:25 vm_hostname systemd[1]: Started Pritunl Daemon.
Hint: Some lines were ellipsized, use -l to show in full.
If you have a firewall enabled, allow ports 80 and 443 through it:
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
sudo firewall-cmd --reload
Step 3 – Configure Pritunl VPN server on Amazon Linux 2
The Pritunl VPN server is configured via the web interface accessed using the URL https://IP_Address. But first, obtain the authentication key to the MongoDB database.
sudo pritunl setup-key
Now, copy the generated key and paste it to the web page as shown.
Save the database credentials to update the database.
Generate the Pritunl VPN server login credentials.
sudo pritunl default-password
Provide the generated credentials and sign in
Once successfully authenticated, make the Pritunl initial settings that include changing the password and the IP address of the Pritunl server.
Once set, you will be granted the below dashboard.
On this board, you can add users, servers, and organizations.
Adding Users to the Pritunl VPN server
To add a user to the Pritunl VPN server, click on Users. Begin by adding an organization for the user.
Now proceed and add the user and link them to the created organization as shown.
You also need to set a PIN to be by the user when connecting to the Pritunl VPN server. Once added, proceed and add the server in the Servers tab
You are required to provide the name, VPN and DNS to be used by the client. You can as well choose to retain the defaults.
You can also check the enable Wireguard box and make the required configurations for Wireguard. The added server will appear as below.
Click on attach organization before you start the server. Once the server is started, you will see this.
Finally, download the client profile to be used when connecting to the server. This can be downloaded in the Users tab as shown.
Step 4 – Configure Pritunl Client
The client machine needs to have the Pritunl Client package installed. This guide will demonstrate how to install the Pritunl Client on a Rhel-based system(CentOS 8/Rocky Linux 8/Alma Linux 8).
First, add the repository:
sudo tee /etc/yum.repos.d/pritunl.repo<<EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/8/
gpgcheck=1
enabled=1
EOF
Proceed and import the GPG keys.
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
Install the Pritunl client package:
sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf -y install pritunl-client-electron
Now launch the Pritunl client from the App menu and import the downloaded client profile.
At the top-right corner, click connect
Provide the PIN set earlier to connect to the Pritunl server.
You can also verify the connection with the command:
$ ifconfig tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 192.168.231.2 netmask 255.255.255.0 destination 192.168.231.2
inet6 fe80::cfab:8584:77b2:f23b prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 94 bytes 42403 (42.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 199 bytes 33704 (33.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Closing Thoughts.
At this point, you should have successfully installed and configured the Pritunl VPN server on Amazon Linux 2. Connect to the VPN with the Pritunl Client and enjoy the awesomeness of this tool.
Related posts: