• December 30, 2025

Cobra Softwares Blog

Tech blog for new era

Vultr Marketplace

How to Use Vultr’s Pritunl Marketplace Application

How to Use Vultr’s Pritunl Marketplace Application

Install and configure a Pritunl VPN on Vultr with secure access and client connectivity.

Pritunl is an open-source VPN server and management platform that supports both OpenVPN and WireGuard protocols. It provides an intuitive web interface for creating and managing VPN users, organizations, and servers with enterprise-grade security features including two-factor authentication, audit logging, and centralized user management. The Vultr Marketplace provides a pre-configured Pritunl instance on Ubuntu, enabling quick deployment and setup on a Vultr server.

This guide explains deploying and using Vultr’s Pritunl Marketplace Application. You will deploy an instance, configure DNS and SSL, set up organizations and users, connect VPN clients, and implement best practices for production deployments.

Deploy Vultr’s Pritunl Marketplace Application

  1. Log in to your Vultr Customer Portal and click the Deploy Server button.
  2. Select your preferred server type.
  3. Choose a server location.
  4. Select a server plan with at least 1GB RAM and 1 CPU core for small teams, or 2GB RAM and 2 CPU cores for larger deployments.
  5. Click the Configure button to proceed.
  6. Under Marketplace Apps, search for Pritunl and select it as the Marketplace Application.
  7. Select the Limited Login option from the Additional Features section to create a limited user with sudo access.
  8. Review your configurations and click the Deploy Now button to start deployment.
    Note

    It may take up to 10 minutes for your server to finish installing Pritunl.

  9. After the instance shows the status of Running, navigate to the Server Overview page and copy the SSH connection details.

Initial Setup and Configuration

After deployment, configure DNS, verify the installation, and secure your Pritunl instance with SSL/TLS before allowing VPN connections.

  1. Create a DNS A record pointing to your server’s IP address, such as vpn.example.com.
  2. Connect to your Vultr server instance over SSH using the connection details from the Server Overview page.

Verify Pritunl Installation

  1. Check the Pritunl service status.
    console
    $ sudo systemctl status pritunl

    The service should show as active (running).

  2. Check the MongoDB service status.
    console
    $ sudo systemctl status mongod

    MongoDB is required for Pritunl’s database and should also show as active (running).

  3. Retrieve the default admin password.
    console
    $ sudo pritunl default-password

    Note the username and password for initial login.

Configure Firewall Security

Secure your server by configuring the firewall to allow only necessary traffic.

  1. Allow SSH connections.
    console
    $ sudo ufw allow OpenSSH
  2. Allow HTTP and HTTPS traffic for the web interface and Let’s Encrypt.
    console
    $ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
  3. Allow the default OpenVPN port.
    console
    $ sudo ufw allow 10447/udp
  4. Enable the firewall.
    console
    $ sudo ufw enable
  5. Verify firewall status.
    console
    $ sudo ufw status

Secure Pritunl with SSL/TLS

Protect your Pritunl web interface with HTTPS using Let’s Encrypt certificates.

  1. Open your web browser and navigate to https://YOUR_SERVER_IP.

    You’ll see a browser warning because of the self-signed certificate. Bypass it to continue.

  2. Log in with the default credentials:
    • Usernamepritunl
    • Password: Retrieved from sudo pritunl default-password
  3. On the Initial Setup screen:
    • Enter a new strong password for the admin account
    • Enter your assigned FQDN in the Let’s Encrypt Domain field (e.g., vpn.example.com)
    • Leave other fields at their defaults
    • Click Save
  4. Pritunl will request and install a valid SSL certificate via Let’s Encrypt.
  5. Log out and access the web interface using your domain: https://vpn.example.com.
  6. Log in again with your updated password and verify the SSL certificate is valid in your browser.

[!TIP] If you prefer to use a commercial SSL certificate, upload your certificate files to /etc/ssl/certs/pritunl.crt and /etc/ssl/private/pritunl.key, set appropriate permissions with sudo chmod 600 /etc/ssl/private/pritunl.key, and restart Pritunl with sudo systemctl restart pritunl.

