Set up Pritunl VPN Server and Client on Ubuntu 22.04 with Best Steps – OrcaCore

This guide will walk you through how to Set up Pritunl VPN Server and Client on Ubuntu 22.04. Pritunl is a powerful, open-source VPN server solution that allows you to create and manage distributed VPN networks. By leveraging the OpenVPN protocol, Pritunl enables you to establish secure, virtual network architectures.

Pritunl simplifies connecting devices, whether they are within your internal network or located remotely. This makes it ideal for businesses with multiple branches, enabling them to create a centrally managed VPN with advanced rules and a robust authentication system.

Follow the steps below to begin your Set up Pritunl VPN Server and Client on Ubuntu 22.04 journey. This guide is provided by Orcacore.

To begin, log in to your Ubuntu 22.04 server as a non-root user with sudo privileges. If you haven’t already configured this, you can refer to our guide on Initial Server Setup with Ubuntu 22.04 for detailed instructions.

1. Dependencies For Pritunl VPN Server

First, update and upgrade your local package index using the following commands:

# sudo apt update
# sudo apt upgrade -y

Next, install the necessary packages with this command:

sudo apt install gpg curl gnupg2 software-properties-common apt-transport-https lsb-release ca-certificates -y

Now, you’ll need to add the MongoDB and Pritunl VPN Server repositories to your Ubuntu 22.04 system. Follow the instructions below.

2. Add MongoDB GPG Key and Repository on Ubuntu 22.04

Import the MongoDB APT repository keys using the following command:

curl -fsSL https://www.mongodb.org/static/pgp/server-5.0.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/mongodb-5.gpg

Then, add the MongoDB repository:

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu $(lsb_release -cs)/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list

3. Add Pritunl GPG Key and Repository on Ubuntu 22.04

Import the Pritunl GPG keys using the command below:

# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7AE645C0CF8E292A

**<mark>Output</mark>**
gpg: key 7AE645C0CF8E292A: public key "Pritunl <contact@pritunl.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Then, add the Pritunl repository to Ubuntu 22.04:

echo "deb http://repo.pritunl.com/stable/apt $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/pritunl.list

4. Install Pritunl and MongoDB on Ubuntu 22.04

Update your system again and install the Pritunl and mongo-server packages:

# sudo apt update
# sudo apt install mongodb-org pritunl -y

Start and enable the services:

# sudo systemctl start pritunl mongod
# sudo systemctl enable pritunl mongod

5. Configure and Access Pritunl VPN Server on Ubuntu 22.04

Access the Pritunl VPN server web interface by entering your server’s IP address in your web browser:

http://<mark>your-server-ip</mark>

You should see the following screen:

You’ll need a Setup Key to continue. Run the following command in your terminal:

sudo pritunl setup-key

**<mark>Output</mark>**
ca3e792f00744afaa4bb004f993b9487

Enter the setup key and click Save. You will then see the Pritunl VPN Server sign-in screen on Ubuntu 22.04.

Run the command below to get your default username and password:

sudo pritunl default-password

**<mark>Output</mark>**
Administrator default password:
  username: "pritunl"
  password: "4kUzotEwkdDe"

Enter the username and password on the login screen and click Sign in. You will see the initial setup page where you can change the admin user and password, set the domain, and configure Let’s Encrypt SSL. Click Save when you are finished, or set it up later.

Now, you can configure organizations, users, and servers from the Pritunl dashboard on Ubuntu 22.04.

Add Organizations To Pritunl

Click on Users to add VPN users. Users are linked to servers within an organization.

To create a new organization, click Add organization, enter a name, and click Add.

Add VPN Server To Pritunl

Create a VPN server on Ubuntu 22.04 by clicking on servers and then Add server.

Provide the required server information and click Add.

Attach the server to an organization by clicking on Attach organization and selecting your organization.

Add Users To Pritunl

Click on Add user to create a user profile on your VPN server on Ubuntu 22.04. Enter the necessary information and click Add.

Note: To add multiple users at once, use the Bulk Add user function on the web interface.

6. Set up Pritunl VPN Client

Visit the Pritunl VPN clients page and download a client for your machine. Installation instructions are available on the official page. We have downloaded the Windows Client for this guide.

After installing the VPN client, log in to the Pritunl VPN server to download the user profile. Click on Users, select the user, and click the download icon to get the user profile.

Launch your Pritunl VPN client and select Import Profile.

Locate the user’s profile .tar file and import it, or use the Client URL. You’ll then be able to connect to the Pritunl VPN server.

That’s it! You’re all set to Set up Pritunl VPN Server and Client on Ubuntu 22.04.

Conclusion

Pritunl offers a secure, scalable, and user-friendly VPN solution. Its compatibility with OpenVPN makes it a powerful and reliable choice. You have successfully learned how to Set up Pritunl VPN Server and Client on Ubuntu 22.04.

Enjoy using Pritunl!

