Jump to content

DIY VPN Pritunl Setup Tutorial

jakkuh_t
By jakkuh_t
in LTT Releases
 Share
Posted
On 1/3/2020 at 6:27 AM, captain_to_fire said:

Pft. @wkdpaul's VPN server is simpler imo

 

 

OpenVPN has a lot of issues and it's a really bloated VPN compared to other better solutions.. Like Wireguard. Also, OpenVPN requires a lot more setup under the hood than what ppl realize. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Thanks for this How Too !

I was waiting for it for a long time.

I have at home a Open Media Vault server, is there a way to use Pritunl on this machine ?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I've installed CentOS 7 on a vm, I can ping the IP of the server, and connect to it usisng ssh, but i can't open the web UI in the browser, to access the Pritunl. I have no idea what to do.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 1/14/2020 at 12:38 PM, LePygargueATeteBlanche said:

Both can do the trick (with maybe a bit of adaptation from the tutorial).

In this case I believe CentOS is recommended as it this pretty lightweight and will not cause higher bills on the VPS.

I tried both and noticed that on Debian 9 I would run out of RAM on a 512MB instance, where as on CentOS it would run fine.

Still rocking that i7-3770k

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 1/15/2020 at 6:24 AM, Venty said:

Just gone through it myself, using Nginx though.

Well, you can set it up using this guide.

I went ahead and used port 88 (with ssl disabled in pritunl) and setup up a reverse proxy in Nginx (so it uses the proper certificate I already have set-up).

Also, you might have to also set the Host header, not just the X-Forward ones.

Thank you so much. This was very helpful and exactly what I was looking for :D

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Hey, I cannot type the server password when in Putty, it just doesn't show anything even when I copy paste, same thing when trying to do it via windows cmd :(

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 1/13/2020 at 5:26 PM, Mqxi said:

Getting a 404 error when I try to run the command: 


sudo yum -y install pritunl

 I've simply copy-pasted all the above commands shown in the documentation. Here's the full error:

  


[quark@vultr ~]$ sudo yum -y install pritunl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                 |  29 kB  00:00:00
 * base: mirror.prolocation.net
 * epel: mirror.nl.leaseweb.net
 * extras: ams.edge.kernel.org
 * updates: mirror.1000mbps.com
base                                                                                 | 3.6 kB  00:00:00
extras                                                                               | 2.9 kB  00:00:00
mongodb-org-4.0                                                                      | 2.5 kB  00:00:00
pritunl                                                                              | 2.9 kB  00:00:00
updates                                                                              | 2.9 kB  00:00:00
pritunl/primary_db             FAILED
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below wiki article

https://wiki.centos.org/yum-errors

If above article doesn't help to resolve this issue please use https://bugs.centos.org/.

pritunl/primary_db             FAILED
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.


 One of the configured repositories failed (Pritunl Repository),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=pritunl ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable pritunl
        or
            subscription-manager repos --disable=pritunl

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=pritunl.skip_if_unavailable=true

failure: repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2 from pritunl: [Errno 256] No more mirrors to try.
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found

Thanks!

same problem here

do you solved?

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

What’s is the vps used for and do I need one if I’m creating  my own vpn on centos

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I had issues with connecting with OpenVPN client on android. 

 

The workaround is to use TCP port instead of UDP port. 

 

  • On the Vultr's Firewall group > change UDP port 1337 to TCP port 1337
  • On the Pritunl console > delete the existing server and create another with the same configs except change the protocol to 'tcp' instead of udp

You will have to download the profile again, and it works flawlessly !

 

Awesome guide btw !! 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Hey Linus !! 

So I setup the VPN with Pritunl on a VPS with Vultr.com. All went well, no issues  ? Testing at the moment..streaming , downloading browsing... so far so good . Im so glad to get away from PIA  ?

Yup...awesome guide !!

Peace to you

B.

shredah.net  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 1/13/2020 at 8:26 PM, Mqxi said:

Getting a 404 error when I try to run the command: 


sudo yum -y install pritunl

 I've simply copy-pasted all the above commands shown in the documentation. Here's the full error:

  


[quark@vultr ~]$ sudo yum -y install pritunl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                 |  29 kB  00:00:00
 * base: mirror.prolocation.net
 * epel: mirror.nl.leaseweb.net
 * extras: ams.edge.kernel.org
 * updates: mirror.1000mbps.com
base                                                                                 | 3.6 kB  00:00:00
extras                                                                               | 2.9 kB  00:00:00
mongodb-org-4.0                                                                      | 2.5 kB  00:00:00
pritunl                                                                              | 2.9 kB  00:00:00
updates                                                                              | 2.9 kB  00:00:00
pritunl/primary_db             FAILED
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below wiki article

https://wiki.centos.org/yum-errors

If above article doesn't help to resolve this issue please use https://bugs.centos.org/.

pritunl/primary_db             FAILED
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.