Configure VPN Environment

Set up your VPN infrastructure by creating organizations, users, and VPN servers through the Pritunl web interface.

Create an Organization

  1. Log in to the Pritunl web interface at https://vpn.example.com.
  2. Click Users in the top navigation bar.
  3. Click Add Organization.
  4. Enter a name for your organization (e.g., “Engineering Team”).
  5. Click Add to create the organization.

Create VPN Users

  1. Click Add User.
  2. Enter a username for the VPN user.
  3. Enter a numeric PIN (at least six digits) for two-factor authentication.
  4. Select the organization the user belongs to.
  5. Click Add to create the user.
  6. Repeat for additional users as needed.

Create a VPN Server

  1. Click Servers in the top navigation.
  2. Click Add Server.
  3. Configure server settings:
    • Name: Enter a descriptive server name (e.g., “Primary VPN”)
    • Port: 10447 (default, or choose a custom port)
    • Protocol: UDP (recommended for performance)
    • DNS Server: Leave default or specify custom DNS (e.g., 1.1.1.1)
  4. Click Add to create the server.
  5. Click Attach Organization to link users to the server.
  6. Select your organization and click Attach.
  7. Click the green Start Server button to launch the VPN server.
  8. Verify the server status shows Online.

Connect VPN Clients

Download client profiles and connect to your VPN server using OpenVPN clients.

Download Client Profile

  1. In the Pritunl web interface, click Users in the top navigation.
  2. Click the Download icon next to the user profile.
  3. Download the OpenVPN configuration archive (.tar file).
  4. Extract the archive to access the .ovpn file.

Connect with OpenVPN Client

  1. Download and install the official OpenVPN Connect client for your operating system.
  2. Launch the OpenVPN client.
  3. Import the .ovpn file from the extracted archive.
  4. When prompted, enter your username and PIN.
  5. Click Connect to establish the VPN connection.
  6. Verify the connection by visiting whatismyip.com and confirming your IP address matches the Pritunl server.

Connect with WireGuard (Optional)

Pritunl also supports WireGuard for improved performance.

  1. In the Pritunl web interface, navigate to Servers.
  2. Edit your server and enable WireGuard support.
  3. Download the WireGuard profile from the user’s profile page.
  4. Install the WireGuard client and import the configuration.

Explore Pritunl Features

Pritunl provides enterprise-grade VPN management features through its web interface.

User Management

  1. Navigate to Users to view all VPN users.
  2. Click a user to view connection status, session history, and statistics.
  3. Disable or delete users as needed.
  4. Reset user PINs if they forget their credentials.

Server Monitoring

  1. Navigate to Servers to monitor VPN server status.
  2. View real-time connection statistics including:
    • Active connections
    • Data transferred
    • Client IP addresses
  3. View server logs for troubleshooting.

Organization Management

  1. Create multiple organizations for different teams or departments.
  2. Assign users to specific organizations.
  3. Attach organizations to specific VPN servers for access control.

Best Practices and Configuration

Implement these recommendations to ensure your Pritunl VPN server runs securely and efficiently.

Security Hardening

  1. Enforce strong PINs for all users (minimum 6 digits).
  2. Enable two-factor authentication for administrative access.

    Navigate to Settings and configure Google Authenticator or similar.

  3. Regularly rotate user credentials and PINs.
  4. Review audit logs periodically.

    Navigate to Logs to view connection attempts and administrative actions.

  5. Keep Pritunl updated.
    console
    $ sudo apt update
$ sudo apt upgrade pritunl -y
  6. Use unique ports for VPN servers to avoid common port scanning.
    console
    $ sudo ufw allow YOUR_CUSTOM_PORT/udp

Performance Optimization

  1. Use UDP protocol for better performance (default).
  2. Enable WireGuard for improved throughput on supported clients.
  3. Adjust MTU settings if experiencing connection issues.

    Edit server settings and adjust the MTU value (default 1500).

