Enterprise Distributed OpenVPN Server

Virtualize your private networks across datacenters and provide simple remote access in minutes
Demo

Simple Virtual Private Networks

Create your own cloud vpn with complex site-to-site links, gateway links and provide local network access to remote users. Protect your network traffic and remote users connecting over public connections with secure encryption. All from a simple web interface.

Okta Single Sign-On

Add simple single sign-on and multi-factor authentication with support for Okta SAML and Okta Push for push verfication.

Okta Tutorial

OneLogin Single Sign-On

Integrate with almost any identity management service such as OneLogin with support for SAML.

OneLogin Tutorial

Google Single Sign-On

Easily enable single sign-on with Google Apps in seconds to allow users to quickly authenticate with Pritunl using their Google business account.

Google Tutorial

Duo Single Sign-On

Quickly setup single sign-on and improve vpn security with Duo authentication. Users can use their Duo app to download their profiles and authenticate each connection securely.

Duo Tutorial

Radius Single Sign-On

Integrate Pritunl with Radius authentication servers to allow users to login to Pritunl with their Radius account

Chromebook Support

The easiest vpn for Chrome OS. In combination with Google single sign-on users can sign in with their Google business account and download a Chromebook compatible vpn profile in just two steps.

Chromebook Tutorial

Ubiquiti EdgeMax Support

Pritunl plugin for Ubiquiti EdgeMax allows for simple integration with EdgeRouters and easy management of Pritunl profiles. Use the EdgeRouter as a gateway to link a local network into the vpn server.

EdgeMax Tutorials

IPv6 Ready

Pritunl is IPv6 compatible allowing IPv6 clients to connect to vpn servers over IPv6. Clients on IPv4 and IPv6 will also get an IPv6 address from a routed public subnet or with a private subnet using NAT.

IPv6 Tutorial

DNS Mapping

user0.organization0.vpn

All connected users and devices are mapped to a dns domain with their username and organization name.

DNS Forwarding

search.user.org.vpn -> search.node.consul

Forward dns queries to a dns server on a remote network such as a consul server on an AWS VPC.

Advanced Auditing

Optional advanced auditing of user and administrator related events for improved security and intrusion detection.

Improved Security

Pritunl is the most secure VPN server available and the only VPN server to offer up to five layers of authentication. This includes a user certificate, six digit user pin, Google Authenticator, single sign-on (Google, Okta, OneLogin) and mobile push authentication (Duo, Okta Push)

Open Source Alternative

Pritunl is the best open source alternative to proprietary commercial vpn products such as Pulse Secure and Pertino. Create larger cloud vpn networks supporting thousands of concurrent users and get more control over your vpn server without any per-user pricing.

No Hidden Backdoors

Closed source VPN vendors such as Juniper and Fortinet contain deliberately added backdoors to be used by governments and criminals to gain access to your networks. With no access to the source code these backdoors can remain hidden leaving your network vulnerable. Only open source software can guarantee the security of your network.

Sponsored By

Open Source

All source code for Pritunl is publicly available on GitHub. Allowing for complete transparency and customization.

Free to Use

Free and open source alternative to Pulse Secure and Pertino. No registration or credit card necessary.

Easy Configuration

All configuration is done from a web interface allowing easy management of large organizations and complex configurations.

Security

All traffic between clients and the server is encrypted. Optional two-step authentication is available using Google Authenticator.

OpenVPN Protocol

Pritunl is built with the OpenVPN protocol and any existing client that supports OpenVPN can be used to connect to a Pritunl server.

REST API

Easily integrate and configure Pritunl with other services using the REST API. Documentation is available in the API section.

Examples

Single User

View Tutorial

IPv4 to IPv6 Connection

View Tutorial

Secure Access to Private Network

View Tutorial

Site-to-Site Configuration

View Tutorial

VPN Router with EdgeMax

View Tutorial

VPN Gateway with EdgeMax

View Tutorial

Router+VPN Gatway with EdgeMax

View Tutorial

Site-to-Site VPN with EdgeMax

View Tutorial

Site-to-Site Gateway with EdgeMax

View Tutorial

Redundant Gateway with EdgeMax

View Tutorial

Google Authentication

View Tutorial

Duo Authentication

View Tutorial

Enterprise Features

Automated Failover

Server Replication

Distributed and Scalable

Scale Easily

Pritunl servers can be easily distributed across multiple servers and different datacenters for improved performance, high availability and automatic failover when an instance fails.

Simple Distribution

All server communication and interconnecting is done with MongoDB allowing servers to be quickly connected without having to modify firewalls for inter-server communication.

