How to install VPN-Server with PRITUNL on Debian 10
Pritunl is a VPN server software based on the popular OpenVPN platform. In this tutorial, you will learn how to set up and use Pritunl on your Debian -based server.
I encountered lots of misinformation on the internet during my installation, which made installing pritunl difficult. So you don’t have these problems, I’ve summarized the tutorial in an easy to understand way.
Please remember, if you don’t have access to the root account, use sudo before every command!
You need a Debian 10-based server. IYou need a Debian 10 based server. If you are using server software, you will need to stop it, since Pritunl requires both 80 and 443 ports to run, or use a reverse proxy server.
Make sure that your system is updated:
apt update apt upgrade
If you are using a firewall, then we need to open some ports for Pritunl to work properly.
If you are using an ufw firewall, use the following commands:
ufw allow http ufw allow https ufw allow 10447/udp ufw reload
If you look closely, we have port 10447 open over UDP. We will use this port to run our VPN. So make a note of the port number. However, you can choose any port number you want.
Step 1: Add the Pritunl repository.
echo "deb http://repo.pritunl.com/stable/apt buster main" | tee /etc/apt/sources.list.d/pritunl.list
Step 2: Add the mongodb repository.
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | tee /etc/apt/sources.list.d/mongodb-org-5.0.list
You can find the current one here: https://docs.mongodb.com/manual/tutorial/install-mongodb-on-debian/
Step 3: Add public keys for Pritunl and Mongodb repositories.
Install gnupg and its required libraries using the following command:
apt-get install gnupg
Once installed, retry importing the key:
wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add - # for MongoDB apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A # for pritunl
Step 4: Install Pritunl and Mongodb.
apt-get install pritunl mongodb-org -y systemctl start mongod pritunl # Check the current services especially for mongodb and pritunl systemctl --type=service # If you receive an error similar to the following when starting mongod: Failed to start mongod.service: Unit mongod.service not found. # Run following command first: systemctl daemon-reload # And check again current services: systemctl --type=service # Enable Mongodb and pritunl, so it will start after reboot systemctl enable mongod pritunl
Your Pritunl server is up and running. We need to configure it before we can use it. The Pritunl administration page is protected by a self-signed SSL certificate. Your browser will object for the first time. Add exceptionally and it should work fine from then on.
When you launch Pritunl with the assigned IP address in the browser for the first time, you will be greeted by the following screen.
You need a setup key here. To generate your setup key, run the following command:
Paste the generated key into the field and press Save. You will be greeted by the following screen:
According to the given instruction, run the following command to get your credentials:
Log in to go to the initial configuration screen. Enter the domain registered for your VPN site in the Lets encrypt domain text box. If you want to change your username and password, you can enter a new credentials. Also add your Public IP Address. If you need to find out what your public ip adress is please visit:
optinally you can accept IPv6 connections and then press Save to continue.
Go to the Users tab. To connect to the VPN, you need to create an organization and a user. First, click Add Organization. After you have created it, add a user to this organization by clicking Add User.
It’s time to create a server that your users can connect to. Go to the Servers tab and click Add Server.
Choose a name for your server. Choose the protocol as UDP and the port as 10447, which we added to our firewall earlier (as long as you use a firewall). Be sure to use a different Virtual Network than your Production network, as I have encountered connection issues.
If you want to control how many clients and how many devices can connect to your server, you can configure that by clicking the Advanced button. Here’s what it will look like. Make sure the Allow multiple devices option is selected first. If you have a properly working DNS in your production network, you can specify your domain under DNS Search Domain.
Click Add to continue.
The next step is to attach the server you just created to our organization. To do this, click Attach Organization. After that, click Start Server to start your VPN service.
You have completed the configuration of your Pritunl VPN server.
Connect with Pritunl
Since Pritunl is OpenVPN-based software, you can use any OpenVPN-compatible client to connect. Pritunl offers clients for Linux, macOS and Windows. You can use any of them.
To connect using the OpenVPN client, you need the configuration file for it. Switch to the Users tab and click the Download button.
You can extract the configuration file and import it into your OpenVPN client to connect. To confirm if you are successfully connected through the VPN, visit whatismyip.com, among others. It will display your changed IP and location if your connection is successful.
There is one last thing you need to talk about before finishing the tutorial, and that is the command line tool.
Pritunl command line
Pritunl VPN comes with a command line tool that allows you to perform certain tasks, such as resetting the password, resetting SSL, resetting the version in case of downgrade, reconfiguring and repairing the database, viewing logs and changing properties.
To check which version of Pritunl you are using, use
If Pritunl’s database gets corrupted, you can repair it with the following commands:
systemctl stop pritunl pritunl repair-database systemctl start pritunl
If you have forgotten the web console credentials, reset the credentials using the following commands:
Change web console port
By default, Pritunl runs on port 443. If you want to change it, use the following command:
pritunl set app.server_port 443
Change the number 443 with any port you want to choose. Pritunl also runs a web server on port 80 for Let’s Encrypt verification and redirecting HTTP requests to HTTPS. If you do not want it running, use the following command:
pritunl set app.redirect_server false
There are many more things you can do with the command line. Check the official documents for more.
That’s all in this tutorial. If you have any questions, ask them in the comments below. 🙂