Secure Remote Connections to AWS Resources using Pritunl -(Part-1)

Pritunl is an open-source VPN (Virtual Private Network) server software that facilitates secure and scalable remote access to a network. It enables users to connect to a private network securely over the internet, ensuring that data transmitted between the user’s device and the network is encrypted.

Key Features and Benefits of Pritunl:

1. Open Source: Pritunl is free to use and open-source, which means its source code is publicly available for anyone to inspect, modify, and enhance.
2. Ease of Use: It offers a user-friendly web interface for easy management and configuration of VPN servers and clients.
3. Scalability: Pritunl is designed to handle a large number of VPN connections, making it suitable for both small businesses and large enterprises.
4. Integration with AWS: Pritunl can be easily deployed on AWS, allowing users to leverage AWS’s infrastructure to host their VPN server.
5. Security: It employs strong encryption methods to secure data and supports multi-factor authentication for an added layer of security.

Problem Statement:

When it comes to remotely accessing private resources, open-source solutions like OpenVPN and AWS-provided Client VPN are popular choices. However, these come with limitations. OpenVPN allows only two users to connect by default, and scaling up requires purchasing additional licenses, which increases costs. AWS Client VPN, while capable of handling many users, charges based on the duration of user connections, leading to potentially high bills.

For a requirement where secure access is essential and a maximum number of users need to connect without incurring additional costs, Pritunl presents an ideal solution. Pritunl is an open-source VPN server that can be deployed on AWS, offering robust security and scalability without the added expense of licenses or usage-based billing.

In this blog, I will explain how to install and configure Pritunl on an AWS environment.

Step-1. Create an Ubuntu Machine

• Launch an Ubuntu 22.04 instance on AWS.
• In the security group, open the following ports: 80, 443, and 1194.
• Update and upgrade the package list as the root user:

Fig-1

2. Install and Configure Pritunl and MongoDB

• Follow the installation instructions from the Pritunl documentation to install Pritunl and MongoDB.

Fig-2

3. Access Pritunl Web Interface

• Once Pritunl is installed, find the server’s public IP address.
• Open a web browser and navigate to the server’s IP address.

4. Setup Key Authentication

• The web interface will prompt you for a setup key.

Fig-3

• Retrieve it from the Pritunl server using below command:

pritunl setup-key

• Enter this key in the web interface to proceed.

Fig-4

5. Enable Database and Authentication

• After entering the setup key, the system will enable the database(MongoDB) and complete the initial configuration.Once you logged in the URL it will appear like below.

Fig-5

6. Retrieve Default Credentials

• Get the default username and password using the following command in the Pritunl server:

sudo pritunl default-password

• The default username is pritunl. You can change this upon first login.

Fig-6

• After succeessfully login the Pritunl page will appear like below.

Fig-7

7. Create Organization

• After logging in, navigate to the “Users” tab and then click on “Add organization” and provide the respective name.This serves as a container for your VPN users and policies.

Fig-8

8. Create Users and Enable MFA

• To Create Users Click on “Add User” tab and provide the name of the User and add the pin for the user. The PIN will be numbers not any letters.

Fig-9

9. Create and Configure Server

• Create a server and assign it to the organization you created earlier.While adding server ypu can enable MFA.
• Start the server to initiate the VPN service.

Fig-10

Fig-11

10. Validate VPN Connectivity

• To test the VPN, create a private instance in AWS.
• Download the .ovpn file for a user from the Pritunl interface.

Fig-12

• Import the .ovpn file into any VPN client.

Fig-13

• Connect to the VPN using the username, password, and MFA code.

Fig-14

11. Test Connectivity

• Once connected to the VPN, try to ping the private instance using its private IP address to verify the setup.

Fig-15

Conslusion:

Pritunl offers a powerful and cost-effective solution for establishing secure remote access to your private network. By leveraging its open-source nature and seamless integration with AWS, you can deploy a scalable VPN service without the additional costs associated with commercial alternatives like OpenVPN and AWS Client VPN.

Setting up Pritunl on AWS involves a straightforward process of configuring an Ubuntu instance, installing necessary packages, and managing users and organizations through an intuitive web interface. With features like multi-factor authentication and easy user management, Pritunl ensures that your network remains secure while providing flexibility for multiple users to connect simultaneously.

By following this guide, you now have the tools to implement a robust VPN solution that meets your security needs and supports unlimited user connections without incurring extra costs. Embrace Pritunl for your VPN needs and enjoy the peace of mind that comes with secure and reliable remote access.