How to install the Pritunl VPN server on AlmaLinux

Pritunl is an open source VPN server you can easily install on your Linux servers to virtualize your private networks. This particular VPN solution offers a well-designed web UI for easy administration and management. All traffic between clients and server is encrypted and the service uses MongoDB, which means it includes support for replication.

I’ve walked you through the process of installing Pritunl on Ubuntu Server 20.04 and now I want to do the same with AlmaLinux 8.5. You should be able to get this VPN solution up and running in minutes.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

What you’ll need

To successfully install Pritunl on AlmaLinux, you’ll need a running/updated instance of the OS and a user with sudo privileges. You’ll also need a domain name that points to the hosting server (so users can access the VPN from outside your network). 

How to configure the firewall

The first thing we’ll do is configure the AlmaLinux firewall. Let’s start by allowing both HTTP and HTTPS traffic in with the commands:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

Then, we’ll reload the firewall with:

sudo firewall-cmd --reload

How to install MongoDB

Next, we’ll install the MongoDB database. Create a new repo file with:

sudo nano /etc/yum.repos.d/mongodb-org-4.4.repo

Paste the following into the new file:

[mongodb-org-4.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc

Note: There’s a newer version of MongoDB (version 5), but I have yet to successfully get it to install on AlmaLinux. Because of that, I’m going with version 4.4.

Save and close the file. 

Install MongoDB with:

sudo dnf install mongodb-org -y

Start and enable MongoDB with:

sudo systemctl enable --now mongod

SEE:
<strong>VPN and mobile VPN: How to pick the best security solution for your company</strong>

(TechRepublic Premium)

How to install Pritunl Server

Next, we’ll install Pritunl. Create the repo file with:

sudo nano /etc/yum.repos.d/pritunl.repo

In that file, paste the following:

[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/8/
gpgcheck=1
enabled=1

Save and close the file.

Install the EPEL repository with:

sudo dnf install epel-release -y

Import the Pritunl GPG keys with:

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp

Install Pritunl with the command:

sudo dnf install pritunl -y

When the installation completes, start and enable the service with:

sudo systemctl enable pritunl --now

How to increase the Open File Limit

To prevent connection issues to the Pritunl server when it’s under a higher load, we need to increase the open file limit. To do this, issue the following commands:

sudo sh -c 'echo "* hard nofile 64000" >> /etc/security/limits.conf'
sudo sh -c 'echo "* soft nofile 64000" >> /etc/security/limits.conf'
sudo sh -c 'echo "root hard nofile 64000" >> /etc/security/limits.conf'
sudo sh -c 'echo "root soft nofile 64000" >> /etc/security/limits.conf'

How to access the Pritunl web UI

Give the service a moment to start and then point a web browser to https://SERVER (where SERVER is either the IP address or domain of the hosting server). You should be greeted by the Pritunl database setup window (Figure A).

Figure A

To continue, you must generate a setup key with the command (run on the hosting server):

sudo pritunl setup-key

This will generate a random string of characters that you copy and paste into the Setup Key text area of the Pritunl database setup window. After pasting the key, click Save and wait for the database to be upgraded. You will then be presented with the Pritunl login window. Before you log in, you must retrieve the default login credentials with the command:

sudo pritunl default-password

The above command will print out both the username and password for you to use to log into the Pritunl web UI. Make sure to save those credentials. Once you’ve successfully logged in, you’ll be prompted to change the admin user’s password and complete the initial setup (Figure B).

Figure B

And there you go. You now have the Pritunl VPN server up and running on AlmaLinux 8.5. At this point, you can configure the server to meet the needs of your business and users.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.