High Availability

All Pritunl servers are equal in the cluster and can run independently in the event of other instances failing.

Distributed and Scalable

Subscription Plans

Pritunl is free to use with optional monthly subscriptions available to purchase for additional features. The enterprise license may be used on all the servers in the cluster and does not require a individual license for each server.

Free

  • Single server
    Run a single Pritunl instance
  • Unlimited users
    No limit on the number of users created or users connected
  • Unlimited devices
    No limit on the number of devices that each user has connected

$0/month

Premium

  • Single server
    Run a single Pritunl instance
  • Unlimited users
    No limit on the number of users created or users connected
  • Unlimited devices
    No limit on the number of devices that each user has connected
  • Port forwarding
    Forward ports to vpn clients
  • Gateway links
    Create a gateway link to route traffic for a local network to a vpn client. Allowing the vpn clients to access the remote network that is available to the linked vpn client
  • Failover gateway links
    Connect multiple gateway links to a Pritunl server and when a link goes down another available link will automatically be used
  • Bypass secondary auth
    Per-user option to bypass secondary authentication such as two-factor authentication. For server users that can't provide a two-factor code
  • Chromebook support
    Easily connect Chromebook users with ChromeOS compatible vpn profiles
  • Configuration sync
    When clients connect with a Pritunl client, vpn setting changes such as port/protocol will be updated to allow the client to connect without needing to download a new configuration
  • Email user keys
    Email users a link to download vpn profiles using a configured SMTP server
  • Additional themes
    Change the interface to light or dark theme

$10/month

Enterprise

  • All Premium features
    All of the features included with a Premium subscription
  • Unlimited servers
    No limit on the number of Pritunl instances in a single Pritunl cluster
  • Single sign-on
    Single sign-on with SAML, Google Apps, Duo Security and Radius
  • Automatic failover
    When a Pritunl instance fails the vpn servers running on the instance will automatically failover to another available Pritunl instance
  • Replicated servers
    Replicate a vpn server accross multiple Pritunl instances to easily scale horizontally to handle more user connections
  • Site-to-site VPN
    Easily create a site-to-site link between two Pritunl instances without any complicated configuration
  • DNS mapping
    Map connected vpn clients to dns domains such as user0.org0.vpn using a custom dns server that runs along with the Pritunl server
  • DNS forwarding
    Forward dns queries to a dns server on a remote network such as a consul server on an AWS VPC.
  • Monitoring
    Monitor server and user metrics with Prometheus and Datadog.
  • Advanced auditing
    Optional advanced auditing of user and administrator related events for improved security and intrusion detection.
  • Bridged VPN mode
    Create tap servers that bridge the vpn clients to the servers local network interface. Allowing vpn clients to get an ip address on the servers local network
  • Multiple Administrators
    Allow multiple administrators to manage the Pritunl server
  • User Pin Policy
    Control over requiring users to set a pin before they are able to connect to a vpn server.
  • Long term subscriptions
    Contact support for long term subscriptions

$50/month

Amazon AWS Automated Install

#!/bin/bash echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" > /etc/apt/sources.list.d/mongodb-org-3.0.list echo "deb http://repo.pritunl.com/stable/apt trusty main" > /etc/apt/sources.list.d/pritunl.list apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10 apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A apt-get --assume-yes update apt-get --assume-yes upgrade apt-get --assume-yes install pritunl mongodb-org service pritunl start

Install

Select a Linux distribution below and run the commands to install Pritunl. After installing no setup is necessary simply open the web interface at https://SERVER_IP:9700/ in your web browser and login with the default username and password which is "pritunl".

Arch Linux

$ nano /etc/pacman.conf [pritunl] Server = http://repo.pritunl.com/stable/pacman $ pacman-key --keyserver hkp://keyserver.ubuntu.com -r CF8E292A $ pacman-key --lsign-key CF8E292A $ pacman -Sy $ pacman -S pritunl mongodb $ systemctl start mongodb pritunl $ systemctl enable mongodb pritunl

Ubuntu Precise

$ nano /etc/apt/sources.list.d/mongodb-org-3.0.list deb http://repo.mongodb.org/apt/ubuntu precise/mongodb-org/3.0 multiverse $ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt precise main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10 $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl mongodb-org $ service pritunl start

Ubuntu Trusty

$ nano /etc/apt/sources.list.d/mongodb-org-3.0.list deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse $ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt trusty main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10 $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl mongodb-org $ service pritunl start

Ubuntu Vivid

$ nano /etc/apt/sources.list.d/mongodb-org-3.0.list deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse $ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt vivid main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10 $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl mongodb-org $ service pritunl start

