How To Install Pritunl VPN Server on Fedora 42

Virtual Private Networks (VPNs) have become essential tools for securing network communications in today’s digital landscape. Pritunl, an open-source VPN server solution, offers a robust platform with an intuitive web interface that simplifies VPN management. This comprehensive guide will walk you through the complete process of installing and configuring Pritunl VPN Server on Fedora 42, providing you with a secure, reliable VPN infrastructure for your organizational needs.

Understanding Pritunl VPN

Pritunl is a powerful, enterprise-grade VPN server solution that combines simplicity with advanced functionality. Built as an open-source alternative to commercial VPN platforms, Pritunl provides a user-friendly web interface that makes VPN management accessible even to those with limited technical expertise.

Pritunl implements OpenVPN and WireGuard protocols, offering strong encryption standards to ensure your data remains secure during transmission. The architecture supports both single-server deployments for smaller organizations and distributed deployments for enterprises requiring high availability and scalability.

One of Pritunl’s key advantages over other VPN solutions is its comprehensive feature set, including multi-factor authentication, user management, and detailed access controls. These security measures, combined with its intuitive interface, make Pritunl an excellent choice for organizations of all sizes seeking to implement a reliable VPN infrastructure.

Prerequisites

Before proceeding with the installation process, ensure your system meets the following requirements:

• A Fedora 42 server with at least 1GB RAM and 10GB disk space
• Root or sudo access to the server
• A fully qualified domain name (FQDN) pointed to your server (recommended but optional)
• Unrestricted outbound internet access from your server
• Basic familiarity with Linux command-line operations

Your network configuration should allow traffic on the following ports:

• TCP port 443 (for the web interface)
• UDP port 1194 (default OpenVPN port)
• TCP port 80 (for Let’s Encrypt verification)
• UDP port 51820 (if using WireGuard)

Additionally, ensure that your server’s firewall is properly configured to allow these connections. Fedora uses firewalld by default, which we’ll configure later in this guide.

Preparing Your Fedora 42 System

The first step toward a successful Pritunl installation is preparing your Fedora 42 system. Begin by updating your system packages to ensure you’re working with the latest software versions and security patches.

sudo dnf update -y

After updating your system, install the necessary development tools and dependencies that Pritunl requires:

sudo dnf install -y dnf-plugins-core
sudo dnf install -y python3 python3-devel openssl-devel net-tools

Pritunl requires specific network kernel modules for optimal performance. Load these modules and configure them to start automatically after system reboots:

sudo modprobe ip_tables
sudo modprobe iptable_filter
sudo modprobe iptable_nat
echo "ip_tables" | sudo tee -a /etc/modules-load.d/pritunl.conf
echo "iptable_filter" | sudo tee -a /etc/modules-load.d/pritunl.conf
echo "iptable_nat" | sudo tee -a /etc/modules-load.d/pritunl.conf

For optimal performance and connection handling, adjust the system limits:

sudo sh -c 'echo "* hard nofile 64000" >> /etc/security/limits.conf'
sudo sh -c 'echo "* soft nofile 64000" >> /etc/security/limits.conf'
sudo sh -c 'echo "root hard nofile 64000" >> /etc/security/limits.conf'
sudo sh -c 'echo "root soft nofile 64000" >> /etc/security/limits.conf'

To ensure proper VPN functionality, configure the firewall to allow necessary traffic. Fedora 42 uses firewalld by default:

sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --add-port=1194/udp
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=51820/udp
sudo firewall-cmd --reload

Finally, if SELinux is enabled (which is recommended for enhanced security), configure it to allow Pritunl to operate correctly:

sudo setsebool -P httpd_can_network_connect 1

Installing MongoDB

Pritunl uses MongoDB as its database backend to store configuration data, user information, and operational statistics. Let’s install MongoDB 6.0 to ensure compatibility with Pritunl.

