Setup a VPN server using Pritunl container

I constructed OpenVPN server with pritunl


VPN is perfect for my following requests.
  • operate my Raspberry-Pi at home from outside over internet.
  • access Japanese mobile web service (Facebook, LINE, etc...) from other country with restricted internet service.


Before setup Pritunl VPN server, eporses network ports used in the server. Port 1194 is used for VPN, and Port 443 is temporary used for Pritunl web console.
sudo firewall-cmd --permanent --add-port=1194/udp
sudo firewall-cmd --permanent --add-port=1194/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --reload

Setup Pritunl

I used jippi/pritnul docker image. How to create Pritunl container is posted on the docker hub. When starting docker container, forward 1194 port to docker host for OpenVPN and forward 443 port to docker host for https pritunl console access.
mkdir -p $(pwd)/vpn/{mongodb,pritunl}
touch $(pwd)/vpn/pritunl.conf

docker run -d --privileged --restart=always --name pritunl \
-p 1194:1194/udp \
-p 1194:1194/tcp \
-p 443:443/tcp \
-v $(pwd)/vpn/mongodb:/var/lib/mongodb \
-v $(pwd)/vpn/pritunl:/var/lib/pritunl \
-v $(pwd)/vpn/pritunl.conf:/etc/pritunl.conf \
To create VPN server, access pritunl on web browser.
https://<your docker host server>
The defaul username/password is pritunl/pritunl. If your docker host is public server, it is not good for security not to change username and password.

On Pritunl web console, you have to generate Organization, User and Server. User is a VPN client. It seems that two same user cannot connect to VPN at the same time, so I think User should be created for each VPN client device. Organization is a group for VPN clients. The users in identical organization belongs to identical virtual local network. Server is a VPN server for organizaion.

The OpenVPN client file (.ovpn) can be issued for a user. You can dounload the file form ther user management page.

Before starting full VPN operation, restart the pritunl docker container without https(443) port. It provides you more secure VPN service because anyone outside host cannot create or issue a new VPN client key.
docker stop pritunl
docker rm pritunl

docker run -d --privileged --restart=always --name pritunl \
-p 1194:1194/udp \
-p 1194:1194/tcp \
-v $(pwd)/vpn/mongodb:/var/lib/mongodb \
-v $(pwd)/vpn/pritunl:/var/lib/pritunl \
-v $(pwd)/vpn/pritunl.conf:/etc/pritunl.conf \

I have technical job experience in enbedded software development and server side infrastructure/application engineering. I'm interested in programming and computer security.
To write down my technical knowledge in the place where I can access from anywhere. To share my program source code. To train my writing skill.
  • LinkedIn (preparing)

  • Twitter

  • Facebook (preparing)

  • GitHub

  • StackOverFlow (preparing)