Pritunl as an alternative to classical OpenVPN connections
Local VPN or Cluster
Of course, Pritunl can handle the basic operation modes. For example, you can use the VPN server as a simple gateway if typical network address translation is not an option for some reason. The connection then becomes the default route: All traffic from the Internet and to the Internet is routed via an appropriately encrypted connection in Pritunl – and the solution can handle both IPv4 and IPv6.
That said, a gateway setup of this kind is not very exciting. Typical VPN setups are no problem for Pritunl, though: A user who is connected to Pritunl can use this connection to access all the computers on the private network behind the server. This optionally relies on tunneling or bridging, the difference simply being whether the VPN client directly becomes part of the private network or Pritunl visibly acts as a broker between the two networks. For the technically more elegant bridge mode, you would need an enterprise license.
Neither setup variant offers any notable benefits compared with OpenVPN, but this is not true of the option to connect multiple Pritunl servers. On the one hand, the computers behind the servers then see each other directly, thanks to Pritunl; this more or less creates a large virtual network segment. On the other hand, clients that connect to servers see all other clients in both parts of the network.
This option is very practical for enterprises that have their data distributed across multiple locations. Using the VPN link, all the servers and clients involved can communicate freely. This type of setup requires a MongoDB cluster, however. The individual MongoDB instances thus need to replicate their data autonomously in the background. The local Pritunl instances each connect to their own MongoDB database.
On its website, Pritunl avidly promotes its integrated support for products by Ubiquiti. Under the EdgeMAX brand name, Ubiquiti distributes various routers and switches in the semiprofessional sector. Pritunl comes with an EdgeMAX plugin that installs directly on the devices. After this, the existing Pritunl instances talk directly to the EdgeMAX routers and configure them according to the administrator's specifications.
Scalability and Availability
VPN servers tend to be bottlenecks: If hundreds of users connect to the service at the same time, it can quickly break a sweat. Pritunl prevents this problem by allowing administrators to run various VPN servers in different Pritunl instances on multiple servers. If you need more than one VPN entry point, simply use more than one server.
The Pritunl developers are currently thinking about the topic of high availability. The infrastructure for this is already in place. Thanks to the use of MongoDB and its clustering functionality, the datasets in the cluster are identical for every server. No matter how many Pritunl instances are active – and no matter what hardware they run on – every cluster always knows which partners it has.
Pritunl tackles the topic of high availability in a very effective way: If an instance in the cluster fails, Pritunl automatically restores it on different hardware, and the IP address of the VPN instance migrates with it.
Completely unnoticed by most administrators, Pritunl has its own miniature DNS server. It automatically assigns clients an unofficial DNS name under which the client is accessible in the VPN. The username is based on the pattern <user>.<organization>.vpn
. DNS queries to the .vpn
domain are fielded and responded to by Pritunl.
Free Software?
The Pritunl website advertises the Pritunl client for various operating systems as "Open Source VPN"; however, in the case of the server – and this is without a doubt the more important component – the "Open Source" label is missing. A glance at the server's license file reveals why the authors of Pritunl are more cautious with the label when it comes to their server.
The license lists several things that Pritunl users are not allowed to do, including not passing on Pritunl source code with their own modifications to other users. All told, the Pritunl server license is a document that even less zealous friends of free software are likely to criticize. Free in the sense of the FLOSS definition, the Pritunl server is not. Whether or not this is a problem is something everyone needs to decide for themselves.
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs