pritunl
simple vpn server
Pritunl is a free and open source application to create and manage multiple vpn servers with a web interface.

Features

Screenshots

Screenshot 1 Screenshot 2 Screenshot 3 Screenshot 4 Screenshot 5 Screenshot 6 Screenshot 7

Install

Select vps provider

1
Login and click "Create Droplet"
2
Enter a hostname for the server
3
Select the region that is closest to you
4
Select "Ubuntu 12.04 x32" under "Linux Distributions"
5
Click "Create Droplet"
6
Login into the server using the password that is emailed to you
1
Login and choose the datacenter closest to you for the new server
2
Select "Ubuntu 12.04 LTS" in the distribution menu
3
Enter a root password and click "Rebuild"
4
Select the server in the "Linodes" section
5
Click "Boot" to start the server
6
Login into the server using the root password
1
Login to the AWS Management Console and goto "EC2" page
2
Click "Launch Instance" then select "Quick Launch Wizard"
3
Enter a name for the new instance
4
Select "Create New" key pair and enter a name for the new keypair
5
Chen "Download" to download the new key pair
6
Select "Ubuntu Server 12.04.2 LTS" and click "32 bit"
7
Click "Continue" then "Launch". Then click "Close" and goto the list of instances
8
Right click the new instance and click "Connect"
9
Click "Connect with a standalone SSH Client"
10
Follow the instructions to login

Select linux distribution

1
Update package list
apt-get update
2
Install "add-apt-repository"
apt-get install -y python-software-properties
3
Add pritunl repository
add-apt-repository ppa:pritunl/ppa
4
Update package list
apt-get update
5
Install pritunl
apt-get install -y pritunl
6
Use
apt-get upgrade -y
to update when a new version is released
1
Download
curl -O https://aur.archlinux.org/packages/pa/package-query/package-query.tar.gz
2
Download
curl -O https://aur.archlinux.org/packages/ya/yaourt/yaourt.tar.gz
3
Extract archive
tar zxf package-query.tar.gz
4
Extract archive
tar zxf yaourt.tar.gz
5
Change directory
cd package-query
6
Synchronize package databases
pacman -Sy
7
Build and install package-query
makepkg -si --asroot
8
Change directory
cd ../yaourt
9
Build and install yaourt
makepkg -si --asroot
10
Install pritunl
yaourt -S pritunl
11
Start pritunl service
systemctl start pritunl.service
12
Enable pritunl service to autostart
systemctl enable pritunl.service
13
Use
yaourt -Syua
to update when a new version is released
1
Python 2.7 is required to run pritunl
2
Install devel packages
yum install gcc make openssl-devel lzo-devel pam-devel
3
Get source
curl -O http://swupdate.openvpn.org/community/releases/openvpn-2.3.2.tar.gz
4
Extract openvpn source
tar zxf openvpn-2.3.2.tar.gz
5
Change to source directory
cd openvpn-2.3.2
6
Configure openvpn source
./configure --prefix=/usr/local
7
Build openvpn
make
8
Install openvpn
make install
9
Install pritunl
pip install pritunl
10
Start pritunl service
start pritunl
11
Use
pip install --upgrade pritunl
to update when a new version is released. When upgrading with pip
/etc/pritunl.conf
will be overwritten so a backup will need to be created before upgrading

Configure pritunl

1
Goto the servers IP address on port 9700
https://<SERVER_ADDRESS>:9700/
2
Enter default username "admin" and default password "admin"
3
Click "Change Password" and enter a new password then click "Change"
4
Goto the "Users" tab
5
Click "Add Organization" and enter a name for the organization then click "Add"
6
Click "Add User" and enter a name for the user then click "Add"
7
Goto the "Servers" tab
8
Click "Add Server" and enter a name for the server then click "Add"
9
Click "Attach Organization" then click "Attach"
10
Click "Start Server"

Enable optional two-step authentication

1
Goto the "Servers" tab
2
Click "Stop Server" if it is running
3
Click on the servers name to open the server settings
4
Click "Enable Two-Step Authentication"
5
Click "Save" to save the server settings
6
Click "Start Server"
7
Goto the "Users" tab
8
Click the QR-Code icon to get the two-step authentication key
9
Install "Google Authenticator" on a mobile device
10
Open "Google Authenticator" and click "Set up account"
11
Select "Scan a barcode" or "Enter provided key"
12
Scan the barcode or enter the key in the "Two-Step Authentication Key" dialog
13
Use the authenticator code as the password when connecting to the vpn server

