One-Click Pritunl
Introduction
Pritunl is an easy-to-use, open-source VPN server with an intuitive web management interface. Vultr's One-Click Pritunl server is the easiest way to set up a VPN server using OpenVPN protocol.
Prerequisites
When you follow this tutorial, Pritunl will install a Let's Encrypt SSL certificate, which requires a fully-qualified domain name (FQDN) to assign the SSL Certificate. Make sure you have a domain name and can assign an IP address with your DNS provider.
1. Register Domain Name
This guide uses example IP 192.0.2.123 and FQDN pritunl.example.com. Replace these values with your information.
Once your Pritunl server has deployed, you'll see the server IP address in your customer portal.
Copy the IP address and assign it to a fully-qualified domain name (FQDN) at your DNS provider.
Open the Firewall
Check that your server allows the required ports.
$ sudo ufw allow http
$ sudo ufw allow https
Choose a port for the VPN traffic, such as 10447.
$ sudo ufw allow 10447/udp
$ sudo ufw reload
If you put your Pritunl server behind a Vultr Firewall, make sure to open the required ports there as well.
2. Set up Server SSL Certificate
Navigate to your server by IP address (example: 192.0.2.123) with your web browser.
You'll be greeted with a certificate warning. See our instructions to bypass the HTTPS warning for self-signed SSL/TLS certificates.
Sign in with username pritunl and the password located on your server instance dashboard.
Note: You can retrieve a lost password by connecting to the server instance as root and executing:
# pritunl default-password
On the Initial Setup screen, choose a new strong password for your pritunl account. Note that this will not update the password shown on the instance dashboard, so be sure to record it securely.
Enter the FQDN for your server in the Let's Encrypt Domain field.
Leave the other fields at default.
Click Save.
You'll receive a confirmation message when the setup completes after a few seconds.
Logout and close your browser tab.
Open a new browser tab and navigate to your FQDN.
Login as pritunl with your new password.
Verify your session is secure, and the certificate is valid.
3. Set up Users, Organization, and Server.
Click Users
Click Add Organization
Enter your organization name in the pop-up window.
Click Add.
Click Add User.
Enter a user name and a numeric PIN, at least six digits long.
Click Add.
Click Servers, the Add Server.
Enter your server name, then click Add.
Leave the port, protocol, DNS, and Virtual Network set to default. They will be different than the example shown below.
Click the blue Attach Organization button in the upper-right.
The organization and server name are preselected.
Click Attach.
Click the green Start Server button.
The server is now running.
4. Setup Client VPN
Click Users in the top menu bar.
Click the download arrow for the user profile.
Save and extract the .tar file containing the OpenVPN profile.
- We recommend 7-Zip if you do not have a program to extract .tar files.
Download and install the OpenVPN client.
Double click the .ovpn file you extracted from the .tar file.
The OpenVPN Client launch and ask if you want to import the OpenVPN profile.
Click OK to import the profile.
Enter your username, then click Add.
- Click the switch to connect to the VPN.
Enter your six-digit numeric PIN in the password prompt.
Click OK to connect to the VPN.
Verify your local workstation's IP address is the same as your Pritunl server instance.
Conclusion
Once your server is functioning correctly for a single user, you can add additional users to the same server and organization.
References
About One-Click Apps
One-Click apps are updated regularly without notice. When launching a One-Click app, you'll receive our latest version. We do not update deployed instances, and you are responsible for keeping the instance up-to-date. If you design an infrastructure based on One-Click apps and need to ensure the same app version in the future, take a snapshot of the initial deployment and create new instances from the snapshot.