First, create a repository file for MongoDB:

sudo tee /etc/yum.repos.d/mongodb-org-6.0.repo << EOF
[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc
EOF

Now install MongoDB:

sudo dnf install -y mongodb-org

After installation, start the MongoDB service and enable it to launch automatically at system boot:

sudo systemctl start mongod
sudo systemctl enable mongod

Verify that MongoDB is running properly:

sudo systemctl status mongod

For optimal MongoDB performance with Pritunl, adjust the database configuration:

sudo tee /etc/mongod.conf << EOF
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log
net:
  port: 27017
  bindIp: 127.0.0.1
processManagement:
  timeZoneInfo: /usr/share/zoneinfo
EOF

Restart MongoDB to apply these changes:

sudo systemctl restart mongod

Adding Pritunl Repository

Now that MongoDB is installed and configured, let’s add the Pritunl repository to install the VPN server software.

Create a repository file for Pritunl:

sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/fedora/42/
gpgcheck=1
enabled=1
EOF

Import the Pritunl GPG key to verify package authenticity:

sudo gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp
sudo rpm --import key.tmp
rm -f key.tmp

If the keyserver is offline, you can alternatively download the key directly:

curl https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc | sudo rpm --import -

Update the package database to include the new repository:

sudo dnf update

Installing Pritunl Server

With the repository properly configured, installing Pritunl is straightforward:

sudo dnf install -y pritunl

To support WireGuard VPN protocol, also install the WireGuard packages:

sudo dnf install -y wireguard-tools

After installation, start the Pritunl service and enable it to launch at system boot:

sudo systemctl start pritunl
sudo systemctl enable pritunl

Verify that Pritunl is running correctly:

sudo systemctl status pritunl

To ensure the services are functioning properly, check the logs:

sudo journalctl -u pritunl -f

Initial Web Interface Setup

With Pritunl installed and running, you can now access the web interface to complete the setup process. Open your web browser and navigate to https://your-server-ip-address.

Since Pritunl initially uses a self-signed certificate, your browser will likely display a security warning. Proceed by clicking “Advanced” and then “Accept the Risk and Continue” (the exact wording may vary depending on your browser).

You’ll be presented with a setup screen asking for a setup key. To generate this key, run:

sudo pritunl setup-key

Copy the output key, paste it into the web interface’s setup key field, and click “Save”.

Next, you’ll see the login screen. To retrieve the default login credentials, run:

sudo pritunl default-password

This command will display the default username and password. Use these credentials to log in to the web interface.

After logging in for the first time, you’ll be prompted to change the default password. Choose a strong password that includes a mix of uppercase and lowercase letters, numbers, and special characters.

Configuring SSL/TLS Certificates

Secure communication between clients and your VPN server is critical. Pritunl initially uses a self-signed certificate, but for production use, it’s recommended to implement a valid SSL certificate.

Pritunl offers integrated Let’s Encrypt support, making it easy to obtain a free, trusted certificate. To use this feature:

1. Navigate to the “Settings” tab in the Pritunl web interface
2. Under the “Server” section, locate “Let’s Encrypt Domain”
3. Enter your server’s fully qualified domain name
4. Click “Save”

Alternatively, if you have an existing SSL certificate, you can upload it through the web interface:

1. Navigate to the “Settings” tab
2. Locate the “Server Certificate” and “Server Key” fields
3. Paste your certificate and key information
4. Click “Save”

After configuring SSL, the web interface will automatically restart. You’ll need to log in again, but this time with a secure, trusted connection.

Creating Organizations and Users

Pritunl uses organizations to group users logically. To create your first organization:

1. In the web interface, navigate to the “Users” tab
2. Click “Add Organization”
3. Enter a name for your organization (e.g., “MyCompany”)
4. Click “Add” to create the organization

Once you’ve created an organization, you can add users:

1. In the “Users” tab, select your organization from the list
2. Click “Add User”
3. Enter a username
4. Optionally, set an email address and PIN
5. Choose authentication options (e.g., enable two-factor authentication)
6. Click “Add” to create the user

The user will be added to your organization, but they won’t be able to connect until you create a server and link it to the organization.