Select client platform

1
Goto the "Users" tab
2
Click the icon on the far right of the user created earlier to download the key
3
Install openvpn
sudo apt-get install openvpn
4
Change to the directory containing the downloaded key archive
cd ~/Downloads
5
Extract the user files
sudo tar xf user*.tar -C /etc/openvpn
6
Change the ovpn file extension
sudo rename 's/\.ovpn$/.conf/' /etc/openvpn/*.ovpn
7
Restart the openvpn service to connect
sudo /etc/init.d/openvpn restart
1
Goto the "Users" tab
2
Click the icon on the far right of the user created earlier to download the key
3
Download the OpenVPN Desktop Client
4
Run the installer to install the client
5
Extract the client files from the downloaded key archive using 7-Zip
6
Launch the OpenVPN Client
7
Click the "+" button next to "Connection Profiles"
8
Select "Local file" and click "Import"
9
Browse to the directory containing the extracted client files and open the ovpn file
10
Click "Save" then click on the new profile under "Connection Profiles" to connect
1
Goto the "Users" tab
2
Click the second icon from the right of the user created earlier to get the key link
3
Open the second temporary url to view the key in the android browser
4
Hold and select the "Download Mobile Key" then click "Save link"
5
Install the "OpenVPN Connect" app from the Google Play store
6
Launch "OpenVPN Connect" and select "Import" from the application menu
7
Select "Import Profile from SD card"
8
Open the "Download" directory and select the ovpn file downloaded earlier
9
Click "Select" then click "Connect" to connect to the server

Frequently Asked Questions

Q
Is the demo a real installation?
A
The demo uses javascript to emulate the functionality of the python server available in a real installation. All of the data is stored locally and is reset when the page is reloaded. Some functionality is missing from the demo
Q
Can only lan traffic be routed trough the vpn server?
A
By default the servers will route all traffic trough the vpn tunnel. This can be changed in the server settings by selecting "Local Traffic Only" and entering the network address and subnet mask of the local network such as "192.168.0.0/24" or "10.0.0.0/8". This will route only traffic destined to the local network
Q
What is the default login and password?
A
The default login and password is "admin"
Q
How can the users and servers be backed up?
A
All data is stored in
/var/lib/pritunl
. A backup can be downloaded by logging into the web interface and opening
https://<SERVER_ADDRESS>:9700/export
. To restore stop the pritunl service and remove any existing files in
/var/lib/pritunl
then extract the backup archive to the directory. Then start the pritunl service
Q
What default ssl options are used?
A
The client and server keys are 4096bit RSA, SHA1 MD. This can be changed by adding
key_bits=4096
to the conf file
/etc/pritunl.conf
Q
Where is the pritunl log file located?
A
The log file is located at
/var/log/pritunl.log
Q
Where are the ssl certificates located?
A
All the certificates and conf files are stored in
/var/lib/pritunl
Q
How can bugs be reported?
A
Bugs can be reported on the GitHub Issues page
Q
Can the user keys be downloaded with wget?
A
A button next to the users status can be used to generate a temporary url for the user key that can be downloaded without authenticating using an application like wget
Q
Do the openvpn servers autostart on reboot?
A
Yes, this can be disabled by adding
auto_start_servers=false
to
/etc/pritunl.conf
Q
How can a user be removed from the server?
A
Deleting a user will automatically restart any server's available to the user disconnecting the user and then disable the user's certificate
Q
When will user keys need to be redownloaded?
A
User keys will need to be updated after attaching the users organization to a server or when a servers public ip or port is changed
Q
How is the two-step authentication code validated?
A
Each time a user attempts to connect OpenVPN will pass the user and two-step authentication code to a python script. The script will validate the code and respond with an exit code indicating if the code was valid
Q
Can a two-step authentication code be used twice?
A
After a two-step authentication code has been validated it will be stored and any further attempts to use the same code will be invalid
Q
Is the username needed with two-step authentication?
A
The username is not checked or used by the server and can be left blank, only the password is used with two-step authentication
Q
Can options be set using environment variables?
A
All conf options can be set using environment variables by prefixing the conf option with
PRITUNL_
and upper casing the option name such as
PRITUNL_PORT=9700
Q
Why does the server connect to ip.pritunl.com?
A
When the service starts an HTTP requests is sent to ip.pritunl.com to get the public IP address of the server. This is used to automatically fill in the public IP setting when creating a new server. The source code for the ip.pritunl.com server is available at github.com/pritunl/pritunl-ip. This can be disabled by adding
get_public_ip=false
to
/etc/pritunl.conf

