DIY VPN Pritunl Setup Tutorial

[Fried.Bacon]

For people still using this, i wouldn't recommend enabling SSH and even the HTTPS management on your Public IP. If you want to manage your VPN server, then access it via VPN or access the VM console itself.

It's very insecure and not recommended to enable management protocols on public. 

Alternatively, you can set your firewall to allow only specific public IPs (like the public IP you are behind at home, you can get this via ipchicken.com). Note that even this is not recommended, since there are home internet connections that share the same public IP.

[billinus]

Thank you for the guide.

worked for me.

except for the connection that drops every few minutes then reconnects again.

i installed this on different vps providers and the issue remains

 

any help guy if you faced similar issues.

[rashkoff]

Hi,

I'm trying to change the web console port from 443 to 4443

4443 is white listed to firewall

 

sudo firewall-cmd --zone=public --add-port=4443/tcp --permanent
Warning: ALREADY_ENABLED: 4443:tcp
success
 

The problem is pritunl want to connect to new port. (any new port)

 

I have local access to the machine 

 

Any idea what I'm missing??

 

Thanks

 

Ricky

 

[Roukurai]

On 1/19/2020 at 8:42 PM, drumguy1384 said:

Is your server using an internal IP address? (192.168.x.x) If so you will be able to connect locally, but outside connections will not reach it.

 

In order to reach it from the outside you will need to configure your router to forward the VPN port to the internal server IP. Then, when connecting from outside (i.e. your phone) you point it at your external IP address (the one provided by your ISP) and the router should direct the traffic to the internal address.

Is this essentially referring to port forwarding? I keep getting the timed out error, and my IP is 181.174.105.88, so not really sure 

[Roukurai]

On 1/21/2020 at 10:36 PM, warecuber said:

I've got everything working when I forward my custom port to the server.  I was hoping to use a VPN to avoid using port forwarding, though.  Anyone know if there's a way around it, or will I need to allow the port through?  Just concerned for the security of it on a home network.  I was to use it to access my file server externally.  Thanks!

Where you able to use it without the port forwarding? I find it very near to impossible to port forward in my country. 

[barrynevio]

Vultr now offers a 1-Click Pritunl App. Just gave it a shot and didn't even need to SSH into the server. Just deployed then configured and managed through the pritunl web portal. 

https://www.vultr.com/docs/one-click-pritunl

[Roukurai]

7 minutes ago, barrynevio said:

Vultr now offers a 1-Click Pritunl App. Just gave it a shot and didn't even need to SSH into the server. Just deployed then configured and managed through the pritunl web portal. 

https://www.vultr.com/docs/one-click-pritunl

it doesn't offer the $3.50 though right? dang. I'll considering running it just to see if It can be done.

[getting started]

will this self made VPN be able to switch my NAT Type from Strict to Moderate / Open?

[robertwall87]

I am trying to set this up locally on a vm. Do i need to set up a firewall for it when it will be behind my firewall on my router? If so How should I go about doing this?

[thebenchmark]

On 5/19/2020 at 3:21 AM, robertwall87 said:

I am trying to set this up locally on a vm. Do i need to set up a firewall for it when it will be behind my firewall on my router? If so How should I go about doing this?

In theory no, you can just do the port forwarding on your router for the desired prots. Just make sure UPNP on your router doesn't open ports on its own such as SSH and web.

 

In any case thanks @jakkuh_t for the guide! 

I was able to setup my own VPN server on my own home server and on a rented VPS.

For my home installation on Centos 8 I noticed that Pritunl din't autostart on boot. So a Cron entry is required there.

My offsite VPN server installation took more than a day kept troubleshooting. The vpn server instance wouldn't launch and just kept emitting errors in the logs related to iptables amongst others. What appeared? My VPS was running on an OPENVZ host and apparently your hosting company needs to enable the TAP adapter on their host. Luckily this was quickly done by them (on a sunday, speaking of value for 1,5 usd!). So watch out for this error if your VM uses openVZ instead of KVM, the virtual network adapter (TAP) will need to be enabled by your hoster.

 

I did notice some performance issues. The VM has a 100mbit connection. For some reason I can't get a throughput higher than 70 mbit down and 15 mbit up. This is enough for my application but still strange. Especially the low upload figure. (yes my home connection is quite faster) Perhaps some throttling? Take into account you get what you pay for! Also the cpu gets pegged when reaching 80 mbit total or when lots of connections are hitting the server. This happened both in my home setup and the remote setup. My home setup uses one vcpu's taken from a Ryzen 2700x which is typically running at 3,7 Ghz. The hoster gave me 2 vcpu's on a Intel® Xeon® Silver 4110 Processor. While both chips are from the same age, the ryzen core is a bit faster than the two intel cores in a sysbench test. Off corse that is to be expected when the ryzen's clock is almost double. However for people looking at > 100 mbit beware that you need to choose a beefier VM in terms of cpu. I actually have no idea about memory usage scaling, both my servers have 1 GB. 

 

I do have another major issue. My hoster has servers in Amsterdam and other places. My VM is located in a 3rd world place. However they seem to move their ip's around based on demand. So most location services think I'm located in Amsterdam. This isn't very helpful when buying airline tickets or other items with price differentiation on them. Does anyone know how I can update that?