Here are some other articles you might find interesting:

Ubuntu 22.04 OpenSSL Setup

How to capture network traffic in Ubuntu 22.04

Etherpad installation Ubuntu 22.04

Enable SCPOnly For Ubuntu 22.04

Monitor Ubuntu 22.04 with Monitorix

SQLite install Ubuntu 22.04

Run Visual Studio Code on Ubuntu 22.04

Jenkins on Ubuntu 22.04

Bitwarden install Ubuntu 22.04

Alternative Solutions for Setting Up a VPN on Ubuntu 22.04

While Pritunl provides a comprehensive and user-friendly solution, other methods exist to achieve similar VPN functionality on Ubuntu 22.04. Here are two alternative approaches:

1. Using OpenVPN Directly:

OpenVPN is the underlying protocol that Pritunl utilizes. You can configure OpenVPN server manually without relying on Pritunl’s management interface. This approach provides more control over the configuration but demands a deeper understanding of VPN concepts and command-line administration.

Explanation:

This method involves installing the OpenVPN server package, generating certificates and keys, configuring the server configuration file (/etc/openvpn/server.conf), and setting up client configurations. You’ll also need to configure routing and firewall rules to ensure proper network traffic flow through the VPN. While this approach is more involved, it gives you greater flexibility in customizing your VPN setup.

Code Example (Simplified Server Configuration):

# Install OpenVPN
sudo apt update
sudo apt install openvpn easy-rsa

# Initialize easy-rsa (adjust path if necessary)
cd /usr/share/easy-rsa
./easyrsa init-pki

# Build Certificate Authority (CA)
./easyrsa build-ca nopass

# Generate server certificate and key
./easyrsa build-server-full server nopass

# Generate Diffie-Hellman parameters
./easyrsa gen-dh

# Copy certificates and keys
sudo cp pki/ca.crt /etc/openvpn/server/
sudo cp pki/issued/server.crt /etc/openvpn/server/
sudo cp pki/private/server.key /etc/openvpn/server/
sudo cp pki/dh.pem /etc/openvpn/server/

# Configure server.conf (example)
sudo nano /etc/openvpn/server.conf

Sample /etc/openvpn/server.conf:

port 1194
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key  # This file should be kept secret
dh /etc/openvpn/server/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Important Considerations: You would also need to configure client files using easy-rsa to generate certs and keys for the client and the client config file. You’ll then need to configure your firewall with ufw or iptables to allow OpenVPN traffic and forward it correctly.

2. Using WireGuard:

WireGuard is a modern VPN protocol known for its simplicity, speed, and security. It’s easier to configure than OpenVPN in some respects, and it often provides better performance.

Explanation:

Setting up WireGuard involves installing the wireguard package, generating private and public keys for both the server and clients, configuring the WireGuard interface (wg0 in most cases) on the server, and creating configuration files for each client. Like OpenVPN, you’ll need to handle routing and firewall configurations.

Code Example (Simplified Server Configuration):

# Install WireGuard
sudo apt update
sudo apt install wireguard

# Generate server private and public keys
wg genkey | tee privatekey | wg pubkey > publickey
SERVER_PRIVATE_KEY=$(cat privatekey)
SERVER_PUBLIC_KEY=$(cat publickey)

# Create the WireGuard interface configuration file
sudo nano /etc/wireguard/wg0.conf

Sample /etc/wireguard/wg0.conf:

[Interface]
PrivateKey = <SERVER_PRIVATE_KEY>
Address = 10.6.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Example Client Configuration (to be added as Peer below when client is created)
#[Peer]
#PublicKey = <CLIENT_PUBLIC_KEY>
#AllowedIPs = 10.6.0.2/32

Client Configuration Generation (Example):

Generate client keys and config:

wg genkey | tee clientprivatekey | wg pubkey > clientpublickey
CLIENT_PRIVATE_KEY=$(cat clientprivatekey)
CLIENT_PUBLIC_KEY=$(cat clientpublickey)

Now on the server, add this to the /etc/wireguard/wg0.conf file under the [Interface] section.

[Peer]
PublicKey = <CLIENT_PUBLIC_KEY>
AllowedIPs = 10.6.0.2/32

Finally, create a client config file (e.g. client1.conf)

[Interface]
PrivateKey = <CLIENT_PRIVATE_KEY>
Address = 10.6.0.2/32
DNS = 8.8.8.8, 8.8.4.4

[Peer]
PublicKey = <SERVER_PUBLIC_KEY>
Endpoint = <YOUR_SERVER_IP>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Starting Wireguard:

sudo ip link add dev wg0 type wireguard
sudo wg setconf wg0 /etc/wireguard/wg0.conf
sudo ip link set wg0 up
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Key Differences and Considerations:

• Complexity: Pritunl offers a GUI and simplifies many configuration steps. OpenVPN and WireGuard require more manual configuration.
• Performance: WireGuard is generally faster and more efficient than OpenVPN.
• Security: Both OpenVPN and WireGuard are considered secure protocols when properly configured.
• Management: Pritunl provides centralized management features, making it easier to manage multiple users and servers. OpenVPN and WireGuard require manual management of configurations.

Choosing the right VPN solution depends on your technical expertise, security requirements, and the level of control you need over your VPN infrastructure. For a balance of usability and control, Pritunl is a strong choice. If you prioritize performance and are comfortable with command-line configuration, WireGuard is an excellent alternative. If you prefer maximum customizability and have deep networking knowledge, configuring OpenVPN directly is an option. Remember to always prioritize security best practices when setting up any VPN solution.