REST API

Authentication
All API requests must be signed with the API token and secret. Below is an example wrapper function to sign API requests. The API token and secret can be found by clicking Change Password in the web interface.
Header Parameters
Auth-Token API token
Auth-Timestamp Epoch timestamp must be accurate to +/-5 minutes of server time
Auth-Nonce Random alphanumeric string of 32 characters must be unique for each request
Auth-Signature Base64 digest of hash signing algorithm
Python Example
import requests, time, uuid, hmac, hashlib, base64 BASE_URL = 'https://localhost:9700' API_TOKEN = 'iAfH2TnpB0oe2Pu6s0qHh2w2iLh27b6P' API_SECRET = 'N4coHGtsZ2VIp0KdjfzZeULsiu4Ey8Lx' def auth_request(method, path, headers=None, data=None): auth_timestamp = str(int(time.time())) auth_nonce = uuid.uuid4().hex auth_string = '&'.join([API_TOKEN, auth_timestamp, auth_nonce, method.upper(), path] + ([data] if data else [])) auth_signature = base64.b64encode(hmac.new( API_SECRET, auth_string, hashlib.sha256).digest()) auth_headers = { 'Auth-Token': API_TOKEN, 'Auth-Timestamp': auth_timestamp, 'Auth-Nonce': auth_nonce, 'Auth-Signature': auth_signature, } if headers: auth_headers.update(headers) return getattr(requests, method.lower())( BASE_URL + path, verify=False, headers=auth_headers, data=data, )
DELETE /auth/token/:auth_token
Revoke an authentication token.
URL Parameters
auth_token Authentication token
Python Example
response = auth_request('DELETE', '/auth/token/264e30e7032b467bb0174b22bdb8ce13', ) assert(response.status_code == 200)
GET /event/:cursor
Long polling request that returns a list of events that have occurred sorted by creation. Events will only be sent once. Request will poll for up to 30 seconds. A list of events can be found in
constants.py
.
URL Parameters
cursor Optional id of last event. If left out only events that occurred after request is sent will be returned
Response
id Event ID
type Event type
time Event epoch time
resource_id Event resource ID
Python Example
response = auth_request('GET', '/event', ) assert(response.status_code == 200) print response.json() [ { 'id': 'd74a527af2ac44899b44b7b3dd9efdc7', 'type': 'users_updated', 'time': 1388495793, 'resource_id': None, }, { 'id': '09b86897d4e44130b5fec95ca7101a5a', 'type': 'server_organizations_updated', 'time': 1388495805, 'resource_id': '6551f49596ca42c4942cb71162916b69', }, ]
GET /status
Returns general information about the pritunl server.
Response
org_count Number of organizations
users_online Number of users online
user_count Number of users
servers_online Number of servers online
server_count Number of servers
server_version Pritunl version running on server
public_ip Public IP address of server
local_networks List of local networks on server
notification Notification for pritunl updates
Python Example
response = auth_request('GET', '/status', ) assert(response.status_code == 200) print response.json() { 'org_count': 2, 'users_online': 2, 'user_count': 8, 'servers_online': 2, 'server_count': 2, 'server_version': '0.10.4', 'public_ip': '8.8.8.8', 'local_networks': [ '10.0.0.0/24', '10.5.0.0/24', '192.168.0.0/24', ], 'notification': '', }
GET /log
Returns a list of server log entries sorted by time.
Response
id Log entry ID
time Log entry epoch time
message Log message
Python Example
response = auth_request('GET', '/log', ) assert(response.status_code == 200) print response.json() [ { 'id': 'ebb8af4a72d548a889c4d6ca45254a5a', 'time': 1388389241, 'message': 'Web server started.', }, { 'id': 'f5ebb4ed2bc74181ad70060bfec30c81', 'time': 1388389217, 'message': 'Web server stopped.', }, ]
GET /auth
Get authentication information.
Response
username Current username
token Encrypted API token
secret API secret
Python Example
response = auth_request('GET', '/auth', headers={ 'Content-Type': 'application/json', }, ) assert(response.status_code == 200) print response.json() { 'username': 'user', 'token': '2$kNvK4+IhmHU=$oBGfGOLHsbl+RqmngrN4M/JCgnKacQb7yNrvkOT3DC8=', 'secret': 'NXLmn2nn1rv0NYQ4zG94XSiAY7TQd1Ks', }
PUT /auth
Change the server username and password.
Parameters
username New username
password New password
Response
username Current username
Python Example
response = auth_request('PUT', '/auth', headers={ 'Content-Type': 'application/json', }, data=json.dumps({ 'username': 'user', 'password': 'pass', }), ) assert(response.status_code == 200) print response.json() { 'username': 'user', }
GET /organization
Returns a list of organizations on the server sorted by name.
Response
id Organization ID
name Organization name
