I've written before tutorial build OpenVPN server on Centos 5, but there is no control panel for managing servers and users; all must be done via CLI. Well, this time I will provide a tutorial on building an Open VPN server with Pritunl.
Pritunl is an enterprise-class OpenVPN and IPsec server application, distributed in open source. For basic features, Pritunl can be used for free. However, for advanced features, Pritunl costs $10 - $50 per month. With basic features, it is sufficient for personal needs.
We need a VPS, don't need high specs, with 1 CPU and 512 MB is enough. For OS, Pritunl supports many Linux distributions; You can use Arch Linux, AmazonLinux 1, AmazonLinux 2, CentOS 7, Debian 8, Debian 9, Oracle Linux 7, Ubuntu 16.04 and Ubuntu 18.04. For this tutorial, I'm using Ubuntu 16.04.
Choose a datacenter location closest to you, in Jakarta or Singapore if you are in Indonesia.
As for the OpenVPN client, Pritunl supports Windows, Mac OS; also many Linux distributions such as Arch Linux, Centos 7, Debian 9, Antergos, Fedora 28, Ubuntu 16.04, Ubuntu 18.04 and Ubuntu 18.10.
Login to your Ubuntu VPS, and enter the following commands one by one in sequence:
sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list << EOF deb https://repo.mongodb.org/apt/ubuntu xenial / mongodb-org / 4.0 multiverse EOF sudo tee / etc /apt/sources.list.d/pritunl.list << EOF deb http://repo.pritunl.com/stable/apt xenial main EOF sudo apt-key adv --keyserver hkp: //keyserver.ubuntu.com - -recv 9DA31620334BD75D9DCB49F368818C72E52529D4 sudo apt-key adv --keyserver hkp: //keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A sudo apt-getct update sudo apt-getlbassum start enable pritunl mongod
Then enter the following command to raise the Open File limit:
sudo sh -c 'echo "* hard nofile 64000" >> /etc/security/limits.conf' sudo sh -c 'echo "* soft nofile 64000" >> /etc/security/limits.conf' sudo sh -c 'echo "root hard nofile 64000" >> /etc/security/limits.conf' sudo sh -c 'echo "root soft nofile 64000" >> /etc/security/limits.conf'
Now open a browser, and visit your server's OpenVPN address at https://AlamatIPServer/.
* Note: If an SSL error warning appears, just continue, later we will install SSL Lets Encrypt.
To get the setup key, run the command:
And enter the setup key like the example below
Next, the login column will appear as below. To get the login username and password, run the command:
sudo pritunl default-password
If successful login, a Pritunl configuration pop-up will appear as below.
In this configuration column, you can change the username & password. And the main thing is to enter the domain (or subdomain) that you will use to access this Pritunl server. Don't forget to point the domain / subdomain that you will use first, to the IP address of this Pritunl server. Enter the domain / subdomain into the Lets Encrypt Domain field, and press the Save button. Then Pritunl will automatically request an SSL certificate to Lets Encrypt, and install it.
After Pritunl confirms that the configuration is successful, now please try to access it with the url https://NamaDomainAnda.
User and Server Configuration
We start by configuring the User first. Click the Users menu, then select Add Organization. It's kind of like creating a user group. Fill in the desired organization name, and click Add.
Next we will create / add a user to the organization that we just created. Click the Add User button. Enter the user name, select the organization, email, and PIN to use later when connecting to the Pritunl server, a kind of password. Usually I just use numbers, like PIN in general. If so, don't forget to click Add.
Next, we do the server configuration. Click the Servers menu, and select Add Server.
Enter the desired server name in the Name field. If you want to change the DNS other than the default, enter it in the field DNS Server. The port can be left the default, or change as you wish. For protocol, I suggest sticking with UDP. If you want to use IPv6, please tick Enable IPv6; but make sure your server has IPv6 and your client connections support IPv6; if in doubt it is better not to use IPv6. Virtual Network is the virtual IP address that will be assigned to the OpenVPN client, leave the default values. To add security, you can activate the feature Enable Two-Step Authentication.
The next step is to do "attach“, Which organization (or group) can access our Pritunl server. On page Servers, choose Attach Organization. In the Attach Organization window, select the organization / group and server, and click Attach.
And to run the server, click the button Start Server. Check the log output, if it says "Initialization Sequence Completed", Then the server is running and ready to use.
To be able to connect to the Pritunl OpenVPN server that we created earlier, we must download the User Profile. You can find the link to download it on the menu Users, select the user we want to download the profile for, and click the link Click to download profile.
Or you can provide a download link User Profile to your clients, by clicking the link Get temporary profile links. (this link is temporary, will expire in 24 hours).
Now download Pritunl Client so we can connect. To download the installer, please visit the page Pritunl Client.
To check whether your connection is through the Pritunl server, visit the website https://whatismyipaddress.com/ or input in the Google search field, with the keyword "whatismyipaddress". If what appears is the IP address of the Pritunl server, it means you have successfully connected. Hopefully useful & good luck!