Configuring Servers

In Pritunl, servers define the VPN connection parameters. To create a server:

1. Navigate to the “Servers” tab in the web interface
2. Click “Add Server”
3. Configure the following settings:
   • Name: A descriptive name for your server
   • Protocol: Choose between UDP (faster but can be blocked) and TCP (more reliable)
   • Port: The port number for VPN connections (default is 1194)
   • Virtual Network: The network range for VPN clients (e.g., 10.0.0.0/24)
   • DNS Servers: Specify DNS servers for VPN clients
4. Click “Add” to create the server

For advanced configurations, you can adjust additional settings such as:

• Intra-server networking for multi-server setups
• IPv6 support
• Compression settings
• Jumbo frames support

Each setting includes a helpful description in the interface to guide your configuration choices.

Attaching Organizations to Servers

After creating both an organization and a server, you need to link them together:

1. Navigate to the “Servers” tab
2. Click on the server you created
3. Click “Attach Organization”
4. Select the organization from the dropdown menu
5. Click “Attach” to link the organization to the server

You can attach multiple organizations to a single server, which is useful for creating different access levels or security zones. For each attachment, you can configure organization-specific settings such as:

• Network access rules
• DNS settings
• Routes

After attaching an organization, you need to start the server:

1. In the “Servers” tab, locate your server
2. Click “Start Server”

The server status will change to “Online” once it’s running properly.

Managing Network Routes

Proper routing is essential for VPN functionality. Pritunl allows you to configure routes through the web interface:

1. Navigate to the “Servers” tab
2. Select your server
3. Click on the “Routes” sub-tab
4. Click “Add Route”
5. Enter the network address (e.g., 192.168.1.0/24)
6. Enter the virtual network gateway (usually the first IP in your VPN subnet)
7. Click “Add” to create the route

For split tunneling, where only specific traffic goes through the VPN:

1. In the server settings, enable “Split Tunnel”
2. Add specific routes for the networks you want to access through the VPN
3. All other traffic will bypass the VPN

To test network connectivity after setting up routes:

1. Connect a client to the VPN
2. Attempt to ping resources on the configured routes
3. Check the Pritunl logs for any routing errors

Client Profile Generation

Once your server is running and organizations are attached, you can generate client profiles:

1. Navigate to the “Users” tab
2. Select a user
3. Click “Generate New Profile”
4. Select the server from the dropdown menu
5. Choose the profile format (inline or separate files)
6. Click “Generate” to create the profile

Pritunl offers several ways to distribute these profiles:

1. Download the profile directly
2. Email the profile to the user (if email is configured)
3. Generate a temporary download link
4. Display a QR code for mobile device scanning

For enhanced security, you can set profiles to expire after a certain period:

1. In the user settings, enable “Temporary Profile”
2. Set an expiration time (hours, days, or weeks)
3. Generate the profile as normal

When the profile expires, the user will need a new profile to connect.

Installing Pritunl Client

While Pritunl works with standard OpenVPN clients, the official Pritunl client offers additional features and a seamless experience. Clients are available for various platforms:

Linux

# For Fedora
sudo tee /etc/yum.repos.d/pritunl-client.repo << EOF [pritunl-client] name=Pritunl Client Repository baseurl=https://repo.pritunl.com/stable/yum/fedora/42/ gpgcheck=1 enabled=1 EOF sudo gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A sudo gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp
sudo rpm --import key.tmp
rm -f key.tmp

sudo dnf install pritunl-client-electron

Windows

1. Download the installer from the official website (https://client.pritunl.com)
2. Run the installer and follow the on-screen instructions
3. The Pritunl client will be installed and added to startup applications

macOS

1. Download the macOS package from the official website
2. Open the downloaded package and drag the Pritunl application to your Applications folder
3. Launch Pritunl from your Applications folder

Mobile Devices

• For Android: Download from Google Play Store
• For iOS: Download from Apple App Store

Connecting to Your VPN Server

Once you have installed the Pritunl client, connecting to your VPN server is straightforward:

1. Launch the Pritunl client application
2. Import your profile using one of these methods:
   • Drag and drop the profile file
   • Click “Import Profile” and select the file
   • Scan the QR code from the web interface
   • Use the profile URI link
3. Enter your PIN if configured
4. Click “Connect” to establish the VPN connection

To verify the connection is working:

1. Check the client status (it should show “Connected”)
2. Verify your IP address has changed (using a service like whatismyip.com)
3. Test access to resources on your internal network

If you encounter connection issues:

