Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pritunl VPN Server

Pritunl VPN Server

How to install pritunl VPN server


April 29, 2022

More Decks by thanhgit

Other Decks in Technology


  1. Setup - Link: https://docs.pritunl.com/docs/installation#aws-install\ - Setup mongodb with authentication -

    Setup pritunl server - Setup nginx - Setup https with letsencrypt (certbot)
  2. Setup mongodb with authentication - Link: https://docs.pritunl.com/docs/securing-mongodb - https://docs.pritunl.com/docs/securing-mongodb#create-pritunl- user

    - https://docs.pritunl.com/docs/securing-mongodb#connecting-to- mongodb - Using `history` command to watch how to set up - Backup mongodb: mongodump --username <user_name> --password <password> -d pritunl -o <directory_backup> - Restore mongodb: mongorestore -d pritunl <directory_backup>
  3. Setup pritunl server - Link: https://docs.pritunl.com/docs/configuration-5 - Mongodb connection string:

    mongodb://<user_name>:<password>@localhost:27017/pritunl - If using certbot nginx, you must to change port: sudo pritunl set app.redirect_server false sudo pritunl set app.reverse_proxy true sudo pritunl set app.server_ssl false sudo pritunl set app.server_port 8080
  4. Setup nginx and https - Link: https://www.nginx.com/blog/using-free-ssltls-certificates-from- lets-encrypt-with-nginx/ - See

    at `/etc/nginx/nginx.conf` sudo certbot --nginx -d <domain_name> sudo crontab -e Add a new line: `0 12 * * * /usr/bin/certbot renew --quiet`
  5. Nginx.conf location / { proxy_pass https://localhost:8080/; proxy_http_version 1.1; proxy_set_header Upgrade

    $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header X-Forward-Proto http; proxy_set_header X-Nginx-Proxy true; proxy_redirect off; }
  6. Practices - Add a new user, organization - Create a

    server in pritunl admin -> open udp port in security group - Failure server or extend -> create a new server from AMI - Trace logs to fix errors about connectivity