Python Example
response = auth_request('GET', '/organization', ) assert(response.status_code == 200) print response.json() [ { 'id': '060e54e627904abf9402bf3f2e0e16a2', 'name': 'org1', }, { 'id': 'c002529764334d63b7035ad1939eb7ca', 'name': 'org2', }, ]
GET /organization/:organization_id
Returns an organization.
URL Parameters
organization_id Organization ID
Response
id Organization ID
name Organization name
Python Example
response = auth_request('GET', '/organization/060e54e627904abf9402bf3f2e0e16a2', ) assert(response.status_code == 200) print response.json() { 'id': '060e54e627904abf9402bf3f2e0e16a2', 'name': 'org1', }
POST /organization
Create a new organization.
Parameters
name Name of organization
Response
id Organization ID
name Organization name
Python Example
response = auth_request('POST', '/organization', headers={ 'Content-Type': 'application/json', }, data=json.dumps({ 'name': 'new_org', }), ) assert(response.status_code == 200) print response.json() { 'id': 'fb48734e859242e2800f077216401736', 'name': 'new_org', }
PUT /organization/:organization_id
Rename an existing organization.
URL Parameters
organization_id Organization ID
Parameters
name New name of organization
Response
id Organization ID
name Organization name
Python Example
response = auth_request('PUT', '/organization/fb48734e859242e2800f077216401736', headers={ 'Content-Type': 'application/json', }, data=json.dumps({ 'name': 'new_name', }), ) assert(response.status_code == 200) print response.json() { 'id': 'fb48734e859242e2800f077216401736', 'name': 'new_name', }
DELETE /organization/:organization_id
Delete an existing organization.
URL Parameters
organization_id Organization ID
Python Example
response = auth_request('DELETE', '/organization/fb48734e859242e2800f077216401736', ) assert(response.status_code == 200)
GET /user/:organization_id
Returns a list of users in an organization sorted by name.
URL Parameters
organization_id Organization ID
Response
id User ID
organization Organization ID
name User name
organization_name Organization name
type User type
status True if user is online otherwise false
otp_auth True if user uses two-step authentication
otp_secret Secret key for two-step authentication
servers Object of client parameters listed below for each server ID that the user is connected to
Client Parameters
id Server ID
name Server name
local_address Static client address if set otherwise null
remote_address Static client remote address if set otherwise null
connected_since Epoch time connection was started if connected
virt_address Virtual OpenVPN IP address if connected
real_address Real OpenVPN IP address if connected
bytes_sent Bytes sent if connected
bytes_received Bytes received if connected
Python Example
response = auth_request('GET', '/user/060e54e627904abf9402bf3f2e0e16a2', ) assert(response.status_code == 200) print response.json() [ { 'id': '99a38859bcb248bdaf395a6c83305531', 'organization': '060e54e627904abf9402bf3f2e0e16a2', 'name': 'server_6551f49596ca42c4942cb71162916b69', 'organization_name': 'org1', 'type': 'server', 'status': False, 'otp_auth': True, 'otp_secret': 'OPT4HTURJTW6JLQN', 'servers': [ { 'id': '6551f49596ca42c4942cb71162916b69', 'name': 'server1', 'local_address': null, 'remote_address': null, }, ], }, { 'id': 'de554a9993cb4250a995cbcca7a6af5a', 'organization': '060e54e627904abf9402bf3f2e0e16a2', 'name': 'user1', 'organization_name': 'org1', 'type': 'client', 'status': True, 'otp_auth': True, 'otp_secret': 'LMSRMW6NQ4WGFZ37', 'servers': [ { 'id': '6551f49596ca42c4942cb71162916b69', 'name': 'server1', 'local_address': '10.139.82.6', 'remote_address': '10.139.82.7', 'connected_since': 1388498640, 'virt_address': '10.139.82.6', 'real_address': '8.8.8.8:41536', 'bytes_sent': 194742, 'bytes_received': 218497, }, ], }, ]
GET /user/:organization_id/:user_id
Returns a user from an organization.
URL Parameters
organization_id Organization ID
user_id User ID
Response
id User ID
organization Organization ID
name User name
organization_name Organization name
type User type
status True if user is online otherwise false
otp_auth True if user uses two-step authentication
otp_secret Secret key for two-step authentication
servers Object of client parameters listed below for each server ID that the user is connected to
Client Parameters
connected_since Epoch time connection was started
virt_address Virtual OpenVPN IP address
real_address Real OpenVPN IP address
bytes_sent Bytes sent
bytes_received Bytes received
Python Example