 One of the configured repositories failed (Pritunl Repository),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=pritunl ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable pritunl
        or
            subscription-manager repos --disable=pritunl

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=pritunl.skip_if_unavailable=true

failure: repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2 from pritunl: [Errno 256] No more mirrors to try.
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found

Thanks!

I am getting the same error. I thought I did something wrong.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 1/3/2020 at 9:37 AM, brconn said:

I'm having issues connecting to my VPN. I am using it to connect to my local network. I followed the tutorial other than for the firewall which I used webmin to setup as it was my local machine (Note: I tried to disable the firewall to see if that was the issue and it did not help). My output when starting the server in Pritunl appears to match that of the video other than one line (and the local IP which it choose 192.168.248.0) which reads:

 

"[thriving-waters-4299] Thu Jan  2 17:31:03 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet."

 

When I try and connect my logs on the client appear as follows:

"Thu Jan  2 17:36:01 2020 DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configuration.
Thu Jan  2 17:36:01 2020 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov 14 2018
Thu Jan  2 17:36:01 2020 library versions: OpenSSL 1.0.2p  14 Aug 2018, LZO 2.10
Thu Jan  2 17:36:01 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jan  2 17:36:01 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan  2 17:36:01 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan  2 17:36:01 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]108.183.41.1:1337
Thu Jan  2 17:36:01 2020 UDP link local: (not bound)
Thu Jan  2 17:36:05 2020 Server poll timeout, restarting
Thu Jan  2 17:36:05 2020 SIGUSR1[soft,server_poll] received, process restarting"

 

Any suggestions would be great.

Was having same problem. Realised I'd accidentally spun up a CentOS 8 server. If you go to your server instance > Settings > Change OS and set it to CentOS 7 x64 the problem will disappear.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

The server works great. Is there a guide on how to encrypt it with letsencrypt?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 1/2/2020 at 4:37 PM, brconn said:

I'm having issues connecting to my VPN. I am using it to connect to my local network. I followed the tutorial other than for the firewall which I used webmin to setup as it was my local machine (Note: I tried to disable the firewall to see if that was the issue and it did not help). My output when starting the server in Pritunl appears to match that of the video other than one line (and the local IP which it choose 192.168.248.0) which reads:

 

"[thriving-waters-4299] Thu Jan  2 17:31:03 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet."

 

When I try and connect my logs on the client appear as follows:

"Thu Jan  2 17:36:01 2020 DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configuration.
Thu Jan  2 17:36:01 2020 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov 14 2018
Thu Jan  2 17:36:01 2020 library versions: OpenSSL 1.0.2p  14 Aug 2018, LZO 2.10
Thu Jan  2 17:36:01 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jan  2 17:36:01 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan  2 17:36:01 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan  2 17:36:01 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]108.183.41.1:1337
Thu Jan  2 17:36:01 2020 UDP link local: (not bound)
Thu Jan  2 17:36:05 2020 Server poll timeout, restarting
Thu Jan  2 17:36:05 2020 SIGUSR1[soft,server_poll] received, process restarting"

 

Any suggestions would be great.

The IP address assigned to your VPN server is part of your internal network. This will not be reachable from outside your local network. This is why the connection is timing out. It will never find that internal IP address to connect to.

 

In order to make it work you will need to open your router's configuration and forward the desired port to your server. Then when connecting, point your outside device to your public IP address (the one assigned by your ISP). The router should then (if all goes well) forward the traffic to the port you specified and connect to the VPN server.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 1/2/2020 at 9:26 PM, PrankishTrac said:

Yeah it works fine on both my desktop and Surface with the Pritunl software, however I also wanna use it on my phone, Pritunl recommends using OpenVPN to login and they say they support it. When I put my profile into OpenVPN it reads it fine but then when I try to actually import the profile it takes forever then says "Connection Timed Out" maybe I'm entering in the wrong login or I need to enable something?

Is your server using an internal IP address? (192.168.x.x) If so you will be able to connect locally, but outside connections will not reach it.

 

In order to reach it from the outside you will need to configure your router to forward the VPN port to the internal server IP. Then, when connecting from outside (i.e. your phone) you point it at your external IP address (the one provided by your ISP) and the router should direct the traffic to the internal address.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

how do i create a profile with stronger encryption 256  rather than 128 ?   