1. Check server and client logs
2. Verify firewall settings
3. Ensure the server is running

Security Best Practices

Implementing proper security measures is crucial for maintaining a secure VPN environment:

Two-Factor Authentication

Enable two-factor authentication for all users:

1. Navigate to the “Users” tab
2. Edit a user
3. Enable “Two-step Authentication”
4. Choose an authentication method (Google Authenticator, Duo, etc.)
5. Save the changes

Regular Updates

Keep your Pritunl server updated:

sudo dnf update pritunl mongodb-org

User Access Auditing

Regularly review user access logs:

1. Navigate to the “Logs” tab in the web interface
2. Filter by user, organization, or action
3. Look for unusual patterns or unauthorized access attempts

Server Hardening

Enhance your server’s security:

1. Limit SSH access using key-based authentication
2. Implement fail2ban to prevent brute-force attacks
3. Keep your Fedora system updated
4. Use a firewall to restrict unnecessary access

Advanced Configuration Options

For enterprises and advanced users, Pritunl offers additional configuration options:

Custom DNS Configuration

Configure custom DNS servers for VPN clients:

1. Navigate to the “Servers” tab
2. Edit your server
3. Enter DNS server IP addresses in the “DNS Servers” field
4. Click “Save”

Traffic Rules

Implement traffic rules to control data flow:

1. Navigate to the “Servers” tab
2. Select your server
3. Click the “Rules” sub-tab
4. Add rules to allow or deny specific traffic

Bandwidth Limitations

Set bandwidth limits for users or organizations:

1. Edit an organization
2. Set “Rate Limit” to restrict bandwidth
3. Click “Save”

Server Linking

For distributed deployments, link multiple Pritunl servers:

1. Navigate to the “Settings” tab
2. Configure “Server ID” and “Server API Key”
3. Use these credentials to link servers in different locations

Monitoring and Logging

Effective monitoring ensures your VPN operates smoothly:

Built-in Monitoring

Pritunl includes a dashboard with real-time statistics:

1. Navigate to the “Dashboard” tab to view:
   • Active users and connections
   • Server load and bandwidth usage
   • Recent events and alerts

Log Analysis

Review system logs to troubleshoot issues:

# View Pritunl logs
sudo journalctl -u pritunl -f

# View MongoDB logs
sudo journalctl -u mongod -f

Performance Monitoring

Monitor system performance to ensure optimal operation:

# Check system resource usage
top
htop

User Session Tracking

Track active user sessions:

1. Navigate to the “Users” tab
2. View the “Online” column to see active users
3. Click on a user to see detailed connection information

Backup and Recovery

Implementing a backup strategy is essential for disaster recovery:

Database Backup

Regularly back up your MongoDB database:

# Create a database backup
mongodump --out /var/backups/pritunl-$(date +%Y-%m-%d)

Configuration Backup

Export your Pritunl configuration:

1. Navigate to the “Settings” tab
2. Scroll to the “Backup” section
3. Click “Download Backup”
4. Store the backup file in a secure location

Disaster Recovery

In case of system failure:

1. Install Pritunl on a new server
2. Restore your MongoDB backup
3. Import your configuration backup
4. Verify settings and restart services

Troubleshooting Common Issues

Even with careful setup, issues may arise. Here are solutions to common problems:

Connection Failures

If clients can’t connect:

1. Check server status and logs
2. Verify firewall settings
3. Ensure the client profile is current
4. Check for network issues between client and server

Authentication Problems

If users can’t authenticate:

1. Reset user passwords or PINs
2. Verify two-factor authentication settings
3. Check for expired profiles
4. Ensure the user is attached to an active server

DNS Resolution Issues

If clients can’t resolve domain names:

1. Check DNS server settings in the server configuration
2. Verify that DNS traffic is permitted through the VPN
3. Try alternative DNS servers
4. Check client DNS configuration

Performance Optimization

If performance is slow:

1. Change from TCP to UDP protocol if possible
2. Adjust compression settings
3. Increase server resources
4. Check for bottlenecks in your network infrastructure

Congratulations! You have successfully installed Pritunl VPN. Thanks for using this tutorial for installing the Pritunl VPN Server on your Fedora 42 Linux system. For additional help or useful information, we recommend you check the official Pritunl website.