Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pritunl VPN Server

thanhgit
April 29, 2022
Technology
0
34

Pritunl VPN Server

How to install pritunl VPN server

thanhgit

April 29, 2022
Tweet

More Decks by thanhgit

See All by thanhgit
AWS ECS fargate
thanhgit
0
36
AWS Lambda function
thanhgit
0
42
CICD from on-premise to cloud
thanhgit
0
66
Infra as Code (terraform)
thanhgit
0
38
Accessing RDS from local
thanhgit
0
26
AuthN & AuthZ with distributed systems
thanhgit
0
70
Permission design
thanhgit
0
31
Blockchain - góc nhìn về kĩ thuật và ứng dụng
thanhgit
0
160
Giới thiệu về kiến trúc phần mềm
thanhgit
0
140

Other Decks in Technology

See All in Technology
プロデュ―サーさん、今日も安全運転でよろしくね☆~OBD2を用いた速度・回転数検知ツールの開発~
hato3isfriend
0
160
Blueskyの「今」がわかる!Bot
lamrongol
0
130
Spring Boot 2 から 3 へバージョンアップしてみた
red_frasco
1
190
Virtual Threads - 導入の背景と、効果的な使い方 -
skrb
2
330
Oracle Exadata Database Service on [email protected] ([email protected]) - UI スクリーン・キャプチャ集
oracle4engineer
PRO
0
430
Exadata Database Cloud (Exadata Cloud Service) サービス技術詳細
oracle4engineer
PRO
0
29k
よくわかるフォルシアのエンジニア 旅行プラットフォーム部編
forcia_dev_pr
0
230
Romi チームの OpenSearchのコスト最適化事例

mixi_engineers
PRO
0
230
Semantic Kernel を使って ChatGPT Plugins をアプリに組み込んでみよう
okazuki
0
150
Oracle Exadata Database Service on [email protected] X9M ([email protected]) 技術詳細
oracle4engineer
PRO
0
1.5k
IaCのCI/CDを考えよう / JAWS-UG_Okayama_IaC_CICD
taishin
1
190
高速な深層学習モデルアーキテクチャ2023
yu4u
2
1.7k

Featured

See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
41
8.2k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
32
8.4k
Rails Girls Zürich Keynote
gr2m
89
12k
Ruby is Unlike a Banana
tanoku
93
9.7k
Imperfection Machines: The Place of Print at Facebook
scottboms
255
12k
Why Our Code Smells
bkeepers
PRO
327
55k
Designing the Hi-DPI Web
ddemaree
273
33k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
1.5k
Atom: Resistance is Futile
akmur
256
24k
Testing 201, or: Great Expectations
jmmastey
26
5.9k
Building Effective Engineering Teams - LeadDev
addyosmani
5
600

Transcript

  1. Pritunl VPN server
    Thanh Nguyen

    View Slide

  2. Setup
    - Link: https://docs.pritunl.com/docs/installation#aws-install\
    - Setup mongodb with authentication
    - Setup pritunl server
    - Setup nginx
    - Setup https with letsencrypt (certbot)

    View Slide

  3. Setup mongodb with authentication
    - Link: https://docs.pritunl.com/docs/securing-mongodb
    - https://docs.pritunl.com/docs/securing-mongodb#create-pritunl-
    user
    - https://docs.pritunl.com/docs/securing-mongodb#connecting-to-
    mongodb
    - Using `history` command to watch how to set up
    - Backup mongodb:
    mongodump --username --password -d pritunl -o

    - Restore mongodb:
    mongorestore -d pritunl

    View Slide

  4. Setup pritunl server
    - Link: https://docs.pritunl.com/docs/configuration-5
    - Mongodb connection string:
    mongodb://:@localhost:27017/pritunl
    - If using certbot nginx, you must to change port:
    sudo pritunl set app.redirect_server false
    sudo pritunl set app.reverse_proxy true
    sudo pritunl set app.server_ssl false
    sudo pritunl set app.server_port 8080

    View Slide

  5. Setup nginx and https
    - Link: https://www.nginx.com/blog/using-free-ssltls-certificates-from-
    lets-encrypt-with-nginx/
    - See at `/etc/nginx/nginx.conf`
    sudo certbot --nginx -d
    sudo crontab -e
    Add a new line: `0 12 * * * /usr/bin/certbot renew --quiet`

    View Slide

  6. Nginx.conf
    location / {
    proxy_pass https://localhost:8080/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;
    proxy_redirect off;
    }

    View Slide

  7. Fix reverse https
    At /usr/lib/pritunl/lib/python3.8/site-packages/pritunl/app.py
    server_cert_path = '/etc/letsencrypt/live/vpn.util4dev.xyz/cert.pem'
    server_key_path = '/etc/letsencrypt/live/vpn.util4dev.xyz/privkey.pem'

    View Slide

  8. Practices
    - Add a new user, organization
    - Create a server in pritunl admin -> open udp port in security group
    - Failure server or extend -> create a new server from AMI
    - Trace logs to fix errors about connectivity

    View Slide