- Installation
- pritunl
- Enterprise Distributed OpenVPN, IPsec and WireGuard Server
- Simple Virtual Private Networks
- The Most Secure VPN Server
- Pritunl Zero
- AWS VPN Server
- Single Sign-On
- Multi-Cloud VPC Peering
- Infrastructure
- Platform and Device Support
- WireGuard Support
- Advanced Security
- Plugin System
- Aviatrix Alternative
- Pulse Secure Alternative
- Tailscale Alternative
- Open Source Alternative
- Open Source
- Free to Use
- Easy Configuration
- Security
- Multiple Protocols
- REST API
- Examples
- Getting Started
- Replicated Servers
- Secure Access to a Private Network
- Site-to-Site Configuration
- Distributed and Scalable
- Scale Easily
- Simple Distribution
- High Availability
- Distributed and Scalable
- Subscription Plans
- Free
- $0/month
- Premium
- $10/month
- Enterprise
Installation
Below are several methods available for installing Pritunl.
Pritunl includes full SELinux polices which cover both the main pritunl process and the isolated pritunl-web web server process. Running Pritunl with a Linux distribution that supports SELinux will significantly improve security. It is recommend to only use Red Hat Enterprise Linux, Oracle Linux or CentOS for Pritunl servers. The first log message shown when the Pritunl server is started will indicate the SELinux context. It should look similar to the log message below, if it is none or unconfined the SELinux policy is not functioning.
[pritunl0][2018-12-16 07:45:03,406][INFO] Starting server selinux_context = "system_u:system_r:pritunl_t:s0" All development and testing of Pritunl software is done on Oracle Linux and it is the recommended distribution to use for Pritunl software. It will provide the highest level of compatibility, reliability and security. Oracle provides a script to switch CentOS to Oracle Linux if the chosen platform does not have Oracle Linux images.
If you intend on creating a Pritunl cluster with multiple hosts all the hosts will need to connect to the same MongoDB database. For cluster configurations it is best to have a dedicated server that is not running Pritunl for the MongoDB database. Single host configurations can run MongoDB with Pritunl on the same server.
For MongoDB servers with high memory are best (t3.medium, t3.large) are best. For Pritunl nodes high CPU with good single-threaded performance (higher core frequency) are best (c5.large). For large deployments several small nodes with fewer connections per node is better then fewer larger nodes with more connections per node. For the best performance it is recommended to spend $0.50-$1.00 per concurrent connection each month on server costs. More information on AWS recommendations can be found in the Scaling documentation.
Amazon Linux does not support SELinux and should not be used with Pritunl. Pritunl includes full SELinux policies and an isolated web server process that significantly improve security. Only the Red Hat Enterprise Linux (includes software fee), Oracle Linux and CentOS support SELinux on AWS.
To install Pritunl on AWS open the create instance interface and search for the Oracle Linux owner ID 131827586825 then select the Community AMIs tab. Select the latest Oracle Linux 8 AMI currently OL8.5-x86_64-HVM-2021-11-24. This will use the free official Oracle Linux 8 image with SELinux support. To find the latest release number check the Oracle Linux ISO Repository The left column will show a number such as 8.5, then find this number with the latest date in the AMI server results.
The AWS community AMI and marketplace sections contain public images that can be uploaded without any verification. These sections contain several packages with names containing Oracle Linux, CentOS and Pritunl. Using these unverified images could compromise the security of your network. Pritunl does not publish any AMIs or marketplace images. Only the Amazon provided images in the Quick Start section and the official Oracle Linux images from the Oracle owner ID above should be used.
After creating the EC2 instance SSH to the server with the username ec2-user and run the commands below to install Pritunl and MongoDB.
Both iptables-services and firewalld must be disabled on the server to prevent interference with the Pritunl iptables rules. If the Pritunl iptables configuration is incorrectly modified by other software this can cause connection issues or inadvertent access to networks that are not permitted in the Pritunl server route configuration.
sudo tee /etc/yum.repos.d/mongodb-org-6.0.repo key.tmp; sudo rpm --import key.tmp; rm -f key.tmp # Alternative import from download if keyserver offline sudo rpm --import https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc # Install updated openvpn package from pritunl sudo yum --allowerasing install pritunl-openvpn sudo yum -y install pritunl mongodb-org sudo systemctl enable mongod pritunl sudo systemctl start mongod pritunl To install Pritunl on Oracle Cloud click Create Instance and use the latest Oracle Linux 8 image. Then add SSH keys and create the instance.
After creating the instance SSH to the server with the username opc and run the commands below to install Pritunl and MongoDB.
Both iptables-services and firewalld must be disabled on the server to prevent interference with the Pritunl iptables rules. If the Pritunl iptables configuration is incorrectly modified by other software this can cause connection issues or inadvertent access to networks that are not permitted in the Pritunl server route configuration.
sudo tee /etc/yum.repos.d/mongodb-org-6.0.repo key.tmp; sudo rpm --import key.tmp; rm -f key.tmp # Alternative import from download if keyserver offline sudo rpm --import https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc # Install updated openvpn package from pritunl sudo yum --allowerasing install pritunl-openvpn sudo yum -y install pritunl mongodb-org sudo systemctl enable mongod pritunl sudo systemctl start mongod pritunl Run the commands below to install Pritunl on any other provider with Oracle Linux 8 or any other RHEL based distribution. The Oracle EPEL oracle-epel-release-el8 is only available on Oracle Linux for other distributions use the Fedora EPEL shown below.
