Install Pritunl VPN Server and Client on Ubuntu 20.04: Free VPN Server

In today’s interconnected world, ensuring secure communication and data transfer is paramount. A Virtual Private Network (VPN) provides a secure tunnel across networks, encrypting your data and masking your IP address. This article will guide you through how to install Pritunl VPN Server and Client on Ubuntu 20.04. Pritunl is a free, open-source enterprise VPN server solution, offering a user-friendly web interface and the capability to create extensive cloud VPN networks. It boasts an official client package and supports all OpenVPN clients for broad device and platform compatibility. Let’s delve into the steps for setting up your own Pritunl VPN server on Ubuntu 20.04 and configuring a client to connect to it. Using this guide, you will learn how to Install Pritunl VPN Server and Client on Ubuntu 20.04.

Before you begin the Pritunl VPN Setup on Ubuntu 20.04, make sure you’re logged into your server as a non-root user with sudo privileges. If you haven’t already, refer to a guide on Initial Server Setup with Ubuntu 20.04 for instructions on creating such a user.

Required Packages for Pritunl VPN Setup

Begin by updating and upgrading your local package index to ensure you have the latest package information:

# sudo apt update
# sudo apt upgrade -y

Next, install the necessary packages for the Pritunl installation:

sudo apt install gpg curl gnupg2 software-properties-common apt-transport-https lsb-release ca-certificates -y

Now, you need to add the MongoDB and Pritunl VPN Server repositories to your Ubuntu 20.04 system.

Add MongoDB GPG Key and Repository on Ubuntu 20.04

Import the MongoDB APT repository keys using the following command:

curl -fsSL https://www.mongodb.org/static/pgp/server-5.0.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/mongodb-5.gpg

Then, add the MongoDB repository to your system’s sources list:

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu $(lsb_release -cs)/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list

Add Pritunl GPG Key and Repository on Ubuntu 20.04

Import the Pritunl GPG keys using the command below:

# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7AE645C0CF8E292A

**Output**
gpg: key 7AE645C0CF8E292A: public key "Pritunl <contact@pritunl.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Add the Pritunl repository to your Ubuntu 20.04 system:

echo "deb http://repo.pritunl.com/stable/apt $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/pritunl.list

Install Pritunl and MongoDB on Ubuntu 20.04

Update the system again and install the Pritunl and mongodb-org packages:

# sudo apt update
# sudo apt install mongodb-org pritunl -y

Start and enable the Pritunl and MongoDB services:

# sudo systemctl start pritunl mongod
# sudo systemctl enable pritunl mongod

Configure and Access Pritunl VPN Server on Ubuntu 20.04

Access the Pritunl VPN setup web interface by navigating to your server’s IP address in your web browser:

http://<your-server-ip>

You will be prompted for a Setup Key. Retrieve this key by running the following command in your terminal:

sudo pritunl setup-key

**Output**
ca3e792f00744afaa4bb004f993b9487

Enter the setup key and click Save. You will then see the Pritunl VPN Server sign-in screen.

To obtain the default username and password, run:

sudo pritunl default-password

**Output**
Administrator default password:
  username: "pritunl"
  password: "KFYjHRQXKBmL"

Enter the username and password on the login screen and click Sign in. You will be presented with the initial setup page, where you can change the admin user and password, set the domain, and configure Let’s Encrypt SSL. Click Save when you are finished, or configure these settings later.

Now you can configure organizations, users, and servers from the Pritunl dashboard on Ubuntu 20.04.

Add Organizations To Pritunl

Click on Users to manage VPN users. Users are associated with servers through organizations.

To create a new organization, click on “Add organization”, specify a name, and click “Add”.

Add VPN Server To Pritunl

Create a VPN server by clicking on “servers” and then “Add server”.

Provide the required server information and click “Add”.

Finally, attach the server to an organization by clicking on “Attach organization” and selecting your organization.

Add Users To Pritunl

Click on “Add user” to create a user profile on your VPN server. Enter the necessary information and click Add.

Note: To add multiple users at once, use the “Bulk Add user” function in the web interface.

Set up Pritunl VPN Client

Visit the Pritunl VPN clients page to download and install a client for your operating system. The installation instructions are available on the official page. Here, we’ll assume you’ve downloaded the Windows Client.

Once the VPN client is installed, log in to the Pritunl VPN server to download the user profile. Navigate to Users, select the user, and click the download icon to obtain the user profile.

Launch your Pritunl VPN client and choose “Import Profile”.

Locate the user’s profile .tar file that you downloaded and import it, or use the Client URL. You will then be able to connect to the Pritunl VPN server.

That completes the Pritunl VPN Setup on Ubuntu 20.04.

Alternative Solutions for VPN Server Setup on Ubuntu 20.04

While Pritunl is a convenient and user-friendly option, other solutions exist for setting up a VPN server on Ubuntu 20.04. Here are two alternative approaches:

1. OpenVPN with easy-rsa:

OpenVPN is a highly configurable and widely used open-source VPN solution. It offers granular control over various aspects of the VPN connection, including encryption protocols, authentication methods, and routing rules. Setting up OpenVPN manually involves generating certificates and keys using easy-rsa and configuring the OpenVPN server and client configurations.