response = auth_request('GET', '/user/060e54e627904abf9402bf3f2e0e16a2/99a38859bcb248bdaf395a6c83305531', ) assert(response.status_code == 200) print response.json() { 'id': '99a38859bcb248bdaf395a6c83305531', 'organization': '060e54e627904abf9402bf3f2e0e16a2', 'name': 'server_6551f49596ca42c4942cb71162916b69', 'organization_name': 'org1', 'type': 'server', 'status': False, 'otp_auth': True, 'otp_secret': 'OPT4HTURJTW6JLQN', 'servers': [ { 'id': '6551f49596ca42c4942cb71162916b69', 'name': 'server1', 'local_address': null, 'remote_address': null, }, ], }
POST /user/:organization_id
Create a new user in an organization.
URL Parameters
organization_id Organization ID
Parameters
name User name
Response
id User ID
organization Organization ID
name User name
organization_name Organization name
type User type
otp_secret Secret key for two-step authentication
Python Example
response = auth_request('POST', '/user/060e54e627904abf9402bf3f2e0e16a2', headers={ 'Content-Type': 'application/json', }, data=json.dumps({ 'name': 'new_user', }), ) assert(response.status_code == 200) print response.json() { 'id': 'f53c6efed9bc490588607ee5853e651f', 'organization': '060e54e627904abf9402bf3f2e0e16a2', 'name': 'new_user', 'organization_name': 'org1', 'type': 'client', 'otp_secret': 'HUI3D32NI6CUTMXO', }
PUT /user/:organization_id/:user_id
Rename an existing user in an organization.
URL Parameters
organization_id Organization ID
user_id User ID
Parameters
name New user name
Response
id User ID
organization Organization ID
name User name
organization_name Organization name
type User type
otp_secret Secret key for two-step authentication
Python Example
response = auth_request('PUT', '/user/060e54e627904abf9402bf3f2e0e16a2/f53c6efed9bc490588607ee5853e651f', headers={ 'Content-Type': 'application/json', }, data=json.dumps({ 'name': 'new_name', }), ) assert(response.status_code == 200) print response.json() { 'id': 'f53c6efed9bc490588607ee5853e651f', 'organization': '060e54e627904abf9402bf3f2e0e16a2', 'name': 'new_name', 'organization_name': 'org1', 'type': 'client', 'otp_secret': 'HUI3D32NI6CUTMXO', }
DELETE /user/:organization_id/:user_id
Delete an existing user in an organization. This will restart any servers the user is connected to.
URL Parameters
organization_id Organization ID
user_id User ID
Python Example
response = auth_request('DELETE', '/user/060e54e627904abf9402bf3f2e0e16a2/f53c6efed9bc490588607ee5853e651f', ) assert(response.status_code == 200)
PUT /user/:organization_id/:user_id/otp_secret
Generate a new two-step authentication secret for an existing user.
URL Parameters
organization_id Organization ID
user_id User ID
Response
id User ID
organization Organization ID
name User name
organization_name Organization name
type User type
otp_secret Secret key for two-step authentication
Python Example
response = auth_request('PUT', '/user/060e54e627904abf9402bf3f2e0e16a2/otp_secret', ) assert(response.status_code == 200) print response.json() { 'id': 'f53c6efed9bc490588607ee5853e651f', 'organization': '060e54e627904abf9402bf3f2e0e16a2', 'name': 'new_name', 'organization_name': 'org1', 'type': 'server', 'otp_secret': 'IYW6NR774YTWQICV', }
GET /key/:organization_id/:user_id.tar
Download a users key tar archive.
URL Parameters
organization_id Organization ID
user_id User ID
Python Example
response = auth_request('GET', '/key/060e54e627904abf9402bf3f2e0e16a2/de554a9993cb4250a995cbcca7a6af5a.tar', ) assert(response.status_code == 200)
GET /key/:organization_id/:user_id
Generate a temporary url to download a users key archive and view the two-step authentication key. Both urls can be viewed without authenticating and will expire after 24 hours. The key link can also be deleted by clicking the delete link button on the page.
URL Parameters
organization_id Organization ID
user_id User ID
Response
id Key link ID
key_url Temporary url to download user key tar archive
view_url Temporary url to view the two-step authentication key, download key tar archive and download mobile key configurations
Python Example
response = auth_request('GET', '/key/060e54e627904abf9402bf3f2e0e16a2/de554a9993cb4250a995cbcca7a6af5a', ) assert(response.status_code == 200) print response.json() { 'id': 'ca03ad46c20043aca6a4a571ea6c5e76', 'key_url': '/key/ca03ad46c20043aca6a4a571ea6c5e76.tar', 'view_url': '/k/y3aNc', }
GET /server
Returns a list of servers sorted by name.
Response
id Server ID
name Server name
status True if server is online otherwise false
uptime Server uptime in seconds
users_online Number of users online
user_count Number of users attached to the server
network Servers VPN network address
