Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pritunl VPN Server

Pritunl VPN Server

How to install pritunl VPN server

thanhgit

April 29, 2022
Tweet

More Decks by thanhgit

Other Decks in Technology

Transcript

  1. Pritunl VPN server
    Thanh Nguyen

    View full-size slide

  2. Setup
    - Link: https://docs.pritunl.com/docs/installation#aws-install\
    - Setup mongodb with authentication
    - Setup pritunl server
    - Setup nginx
    - Setup https with letsencrypt (certbot)

    View full-size slide

  3. Setup mongodb with authentication
    - Link: https://docs.pritunl.com/docs/securing-mongodb
    - https://docs.pritunl.com/docs/securing-mongodb#create-pritunl-
    user
    - https://docs.pritunl.com/docs/securing-mongodb#connecting-to-
    mongodb
    - Using `history` command to watch how to set up
    - Backup mongodb:
    mongodump --username --password -d pritunl -o

    - Restore mongodb:
    mongorestore -d pritunl

    View full-size slide

  4. Setup pritunl server
    - Link: https://docs.pritunl.com/docs/configuration-5
    - Mongodb connection string:
    mongodb://:@localhost:27017/pritunl
    - If using certbot nginx, you must to change port:
    sudo pritunl set app.redirect_server false
    sudo pritunl set app.reverse_proxy true
    sudo pritunl set app.server_ssl false
    sudo pritunl set app.server_port 8080

    View full-size slide

  5. Setup nginx and https
    - Link: https://www.nginx.com/blog/using-free-ssltls-certificates-from-
    lets-encrypt-with-nginx/
    - See at `/etc/nginx/nginx.conf`
    sudo certbot --nginx -d
    sudo crontab -e
    Add a new line: `0 12 * * * /usr/bin/certbot renew --quiet`

    View full-size slide

  6. Nginx.conf
    location / {
    proxy_pass https://localhost:8080/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;
    proxy_redirect off;
    }

    View full-size slide

  7. Fix reverse https
    At /usr/lib/pritunl/lib/python3.8/site-packages/pritunl/app.py
    server_cert_path = '/etc/letsencrypt/live/vpn.util4dev.xyz/cert.pem'
    server_key_path = '/etc/letsencrypt/live/vpn.util4dev.xyz/privkey.pem'

    View full-size slide

  8. Practices
    - Add a new user, organization
    - Create a server in pritunl admin -> open udp port in security group
    - Failure server or extend -> create a new server from AMI
    - Trace logs to fix errors about connectivity

    View full-size slide