• Explanation: This method requires more technical expertise than using Pritunl, but it provides greater flexibility and customization options. You have full control over the VPN’s security settings and can tailor it to your specific needs.
• Configuration Steps
  • Install OpenVPN and Easy-RSA:

    sudo apt update
    sudo apt install openvpn easy-rsa

  • Create a PKI:

    make-cadir /etc/openvpn/easy-rsa
    cd /etc/openvpn/easy-rsa
    ./easyrsa init-pki

  • Build CA

    ./easyrsa build-ca nopass

  • Generate Server Key and Certificate:

    ./easyrsa build-server-full server nopass

  • Generate Diffie-Hellman Parameters:

    ./easyrsa gen-dh

  • Generate Client Key and Certificate:

    ./easyrsa build-client-full client1 nopass

  • Copy Keys and Certificates:

    sudo cp pki/ca.crt /etc/openvpn
    sudo cp pki/dh.pem /etc/openvpn
    sudo cp pki/issued/server.crt /etc/openvpn
    sudo cp pki/private/server.key /etc/openvpn

  • Create OpenVPN Server Configuration:
    • Create /etc/openvpn/server.conf with contents similar to:

      port 1194
      proto udp
      dev tun
      ca ca.crt
      cert server.crt
      key server.key
      dh dh.pem
      server 10.8.0.0 255.255.255.0
      ifconfig-pool-persist ipp.txt
      push "redirect-gateway def1 bypass-dhcp"
      push "dhcp-option DNS 8.8.8.8"
      push "dhcp-option DNS 8.8.4.4"
      keepalive 10 120
      cipher AES-256-CBC
      user nobody
      group nogroup
      persist-key
      persist-tun
      status openvpn-status.log
      verb 3

  • Enable IP Forwarding:

    sudo nano /etc/sysctl.conf

  • Uncomment net.ipv4.ip_forward=1 and then

    sudo sysctl -p

  • Configure Firewall:

    sudo ufw allow 1194/udp
    sudo ufw route allow in on eth0 out on tun0
    sudo ufw route allow in on tun0 out on eth0
    sudo ufw default deny incoming
    sudo ufw default allow outgoing
    sudo ufw enable

  • Start OpenVPN Service:

    sudo systemctl start openvpn@server
    sudo systemctl enable openvpn@server

• Client Configuration: Copy the ca.crt, client1.crt and client1.key to your client and create a .ovpn file.

2. WireGuard:

WireGuard is a relatively new VPN protocol that aims to be simpler, faster, and more secure than traditional VPN protocols like OpenVPN and IPSec. It uses modern cryptography and a streamlined design, resulting in improved performance and easier configuration.

• Explanation: WireGuard is a good choice if you prioritize speed and simplicity. Its configuration is generally less complex than OpenVPN, and its performance is often superior.

• Installation Steps:

  • Install WireGuard:

    sudo apt update
    sudo apt install wireguard

  • Generate Keys:

    wg genkey | tee privatekey | wg pubkey > publickey

  • Create Server Configuration (/etc/wireguard/wg0.conf):

    
    [Interface]
    Address = 10.6.0.1/24
    ListenPort = 51820
    PrivateKey = <Server Private Key>
    PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

  [Peer]
  PublicKey =
  AllowedIPs = 10.6.0.2/32

  *   **Enable IP Forwarding:** (Same as in OpenVPN)
      *   Uncomment `net.ipv4.ip_forward=1` in `/etc/sysctl.conf` and run `sudo sysctl -p`.
  *   **Configure Firewall:**
  ```bash
  sudo ufw allow 51820/udp
  sudo ufw route allow in on eth0 out on wg0
  sudo ufw route allow in on wg0 out on eth0
  sudo ufw default deny incoming
  sudo ufw default allow outgoing
  sudo ufw enable

  • Start WireGuard Interface:

    sudo ip link add dev wg0 type wireguard
    sudo ip address add 10.6.0.1/24 dev wg0
    sudo ip link set wg0 up
    sudo wg setconf wg0 /etc/wireguard/wg0.conf
    sudo systemctl enable wg-quick@wg0.service
    sudo systemctl start wg-quick@wg0.service

  • Client Configuration: Create a client configuration file (e.g., wg0.conf) with the following:

    
    [Interface]
    PrivateKey = <Client Private Key>
    Address = 10.6.0.2/32
    DNS = 8.8.8.8, 8.8.4.4

  [Peer]
  PublicKey =
  Endpoint = :51820
  AllowedIPs = 0.0.0.0/0
  PersistentKeepalive = 25

These are just brief overviews; each solution requires a more detailed setup process. Choose the VPN server solution that best aligns with your technical expertise and specific requirements.

Conclusion

Pritunl is a great choice for quickly deploying a VPN server, especially for those who appreciate a graphical interface. Now you should understand how to install Pritunl VPN Server and Client on Ubuntu 20.04. However, keep in mind the alternative solutions, such as OpenVPN and WireGuard, offer more control and often better performance, at the expense of some ease of use. Ultimately, you have learned how to Install Pritunl VPN Server and Client on Ubuntu 20.04 and can make the choice which VPN solution is right for you.

Here are some additional articles you might find helpful:

• Reset Root Password on Ubuntu 20.04
• Install OpenJDK 19 on Ubuntu 20.04
• SmartGit Setup Ubuntu 20.04
• Installing XWiki on Ubuntu 20.04
• Elasticsearch analytics engine Ubuntu 20.04
• Varnish Cache Setup with Apache on Ubuntu 20.04