interface Server VPN interface
port Server port
protocol Server protocol
dh_param_bits Size of dh parameters can be 1024, 1536 2048, 3072 or 4096
mode Server mode can be all_traffic, local_traffic or vpn_traffic
local_networks List of local networks server is routing traffic to otherwise empty list if all traffic is routed. Mode must be set to local_traffic when set
dns_servers List of dns servers for ovpn clients
public_address Servers public IP address
otp_auth True if the server is using two-step authentication otherwise false
lzo_compression True if lzo compression is enabled otherwise false
debug True if server debug output is enabled otherwise false
org_count Number of organizations attached to the server
Python Example
response = auth_request('GET', '/server', ) assert(response.status_code == 200) print response.json() [ { 'id': '6551f49596ca42c4942cb71162916b69', 'name': 'server1', 'status': True, 'uptime': 463, 'users_online': 1, 'user_count': 6, 'network': '10.139.82.0/24', 'interface': 'tun0', 'port': 12524, 'protocol': 'udp', 'dh_param_bits': 1536, 'mode': 'all_traffic', 'local_networks': [], 'dns_servers': [], 'public_address': '8.8.8.8', 'otp_auth': True, 'lzo_compression': False, 'debug': True, 'org_count': 2, }, { 'id': 'e9f1ba1f55194eb1843d4fcf39a44d7b', 'name': 'server2', 'status': False, 'uptime': null, 'users_online': 0, 'user_count': 2, 'network': '10.86.88.0/24', 'interface': 'tun1', 'port': 18387, 'protocol': 'udp', 'dh_param_bits': 1536, 'mode': 'all_traffic', 'local_networks': [], 'dns_servers': [], 'public_address': '8.8.8.8', 'otp_auth': False, 'lzo_compression': False, 'debug': False, 'org_count': 1, }, ]
GET /server/:server_id
Returns a server.
Response
id Server ID
name Server name
status True if server is online otherwise false
uptime Server uptime in seconds
users_online Number of users online
user_count Number of users attached to the server
network Servers VPN network address
interface Server VPN interface
port Server port
protocol Server protocol
dh_param_bits Size of dh parameters can be 1024, 1536 2048, 3072 or 4096
mode Server mode can be all_traffic, local_traffic or vpn_traffic
local_networks List of local networks server is routing traffic to otherwise empty list if all traffic is routed. Mode must be set to local_traffic when set
dns_servers List of dns servers for ovpn clients
public_address Servers public IP address
otp_auth True if the server is using two-step authentication otherwise false
lzo_compression True if lzo compression is enabled otherwise false
debug True if server debug output is enabled otherwise false
org_count Number of organizations attached to the server
Python Example
response = auth_request('GET', '/server/6551f49596ca42c4942cb71162916b69', ) assert(response.status_code == 200) print response.json() { 'id': '6551f49596ca42c4942cb71162916b69', 'name': 'server1', 'status': True, 'uptime': 463, 'users_online': 1, 'user_count': 6, 'network': '10.139.82.0/24', 'interface': 'tun0', 'port': 12524, 'protocol': 'udp', 'dh_param_bits': 1536, 'mode': 'all_traffic', 'local_networks': [], 'dns_servers': [], 'public_address': '8.8.8.8', 'otp_auth': True, 'lzo_compression': False, 'debug': True, 'org_count': 2, }
POST /server
Create a new server.
Parameters
name Server name
network Servers VPN network address
interface Server VPN interface
port Server port
protocol Server protocol
dh_param_bits Size of dh parameters can be 1024, 1536 2048, 3072 or 4096
mode Server mode can be all_traffic, local_traffic or vpn_traffic
local_networks List of local networks server is routing traffic to otherwise empty list if all traffic is routed. Mode must be set to local_traffic when set
dns_servers List of dns servers for ovpn clients
public_address Servers public IP address
otp_auth True if the server is using two-step authentication otherwise false
lzo_compression True if lzo compression is enabled otherwise false
debug True if server debug output is enabled otherwise false
Response
id Server ID
name Server name
status True if server is online otherwise false
uptime Server uptime in seconds
users_online Number of users online
user_count Number of users attached to the server
network Servers VPN network address
interface Server VPN interface
port Server port
protocol Server protocol
dh_param_bits Size of dh parameters can be 1024, 1536 2048, 3072 or 4096
mode Server mode can be all_traffic, local_traffic or vpn_traffic
local_networks List of local networks server is routing traffic to otherwise empty list if all traffic is routed. Mode must be set to local_traffic when set