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I've got everything working when I forward my custom port to the server.  I was hoping to use a VPN to avoid using port forwarding, though.  Anyone know if there's a way around it, or will I need to allow the port through?  Just concerned for the security of it on a home network.  I was to use it to access my file server externally.  Thanks!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I have an issue :/ - I have it all setup and connected but after a while it just doesn't work or load any webpages.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 12/31/2019 at 9:03 PM, jakkuh_t said:

On the Vultr.com website, under Products>Firewall click the "Add Firewall Group" button (https://i.imgur.com/plIIpKJ.png) and set the description to something related to VPN so you remember what it is for (ie. "VPN Firewall")

  1. Create a firewall rule to allow SSH connections to the VPS (https://i.imgur.com/oxtHuHw.png).
    1. Protocol: SSH
    2. Port: 22
    3. Source: My IP (or you can set this to Anywhere, but this will allow anyone to attempt to login to your server)
  2. Create a firewall rule for the VPN server IP (https://i.imgur.com/R67XT7E.png).
    1. Protocol: UDP
    2. Port: 1337 (or whatever you decide to use as your VPN port)
    3. Source: Anywhere (or you can define a specific IP range if you want to limit access to your VPN to only that range)
  3. Create a firewall rule to allow HTTPS connections to the VPN web panel (https://i.imgur.com/WyRmpSC.png).
    1. Protocol: HTTPS
    2. Port: 443
    3. Source: Anywhere (or you can define a specific IP range if you want to limit access to your VPN web panel to only that range)
  4. Create a firewall rule to allow HTTP connections to the VPN web panel for LetsEncrypt SSL, if you want to specify a custom domain (https://i.imgur.com/SXuJuXH.png).
    1. Protocol: HTTP
    2. Port: 80
    3. Source: Anywhere

 

Question. I am setting this up using a VPS from OVH (Due to location requirements), and I am trying to setup the rules inside the OVH firewall, but I do not have protocol options for SSH, HTTPS or HTTP. I can see UDP though. Which ones do I pick?

 

Screenshot:

https://imgur.com/a/U6x6z9o

 

Thank you for the guide!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 1/17/2020 at 9:20 PM, 3thanK said:

I am getting the same error. I thought I did something wrong.

 

On 1/16/2020 at 3:40 PM, luis_erasmo said:

same problem here

do you solved?

 

 

Did either of you solve this issue I'm getting the same thing?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 1/14/2020 at 3:26 AM, Mqxi said:

Getting a 404 error when I try to run the command: 


sudo yum -y install pritunl

 I've simply copy-pasted all the above commands shown in the documentation. Here's the full error:

  


[quark@vultr ~]$ sudo yum -y install pritunl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                 |  29 kB  00:00:00
 * base: mirror.prolocation.net
 * epel: mirror.nl.leaseweb.net
 * extras: ams.edge.kernel.org
 * updates: mirror.1000mbps.com
base                                                                                 | 3.6 kB  00:00:00
extras                                                                               | 2.9 kB  00:00:00
mongodb-org-4.0                                                                      | 2.5 kB  00:00:00
pritunl                                                                              | 2.9 kB  00:00:00
updates                                                                              | 2.9 kB  00:00:00
pritunl/primary_db             FAILED
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below wiki article

https://wiki.centos.org/yum-errors

If above article doesn't help to resolve this issue please use https://bugs.centos.org/.

pritunl/primary_db             FAILED
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.


 One of the configured repositories failed (Pritunl Repository),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=pritunl ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable pritunl
        or
            subscription-manager repos --disable=pritunl

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=pritunl.skip_if_unavailable=true

failure: repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2 from pritunl: [Errno 256] No more mirrors to try.
https://repo.pritunl.com/stable/yum/centos/7/repodata/e2a8a9331d3d1a2e1fe3b783de655f8703ca88318d0d279b5f5a7fa8cf46352d-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found

Thanks!

@Mqxi, @luis_erasmo, @3thanK, @Captain Pirate I contacted pritunl support with the same issue. They replied with this message: "A partial sync occurred on the repo causing issues with metadata, it has been fixed.". It indeed has been fixed, at least for me. I recommend clearing the yum cache before attempting to install again:

 

sudo yum clean all

sudo rm -rf /var/cache/yum/*

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

@cuv Thanks, I ended up going with openvpn because I was entirely too impatient. When I rework everything I'll give it another shot.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

So some quick questions, that are most likely noob/silly questions, but I noticed some behavior that I was hoping to confirm....

 

1) I could only get the https://IP address to bring up the site if I turned on the Private Network option under the Vultr settings. Is this normal?

2) Once I did do that, even though I put in https://IP address it still gave me a not secure warning a couple of times until the installation was complete. Is this normal?

3) I was able to connect and get everything up and running, however, when using the whatismyipaddress link in the above tutorial when the site initially loads it shows the server location and IP address from the VPN. However, when I was testing the first installation (I had to everything twice because I forgot a PW ?) I told the browser it was ok to find my location. The page reloaded and asked if I really wanted to do so and when I said yes it showed my VPN IP address but the location was now my house. Is this normal?

 

#3 seemed bizarre to me, versus #1 and #2 which just seemed like missing steps from the instructions that are listed as incomplete at the top.

 

Thank you in advance for any help and your time!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
On 1/16/2020 at 2:05 PM, Bob_SaintClar said:

Hey, I cannot type the server password when in Putty, it just doesn't show anything even when I copy paste, same thing when trying to do it via windows cmd :(

Passwords don’t show up. Just type it in or copy and paste it and then hit enter. 

Edited by IAmDarthMole
Grammar
Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing LTT Releases

×