DEV Community

Samuel Ajisafe
Samuel Ajisafe

Posted on

How to Setup Pritunl on Amazon Linux 2023 | Centos | RedHAT

Unlock Your Secure Network: A Step-by-Step Guide to Setting up Pritunl VPN on Amazon Linux 2023 🚀

Welcome back! Following the great feedback on my last guide for setting up Pritunl VPN on Ubuntu, I'm excited to dive into a new environment. This time, we're tackling Amazon Linux 2023, a fantastic choice given its long-term support (EOL is still years away). This guide will get your secure VPN server up and running, and I'll be sure to update it as new versions are released.

So, let's get started and secure your network! 🔒

Prerequisites: Setting the Stage 🛠️
Before we dive into the Pritunl setup, we need to ensure our system is ready. This involves installing Docker and Docker Compose, which we'll use to run Pritunl in a containerized environment. This approach is clean, efficient, and avoids conflicts with other software on your server.

Bash

# Install Docker
sudo dnf install -y docker

# Start and enable the Docker service
sudo systemctl start docker
sudo systemctl enable docker

# Add your user to the docker group to run Docker commands without sudo
sudo usermod -aG docker $USER

# Install Docker Compose as a plugin for the Docker CLI
sudo curl -SL https://github.com/docker/compose/releases/latest/download/docker-compose-linux-$(uname -m) -o /usr/libexec/docker/cli-plugins/docker-compose
sudo chmod +x /usr/libexec/docker/cli-plugins/docker-compose
Enter fullscreen mode Exit fullscreen mode

Note: After running the usermod command, it's best to log out and log back in (or run newgrp docker) for the changes to take effect.

Step 1: Configuring the System for VPN Traffic ⚙️
Pritunl requires specific system settings to handle VPN traffic correctly. We'll set up iptables rules and enable IP forwarding, which are crucial for routing traffic through the VPN tunnel.

Bash

Create a directory for our Pritunl configuration

mkdir pritunl && cd pritunl
Enter fullscreen mode Exit fullscreen mode

Allow traffic to and from the VPN tunnel interface (tun+)

sudo iptables -A FORWARD -i tun+ -j ACCEPT
sudo iptables -A FORWARD -o tun+ -j ACCEPT
Enter fullscreen mode Exit fullscreen mode

Install iptables-services to persist the rules

sudo dnf install -y iptables-services
sudo service iptables save
Enter fullscreen mode Exit fullscreen mode

Enable IP forwarding, which allows packets to be forwarded between interfaces

sudo sysctl -w net.ipv4.ip_forward=1
Enter fullscreen mode Exit fullscreen mode

Make this change permanent

echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
Enter fullscreen mode Exit fullscreen mode

Load the TUN module, which is essential for the VPN tunnel

sudo modprobe tun
Enter fullscreen mode Exit fullscreen mode

Make the TUN module persistent on reboots

echo 'tun' | sudo tee -a /etc/modules-load.d/tun.conf
Enter fullscreen mode Exit fullscreen mode

Step 2: Deploying Pritunl with Docker Compose 🐳
Now, let's define our Pritunl container using a docker-compose.yml file. This file simplifies the deployment process, ensuring all dependencies are handled correctly.

Bash

Open a text editor to create the docker-compose.yml file

sudo vi docker-compose.yml
Enter fullscreen mode Exit fullscreen mode

Paste the following configuration into the file:

services:
  mongodb:
    image: mongo:latest
    container_name: mongodb
    restart: always
    network_mode: host
    volumes:
      - mongodb_data:/data/db

  pritunl:
    image: jippi/pritunl
    container_name: pritunl
    privileged: true
    restart: always
    network_mode: host
    volumes:
      - pritunl_data:/var/lib/pritunl
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
      - SYS_ADMIN
    environment:
      - PRITUNL_MONGODB_URI=mongodb://localhost:27017/pritunl
    depends_on:
      - mongodb
Enter fullscreen mode Exit fullscreen mode

Save the file and exit the editor. Now, launch the container with a single command:

Bash

docker compose up -d
Enter fullscreen mode Exit fullscreen mode

This command will download the Pritunl image and start the container in the background.

Step 3: Initial Setup & Configuration ✨
With the container running, we need to retrieve the initial setup key and default credentials to access the web interface.

Bash

Retrieve the Pritunl setup key

docker exec pritunl pritunl setup-key
Enter fullscreen mode Exit fullscreen mode

Retrieve the default username and password

docker exec pritunl pritunl default-password
Enter fullscreen mode Exit fullscreen mode

Note down these credentials carefully. Now, navigate to your server's public IP address <https://ip-address> in a web browser. You'll be prompted to enter the setup key and then the default credentials to log in. The Port 443 must be Open on security Group

Once inside the Pritunl admin console, you can create a new Server, add a User, and start the server. The final step is to create a crucial NAT rule to allow traffic to exit your server.

While creating the Server, note down 2 things, UDP port and Virtual Network, UDP Port must be open on the EC2 Security Group, and the Virtual Network must be open must be used in the next command

This rule ensures VPN traffic can be routed out to the internet
Replace 192.168.248.0/24 with your Pritunl server's network range if you change it
Replace eth0 with your server's primary network interface

sudo iptables -t nat -A POSTROUTING -s 192.168.248.0/24 -o eth0 -j MASQUERADE
Enter fullscreen mode Exit fullscreen mode

Step 4: Final Touches on AWS ☁️
If you're hosting this on AWS, you must open the necessary ports in your security group to allow clients to connect.

HTTPS (TCP 443): Required for the Pritunl web interface and VPN connection.

OpenVPN Ports (UDP): Pritunl uses a range of ports for its VPN tunnels. Check your server's configuration and open those specific ports. The default is often UDP 1194, but Pritunl can use others.

By completing these steps, you've successfully deployed a robust and secure Pritunl VPN server. You can now download the client configuration file from the web interface and connect to your new private network.

If you have any questions or run into issues, drop a comment below. Happy securing!

pritunl #vpn #vpnserver #amazonlinux2023 #centos #redhat #docker #dockercompose #openvpn #devops #linux #cloud #aws #tutorial #security #technology #howto

Top comments (0)