dns_servers List of dns servers for ovpn clients
public_address Public IP address
otp_auth True if the server is using two-step authentication otherwise false
lzo_compression True if lzo compression is enabled otherwise false
debug True if server debug output is enabled otherwise false
org_count Number of organizations attached to the server
Python Example
response = auth_request('POST', '/server', headers={ 'Content-Type': 'application/json', }, data=json.dumps({ 'name': 'new_server', 'network': '10.32.32.0/24', 'interface': 'tun2', 'port': 14823, 'protocol': 'udp', 'dh_param_bits': 1536, 'mode': 'all_traffic', 'local_networks': [], 'dns_servers': [], 'public_address': '8.8.8.8', 'otp_auth': True, 'lzo_compression': False, 'debug': False, }), ) assert(response.status_code == 200) print response.json() { 'id': 'c4ceb6102ed941d7b1794aead89ab20e', 'name': 'new_server', 'status': False, 'uptime': None, 'users_online': 0, 'user_count': 0, 'network': '10.32.32.0/24', 'interface': 'tun2', 'port': 14823, 'protocol': 'udp', 'dh_param_bits': 1536, 'mode': 'all_traffic', 'local_networks': [], 'dns_servers': [], 'public_address': '8.8.8.8', 'otp_auth': True, 'lzo_compression': False, 'debug': False, 'org_count': 0, }
PUT /server/:server_id
Update an existing server.
URL Parameters
server_id Server ID
Parameters
name Server name
network Servers VPN network address
interface Server VPN interface
port Server port
protocol Server protocol
dh_param_bits Size of dh parameters can be 1024, 1536 2048, 3072 or 4096
mode Server mode can be all_traffic, local_traffic or vpn_traffic
local_networks List of local networks server is routing traffic to otherwise empty list if all traffic is routed. Mode must be set to local_traffic when set
dns_servers List of dns servers for ovpn clients
public_address Servers public IP address
otp_auth True if the server is using two-step authentication otherwise false
lzo_compression True if lzo compression is enabled otherwise false
debug True if server debug output is enabled otherwise false
Response
id Server ID
name Server name
status True if server is online otherwise false
uptime Server uptime in seconds
users_online Number of users online
user_count Number of users attached to the server
network Servers VPN network address
interface Server VPN interface
port Server port
protocol Server protocol
dh_param_bits Size of dh parameters can be 1024, 1536 2048, 3072 or 4096
mode Server mode can be all_traffic, local_traffic or vpn_traffic
local_networks List of local networks server is routing traffic to otherwise empty list if all traffic is routed. Mode must be set to local_traffic when set
dns_servers List of dns servers for ovpn clients
public_address Public IP address
otp_auth True if the server is using two-step authentication otherwise false
lzo_compression True if lzo compression is enabled otherwise false
debug True if server debug output is enabled otherwise false
org_count Number of organizations attached to the server
Python Example
response = auth_request('PUT', '/server/c4ceb6102ed941d7b1794aead89ab20e', headers={ 'Content-Type': 'application/json', }, data=json.dumps({ 'name': 'new_name', }), ) assert(response.status_code == 200) print response.json() { 'id': 'c4ceb6102ed941d7b1794aead89ab20e', 'name': 'new_name', 'status': False, 'uptime': None, 'users_online': 0, 'user_count': 0, 'network': '10.32.32.0/24', 'interface': 'tun2', 'port': 14823, 'protocol': 'udp', 'dh_param_bits': 1536, 'mode': 'all_traffic', 'local_networks': [], 'dns_servers': [], 'public_address': '8.8.8.8', 'otp_auth': True, 'lzo_compression': False, 'debug': False, 'org_count': 0, }
DELETE /server/:server_id
Delete an existing server.
URL Parameters
server_id Server ID
Python Example
response = auth_request('DELETE', '/server/c4ceb6102ed941d7b1794aead89ab20e', ) assert(response.status_code == 200)
PUT /server/:server_id/:operation
Start, stop or restart an existing server.
URL Parameters
server_id Server ID
operation Server operation
Response
id Server ID
name Server name
status True if server is online otherwise false
uptime Server uptime in seconds
users_online Number of users online
user_count Number of users attached to the server
network Servers VPN network address
interface Server VPN interface
port Server port
protocol Server protocol
mode Server mode can be all_traffic, local_traffic or vpn_traffic
local_networks List of local networks server is routing traffic to otherwise empty list if all traffic is routed. Mode must be set to local_traffic when set
public_address Public IP address
