VPN 📖 20 min read

Pritunl VPN Deployment

The first time I deployed Pritunl, MongoDB ate all the RAM on a 1GB DigitalOcean droplet and the OOM killer took everything down within 18 hours. SSH stopped responding. I had to use the console recovery in the DO dashboard to get back in, and by then mongod had already been killed and restarted twice, corrupting the Pritunl config in the process. I rebuilt the whole thing on a 2GB instance, and then immediately ran into a port 443 conflict with the Nginx reverse proxy that was already sitting on that box. Two evenings gone. What follows is the deployment process that actually survived.

So here's what you need to know before deploying:

  • Do not attempt this on a 1GB instance. MongoDB alone will consume 300-400MB, and Pritunl needs room on top of that. 2GB minimum, no exceptions.
  • If anything else is already listening on port 443, you need to sort that out before install. Pritunl's web console defaults to 443 and doesn't fail gracefully when the port is taken.
  • Pritunl is easier than OpenVPN to manage. That's the entire reason to use it. The web UI handles user provisioning, certificate generation, and access revocation without you ever touching the command line for day-to-day operations.

Installation (Ubuntu/Debian)

Add Repositories

# Add MongoDB repo
curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | sudo gpg --dearmor -o /usr/share/keyrings/mongodb.gpg
echo "deb [signed-by=/usr/share/keyrings/mongodb.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list

# Add Pritunl repo
curl -fsSL https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc | sudo gpg --dearmor -o /usr/share/keyrings/pritunl.gpg
echo "deb [signed-by=/usr/share/keyrings/pritunl.gpg] https://repo.pritunl.com/stable/apt jammy main" | sudo tee /etc/apt/sources.list.d/pritunl.list

Install

sudo apt update
sudo apt install pritunl mongodb-org

# Start and enable services
sudo systemctl start mongod pritunl
sudo systemctl enable mongod pritunl

Initial Setup

Get the setup key: 

sudo pritunl setup-key

Navigate to https://YOUR_IP and enter the setup key.

Get the default credentials: 

sudo pritunl default-password

Login and change the password immediately.

Configure Settings

Settings (gear icon):

  • Public Address - Set your server's public IP or domain
  • Web Console Port - Default 443, change if needed
  • Lets Encrypt Domain - Enable for automatic SSL

Create Server and Organization

Organization

Users → Add Organization

Organizations group users. Create at least one.

Server

Servers → Add Server

  • Name: Something descriptive
  • Port: Default 1194 (or use 443 for firewall bypass)
  • Protocol: UDP for speed, TCP for restrictive networks
  • Network: VPN subnet (10.x.x.x/24)

Attach your organization to the server.

Add Users

Users → Add User (select organization)

Each user gets their own profile. Click the download icon to get their.ovpn config file.

Users can also download directly from https://YOUR_IP/key/USER_KEY

Start Server

Servers → Select server → Start Server (play button)

Open firewall port: 

sudo ufw allow 1194/udp

Client Connection

Users download the profile link and import into any OpenVPN client:

  • Download profile from user's key URL
  • Import into OpenVPN Connect (or similar)
  • Connect

WireGuard Mode

Pritunl now supports WireGuard. When creating a server, select WireGuard instead of OpenVPN.

WireGuard clients get a different config format. Mobile apps scan QR codes directly from the Pritunl interface.

User Management

The real value of Pritunl is easy user management:

  • Disable users - Instant access revocation
  • Pin codes - Add 2FA requirement
  • Multiple profiles - Different access per device
  • Usage stats - See who's connected

Firewall Rules

# Enable IP forwarding
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

# If using UFW
sudo ufw allow 1194/udp
sudo ufw allow 443/tcp

Logs and Monitoring

Servers → Select server → Logs

See connection history, errors, and handshake activity.

Updates

sudo apt update
sudo apt upgrade pritunl

Pritunl pushes updates frequently. I run this on the first of the month.

Warning: If MongoDB crashes or gets OOM-killed while Pritunl is running, your server config can silently corrupt. Pritunl won't tell you — it'll just show an empty servers page after reboot. Keep a mongodump cron job running nightly so you can restore without rebuilding from scratch.

📚 Related Tutorials

Linux Package Management Docker Installation Guide AWS EC2 Deployment

💬 Comments