  4. Monitor server resources.
    console
    $ htop
$ df -h

Backup Configuration

  1. Back up the Pritunl configuration and MongoDB database.
    console
    $ sudo tar -czf /root/pritunl-backup-$(date +%F).tar.gz /var/lib/pritunl /etc/pritunl.conf
$ sudo mongodump --out /root/mongodb-backup-$(date +%F)
  2. Schedule automated backups with cron.
    console
    $ sudo crontab -e

    Add:

    0 2 * * * tar -czf /root/pritunl-backup-$(date +\%F).tar.gz /var/lib/pritunl /etc/pritunl.conf
  3. Store backups offsite using Vultr Object Storage or similar.

Troubleshooting

This section covers common issues and diagnostic commands to help resolve problems with your Pritunl VPN server.

Check Service Status and Logs

  1. Verify Pritunl service is running.
    console
    $ sudo systemctl status pritunl
$ sudo systemctl status mongod
  2. View Pritunl logs.
    console
    $ sudo journalctl -u pritunl -e
$ sudo tail -f /var/log/pritunl.log
  3. View MongoDB logs.
    console
    $ sudo journalctl -u mongod -e

Common Issues

Cannot Access Web Interface

  1. Verify Pritunl service is running.
    console
    $ sudo systemctl status pritunl
  2. Check firewall allows HTTPS traffic.
    console
    $ sudo ufw status | grep 443
  3. Verify the server is listening on port 443.
    console
    $ sudo netstat -tulpn | grep 443
  4. Restart Pritunl if needed.
    console
    $ sudo systemctl restart pritunl

VPN Connection Fails

  1. Verify the VPN server is running in the web interface (should show Online).
  2. Check firewall allows the VPN port.
    console
    $ sudo ufw status | grep 10447
  3. Verify client credentials (username and PIN) are correct.
  4. Check server logs for connection errors.
    console
    $ sudo journalctl -u pritunl -e | grep -i error
  5. Ensure the client’s .ovpn profile is up to date.

SSL Certificate Issues

  1. Verify DNS is properly configured.
    console
    $ dig vpn.example.com
  2. Check Let’s Encrypt certificate status in the web interface under Settings.
  3. Ensure ports 80 and 443 are open for certificate renewal.
    console
    $ sudo ufw status | grep -E "80|443"
  4. Manually renew the certificate by re-entering the domain in Settings and saving.

MongoDB Connection Errors

  1. Verify MongoDB is running.
    console
    $ sudo systemctl status mongod
  2. Check MongoDB logs for errors.
    console
    $ sudo journalctl -u mongod -e
  3. Restart MongoDB and Pritunl.
    console
    $ sudo systemctl restart mongod
$ sudo systemctl restart pritunl

Use Cases

Pritunl provides a versatile VPN solution for various scenarios:

  • Secure Remote Access: Allow remote employees to securely connect to internal infrastructure, cloud resources, and private networks from anywhere.
  • Team VPN Management: Manage multiple users with centralized authentication, organization grouping, and comprehensive audit logging for compliance.
  • Self-Hosted VPN Alternative: Replace third-party VPN services with a private, fully controlled VPN instance with no subscription fees.
  • Multi-Site Connectivity: Connect multiple office locations or cloud regions through VPN server peering and site-to-site connections.
  • Encrypted Public Wi-Fi Access: Protect sensitive data while connected to public or untrusted networks by routing all traffic through your VPN.
  • Geographic Access Control: Route traffic through specific Vultr regions to access geo-restricted services or test region-specific content.

Conclusion

In this guide, you deployed Vultr’s Pritunl Marketplace Application and configured it for production use. You secured the server with firewall rules and SSL/TLS certificates, created organizations and users, configured VPN servers, and connected clients using OpenVPN. You also implemented best practices including security hardening, performance optimization, and backup procedures. With Pritunl’s enterprise-grade features and Vultr’s infrastructure, you can manage secure VPN access for teams and organizations with centralized user management, multi-protocol support, and comprehensive audit logging.

Leave a Reply

Your email address will not be published. Required fields are marked *