Ubuntu Wily

$ nano /etc/apt/sources.list.d/mongodb-org-3.0.list deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse $ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt wily main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10 $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl mongodb-org $ service pritunl start

Debian Wheezy

$ nano /etc/apt/sources.list.d/mongodb-org-3.0.list deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main $ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt wheezy main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10 $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl mongodb-org $ service pritunl start

Debian Jessie

$ nano /etc/apt/sources.list.d/mongodb-org-3.0.list deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main $ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt jessie main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10 $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl mongodb-org $ systemctl start mongod pritunl $ systemctl enable mongod pritunl

CentOS 7

$ wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm $ rpm -i epel-release-latest-7.noarch.rpm $ nano /etc/yum.repos.d/pritunl.repo [pritunl] name=Pritunl Repository baseurl=http://repo.pritunl.com/stable/yum/centos/7/ gpgcheck=1 enabled=1 $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys CF8E292A $ gpg --armor --export CF8E292A > key.tmp; rpm --import key.tmp; rm -f key.tmp $ yum install pritunl mongodb-server $ systemctl start mongod pritunl $ systemctl enable mongod pritunl

Fedora 22

$ nano /etc/yum.repos.d/pritunl.repo [pritunl] name=Pritunl Repository baseurl=http://repo.pritunl.com/stable/yum/fedora/22/ gpgcheck=1 enabled=1 $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys CF8E292A $ gpg --armor --export CF8E292A > key.tmp; rpm --import key.tmp; rm -f key.tmp $ yum install pritunl mongodb-server $ systemctl start mongod pritunl $ systemctl enable mongod pritunl

Amazon Linux

$ sudo nano /etc/yum.repos.d/mongodb-org-3.0.repo [mongodb-org-3.0] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/amazon/2013.03/mongodb-org/3.0/x86_64/ gpgcheck=0 enabled=1 $ sudo nano /etc/yum.repos.d/pritunl.repo [pritunl] name=Pritunl Repository baseurl=http://repo.pritunl.com/stable/yum/centos/7/ gpgcheck=1 enabled=1 $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys CF8E292A $ gpg --armor --export CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp $ sudo yum install pritunl mongodb-org $ sudo service mongod start $ sudo start pritunl
CloudFormation

Open Source OpenVPN Client

Free and open source cross platform OpenVPN client. Connect to any OpenVPN server with a secure open source client. Additonal integration available when connecting to a Pritunl server. Free and open source alternative to Viscosity.

Linux

Arch Linux

$ nano /etc/pacman.conf [pritunl] Server = http://repo.pritunl.com/stable/pacman $ pacman-key --keyserver hkp://keyserver.ubuntu.com -r CF8E292A $ pacman-key --lsign-key CF8E292A $ pacman -Sy $ pacman -S pritunl-client-gtk

Arch Linux Server

$ nano /etc/pacman.conf [pritunl] Server = http://repo.pritunl.com/stable/pacman $ pacman-key --keyserver hkp://keyserver.ubuntu.com -r CF8E292A $ pacman-key --lsign-key CF8E292A $ pacman -Sy $ pacman -S pritunl-client

Ubuntu

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt precise main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client-gtk

Ubuntu Server

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt precise main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client

Ubuntu

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt trusty main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client-gtk

Ubuntu Server

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt trusty main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client

Ubuntu

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt vivid main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client-gtk

Ubuntu Server

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt vivid main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client

Ubuntu

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt wily main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client-gtk

Ubuntu Server

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt wily main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client

Debian

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt wheezy main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client-gtk

Debian Server

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt wheezy main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client

Debian

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt jessie main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client-gtk

Debian Server

$ nano /etc/apt/sources.list.d/pritunl.list deb http://repo.pritunl.com/stable/apt jessie main $ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A $ apt-get update $ apt-get install pritunl-client

CentOS 7

$ nano /etc/yum.repos.d/pritunl.repo [pritunl] name=Pritunl Stable Repository baseurl=http://repo.pritunl.com/stable/yum/centos/7/ gpgcheck=1 enabled=1 $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys CF8E292A $ gpg --armor --export CF8E292A > key.tmp; rpm --import key.tmp; rm -f key.tmp $ yum install pritunl-client

Amazon Linux

$ nano /etc/yum.repos.d/pritunl.repo [pritunl] name=Pritunl Stable Repository baseurl=http://repo.pritunl.com/stable/yum/centos/7/ gpgcheck=1 enabled=1 $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys CF8E292A $ gpg --armor --export CF8E292A > key.tmp; rpm --import key.tmp; rm -f key.tmp $ yum install pritunl-client