sudo tee /etc/yum.repos.d/mongodb-org-6.0.repo key.tmp; sudo rpm --import key.tmp; rm -f key.tmp # Alternative import from download if keyserver offline sudo rpm --import https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc # Install updated openvpn package from pritunl sudo yum --allowerasing install pritunl-openvpn sudo yum -y install pritunl mongodb-org sudo systemctl enable mongod pritunl sudo systemctl start mongod pritunl Run the commands below to install Pritunl on any other provider with Ubuntu 22.04
sudo tee /etc/apt/sources.list.d/pritunl.list pritunl
Enterprise Distributed OpenVPN, IPsec and WireGuard Server
Virtualize your private networks across datacenters and provide simple remote access in minutes
Demo
Simple Virtual Private Networks
Create a cloud vpn with complex site-to-site links, gateway links and provide local network access to remote users. Protect your network traffic and remote users connecting over public connections with secure encryption. All from a simple web interface
The Most Secure VPN Server
Pritunl provides innovative security features not available from any other provider. Including TPM and Apple Secure Enclave device authentication, a dynamic firewall, SELinux policies, dual web server design and self shutdown notification system
Pritunl Zero
Open source BeyondCorp server is also available from Pritunl providing zero trust security for privileged access to ssh and web applications
AWS VPN Server
Interconnect AWS VPC networks across AWS regions and provide reliable remote access with automatic failover that can scale horizontally
Single Sign-On
Securely deploy remote access to thousands of users using their existing company account with support for several single sign-on providers and protocols
Multi-Cloud VPC Peering
Create multi-cloud site-to-site links with VPC peering. VPC peering available for AWS, Google Cloud, Azure and Oracle Cloud
Infrastructure
Quickly scale to thousands of users with high availability in a cloud environment without the need for expensive proprietary hardware
Platform and Device Support
Pritunl supports all OpenVPN clients and has official clients for several devices and platforms
WireGuard Support
Clients can choose between connecting with OpenVPN and WireGuard. All networking features are available with the WireGuard protocol
Advanced Security
Pritunl is the most secure VPN server available and the only VPN server to offer up to five layers of authentication
Plugin System
Highly customizable Python plugin system to allow expanding and modifying Pritunl. Plugins can be created to support custom authentication systems and custom access control systems
Aviatrix Alternative
A faster and more secure alternative to Aviatrix with more features and no per-connection pricing
Pulse Secure Alternative
Lower cost and more customizable alternative to Pulse Secure with transparent pricing
Tailscale Alternative
Lower cost and more customizable WireGuard server alternative to Tailscale
Open Source Alternative
Pritunl is the best open source alternative to proprietary commercial vpn products such as Aviatrix and Pulse Secure. Create larger cloud vpn networks supporting thousands of concurrent users and get more control over your vpn server without any per-user pricing
Open Source
All source code for Pritunl is publicly available on GitHub. Allowing for complete transparency and customization.
Free to Use
Free and open source alternative to Aviatrix and Pulse Secure. No registration or credit card necessary.
Easy Configuration
All configuration is done from a web interface allowing easy management of large organizations and complex configurations.
Security
All traffic between clients and the server is encrypted. Optional two-step authentication is available using Google Authenticator.
Multiple Protocols
Pritunl supports both OpenVPN and WireGuard clients. IPsec is used for site-to-site links and VPC peering.
REST API
Easily integrate and configure Pritunl with other services using the REST API. Documentation is available in the platforms section.
Examples
Getting Started
Replicated Servers
Secure Access to a Private Network
Site-to-Site Configuration
Distributed and Scalable
Scale Easily
Pritunl servers can be easily distributed across multiple servers and different datacenters for improved performance, high availability and automatic failover when an instance fails.
Simple Distribution
All server communication and interconnecting is done with MongoDB allowing servers to be quickly connected without having to modify firewalls for inter-server communication.
High Availability
All Pritunl servers are equal in the cluster and can run independently in the event of other instances failing.
Distributed and Scalable
Subscription Plans
Pritunl is free to use with optional monthly subscriptions available to purchase for additional features. The enterprise license may be used on all the servers in the cluster and does not require a individual license for each server.
Free
$0/month
Premium
Each Pritunl host is billed at $10/month. The host can contain an unlimited number of VPN servers and unlimited number of users or connections
Create a gateway link to route traffic for a local network to a vpn client. Allowing the vpn clients to access the remote network that is available to the linked vpn client
Connect multiple gateway links to a Pritunl server and when a link goes down another available link will automatically be used
Per-user option to bypass secondary authentication such as two-factor authentication. For server users that can't provide a two-factor code
When clients connect with a Pritunl client, vpn setting changes such as port/protocol will be updated to allow the client to connect without needing to download a new configuration
$10/month
Enterprise
Each Pritunl host is billed at $70/month. The host can contain an unlimited number of VPN servers and unlimited number of users or connections
When a Pritunl instance fails the vpn servers running on the instance will automatically failover to another available Pritunl instance
Replicate a vpn server accross multiple Pritunl instances to easily scale horizontally to handle more user connections
Automatic VXLan management for replication across availability zones without layer 2 connectivity while still maintaining client-to-client communication
Easily create a site-to-site link between two Pritunl instances without any complicated configuration
Map connected vpn clients to dns domains such as user0.org0.vpn using a custom dns server that runs along with the Pritunl server
Optional advanced auditing of user and administrator related events for improved security and intrusion detection
Create tap servers that bridge the vpn clients to the servers local network interface. Allowing vpn clients to get an ip address on the servers local network
Site-to-site links with IPsec using pritunl-link client. Link client does not require database connection