[Anas Sherif]

On 12/31/2019 at 9:03 PM, jakkuh_t said:

 

1. 1. Setup a firewall either in OS, or via the control panel of your VPS provider. We will be using the one supplied by Vultr.
      1. On the Vultr.com website, under Products>Firewall click the "Add Firewall Group" button (https://i.imgur.com/plIIpKJ.png) and set the description to something related to VPN so you remember what it is for (ie. "VPN Firewall")
         1. Create a firewall rule to allow SSH connections to the VPS (https://i.imgur.com/oxtHuHw.png).
            1. Protocol: SSH
            2. Port: 22
            3. Source: My IP (or you can set this to Anywhere, but this will allow anyone to attempt to login to your server)
         2. Create a firewall rule for the VPN server IP (https://i.imgur.com/R67XT7E.png).
            1. Protocol: UDP
            2. Port: 1337 (or whatever you decide to use as your VPN port)
            3. Source: Anywhere (or you can define a specific IP range if you want to limit access to your VPN to only that range)
         3. Create a firewall rule to allow HTTPS connections to the VPN web panel (https://i.imgur.com/WyRmpSC.png).
            1. Protocol: HTTPS
            2. Port: 443
            3. Source: Anywhere (or you can define a specific IP range if you want to limit access to your VPN web panel to only that range)
         4. Create a firewall rule to allow HTTP connections to the VPN web panel for LetsEncrypt SSL, if you want to specify a custom domain (https://i.imgur.com/SXuJuXH.png).
            1. Protocol: HTTP
            2. Port: 80
            3. Source: Anywhere

im having trouble setting up the firewall can anyone help? (im using centos 8 and i have disabled selinux)

[JeeJee]

 

ERROR Management socket exception im getting this, im using zaphosting bc ddos protection, they claim every port is open!

[Vaithis12]

 

not sure why i am getting this error and i am using the alibaba cloud VPS and i am a Linux noob here 

[SpaceX0wB0y]

Thanks for posting this information..... I copy and pasted mostly but now i have an idea on how a vpn works

[Litbelb]

hello, I know I'm 7 months late, but, for some reason, the pritunl client will connect for literally one second and then disconnect, but the logs from my vpn's website don't realize that i'm disconnected until about 30 seconds later, and my ip address is still in Washington instead of New Jersey. I made sure to stop the centos firewall, and it still doesnt work.

[dgcfus]

amazing guide, worked flawlessly.

 

one noob question tho:

how do i block internet access if the VPN is not connected?

Just want to avoid to forget running it

 

Thanks

[King_Domenik]

I apologize if this has already been answered. I have family from another country, and all I really need to do is set up a VPN so they can watch Netflix in their native language. Would this tutorial work if I bought a computer and set it up at my relative's home next time we went to visit? Would we be able to stream content from that country in the US? Thank you for your help!

[212SaM]

any one can point me to how i can open a port/forward it ? i disabled the firewalld like in the instructions , added the port in vulter firewall but when i check for the port it's closed  

[AirFusion45]

I am having an issue where Pritunl is getting killed by OOM every few days. Seems like it's over consuming memory and causing OOM to start killing processes. 

 

More information here: here

 

Thanks

[EthanDevelops]

On 1/2/2020 at 7:23 PM, PrankishTrac said:

I'm trying to connect using OpenVPN on mobile however it keeps timing out the connection? Any ideas?

The OpenVPN client on mobile is not very good. Try using a different client.

[EngineEye]

Will Multiple users be able to connect to the VPN Server? i might need to connect my phone and my laptop, and maybe even my PC. I also might allow some of my friends to connect to it from a different IP, is it possible?

[MediJaster]

So I'm trying to START the guide for the custom VPN server but I'm being immediately stopped when trying to run sudo yum -y install pritunl mongodb-org. The error is "Cannot retrieve metalink for repository" and I'm starting to get frustrated, as even the mighty stackoverflow can't help with this. Please helppp

[Rill3342]

On 12/31/2019 at 9:06 PM, jakkuh_t said:

So much writing omg... ahaha! Hopefully it works for you, let me know if you need any help.

The connection works for me, but there's no internet connection, can you pls help?

[tdave365]

On 4/26/2020 at 2:27 PM, billinus said:

Thank you for the guide.

worked for me.

except for the connection that drops every few minutes then reconnects again.

i installed this on different vps providers and the issue remains

 

any help guy if you faced similar issues.

 

Try this:  In the Printuni client click the stack menu icon (upper right in the client menu) > Edit Config.

 

Scroll down and look for ping-restart which by default is set for 60 (and I have to assume that means seconds).  Change 60 to some larger arbitrary number - I put in 500.  Then save and see if your situation improves.  

 

It seems to have worked for me as I faced the same exact issue.  I have not explored the documentation but intuitively I'd say that setting is a ping test that occurs once a minute (60 seconds) and which easily fails over most connections for a variety of reasons.  Bumping it up gives this hypothetical test more breathing room. 

[tdave365]

Word of warning to anyone using this methodology and presumably many other VPNs.  This entire process does not block leakage of IPv6 information from your PC.  I just learned that my computer broadcasts IPv6 info.

 

Immediately after tooling around and getting my VPN up and running successfully, I bee-lined to one of those "about my connection" websites to marvel at the results and found just about everything about me was still exposed. 

 

To fix it was simple enough, I just disabled IPv6, and will make a point to do so anywhere I use a VPN.  I guess one day that won't be a good idea but that sure isn't today.  By then, this solution and other VPN solutions will probably natively accommodate the matter.