otp_auth True if the server is using two-step authentication otherwise false
lzo_compression True if lzo compression is enabled otherwise false
debug True if server debug output is enabled otherwise false
org_count Number of organizations attached to the server
Python Example
response = auth_request('PUT', '/server/e9f1ba1f55194eb1843d4fcf39a44d7b/start', ) assert(response.status_code == 200) print response.json() { 'id': 'e9f1ba1f55194eb1843d4fcf39a44d7b', 'name': 'server2', 'status': True, 'uptime': 1, 'users_online': 0, 'user_count': 2, 'network': '10.86.88.0/24', 'interface': 'tun1', 'port': 18387, 'protocol': 'udp', 'public_address': '8.8.8.8', 'otp_auth': False, 'lzo_compression': False, 'debug': False, 'org_count': 1, }
GET /server/:server_id/organization
Returns a list of organizations attached to a server sorted by name.
URL Parameters
server_id Server ID
Response
id Organization ID
server Server ID
name Organization name
Python Example
response = auth_request('GET', '/server/e9f1ba1f55194eb1843d4fcf39a44d7b/organization', ) assert(response.status_code == 200) print response.json() [ { 'id': '060e54e627904abf9402bf3f2e0e16a2', 'server': 'e9f1ba1f55194eb1843d4fcf39a44d7b', 'name': 'org1', }, ]
PUT /server/:server_id/organization/:organization_id
Attach an organization to an existing server.
URL Parameters
server_id Server ID
organization_id Organization ID
Response
id Organization ID
server Server ID
name Organization name
Python Example
response = auth_request('PUT', '/server/e9f1ba1f55194eb1843d4fcf39a44d7b/organization/c002529764334d63b7035ad1939eb7ca', ) assert(response.status_code == 200) print response.json() { 'id': 'c002529764334d63b7035ad1939eb7ca', 'server': 'e9f1ba1f55194eb1843d4fcf39a44d7b', 'name': 'org2', }
DELETE /server/:server_id/organization/:organization_id
Remove an organization from an existing server.
URL Parameters
server_id Server ID
organization_id Organization ID
Python Example
response = auth_request('DELETE', '/server/e9f1ba1f55194eb1843d4fcf39a44d7b/organization/c002529764334d63b7035ad1939eb7ca', ) assert(response.status_code == 200)
GET /server/:server_id/output
Get the output of a server.
URL Parameters
server_id Server ID
Response
id Organization ID
output Server output
Python Example
response = auth_request('GET', '/server/e9f1ba1f55194eb1843d4fcf39a44d7b/output', ) assert(response.status_code == 200) print response.json() { 'id': 'e9f1ba1f55194eb1843d4fcf39a44d7b', 'output': '', }
DELETE /server/:server_id/output
Clear the output of a server.
URL Parameters
server_id Server ID
Python Example
response = auth_request('DELETE', '/server/e9f1ba1f55194eb1843d4fcf39a44d7b/output', ) assert(response.status_code == 200)
GET /server/:server_id/bandwidth
Get the bandwidth usage history of a server.
URL Parameters
server_id Server ID
Response
1m Bandwidth data at 1 minute intervals for last 6 hours
5m Bandwidth data at 5 minute intervals for last 24 hours
30m Bandwidth data at 30 minute intervals for last 7 days
2h Bandwidth data at 2 hour intervals for last 30 days
1d Bandwidth data at 1 day intervals for last 365 days
Bandwidth Parameters
received Array of containing the utc timestamp and bandwidth usage in bytes for data received
received_total Total bytes received
sent Array of containing the utc timestamp and bandwidth usage in bytes for data sent
sent_total Total bytes sent
Python Example
response = auth_request('GET', '/server/e9f1ba1f55194eb1843d4fcf39a44d7b/bandwidth', ) assert(response.status_code == 200) print response.json() { '1m': { 'received': [ (1393115280, 753), (1393115340, 321), ], 'received_total': 1074, 'sent': [ (1393115280, 865), (1393115340, 421), ], 'sent_total': 1286, }, '5m': { 'received': [ (1393050720, 3753), (1393051020, 4784), ], 'received_total': 8537, 'sent': [ (1393050720, 4723), (1393051020, 6723), ], 'sent_total': 11446, }, '30m': { 'received': [ (1392532200, 19452), (1392534000, 23921), ], 'received_total': 43373, 'sent': [ (1392532200, 20123), (1392534000, 17853), ], 'sent_total': 37976, }, '2h': { 'received': [ (1390552020, 91752), (1390559220, 89316), ], 'received_total': 181068, 'sent': [ (1390552020, 96296), (1390559220, 83478), ], 'sent_total': 179774, }, '1d': { 'received': [ (1361687220, 867242), (1361773620, 948342), ], 'received_total': 1815584, 'sent': [ (1361687220, 852067), (1361773620, 935672), ], 'sent_total': 1787739, }, }
GET /export/pritunl.tar
Download a tar archive of all server data.
Python Example
response = auth_request('GET', '/export/pritunl.tar', ) assert(response.status_code == 200)