Article directory
Preface
Pritunl is a free and open source VPN platform software (but it does not use a standard open source license, and users are subject to many restrictions). This is a simple and effective VPN method. On the one hand, it can provide a relatively simple way for beginner users to quickly set up VPN services; on the other hand, it can resist the interference of walls and provide stable and effective proxy services. Pritunl uses the OpenVPN proxy method. On the one hand, it provides an API for advanced developers to use. It also provides detailed installation instructions for different platforms and different VPS providers (including DigitalOcean and AWS). The DEMO shows that it has a graphical interface, which is convenient. It is suitable for entry-level users, and officials claim that it can complete the construction process within a few minutes, which greatly lowers the threshold for use. Next, we combine the cpolar tool to realize remote connection to pritunl openVPN.
1. Environment installation
Create a MongoDB warehouse file:
sudo tee /etc/yum.repos.d/mongodb-org-6.0.repo << EOF
Add the following content and press Enter:
[mongodb-org-5.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc
EOF
Create pritunl warehouse file
sudo tee /etc/yum.repos.d/pritunl.repo << EOF
Add the following content below, and press Enter:
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/oraclelinux/8/
gpgcheck=1
enabled=1
EOF
Import signing key from key server
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
Install oracle-epel-release-el8
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
2. Start installation
Install pritunl-openvpn, execute the following commands, and wait for the installation to complete
sudo yum --allowerasing install pritunl-openvpn
The following interface appears to indicate success.
Install mongodb-org
sudo yum -y install pritunl mongodb-org
When the following interface appears, the installation is successful.
Start mongod pritunl
sudo systemctl start mongod pritunl
Set up startup (try to use startup after all services are configured and the connections are correct)
sudo systemctl enable mongod pritunl
Turn off the firewall (centOS8)
systemctl stop firewalld
3.Access test
Open the external browser, we use https protocol + LAN IP address to access, and you can see the web interface. There is a key parameter on the web interface that we need to enter.
Execute the following command to obtain the key
sudo pritunl setup-key
After execution, we can see the key and copy it
Write the key on the interface and click save
Then you will see the login interface, which prompts you to execute the command to obtain the default password and login information.
Execute the following command to obtain login information:
sudo pritunl default-password
After execution, you can see our username and password
We can log in using the account and password we obtained.
After logging in, we are prompted to modify the username and password. Here we only modify the password. The value of Public Address is changed to the LAN IP of the device (note that it is the LAN IP of your device. You can view it by entering the ip address on the device). If you don’t know the other parameters, you don’t need to set them. After setting them, click save.
4.Create a connection
Create an organization first
Fill in the organization name and click Add to add
After adding the organization, add a user
Fill in the user name and click Add
Then add the server service
Fill in the server information including name, protocol tcp, and then click save
Then click Bind Organization
After the selection is correct, click attach
Then we click to start the service. On this page we can see a port number: 12650. This is my port number. The specific port number is subject to your own port number.
5. LAN test connection
Go to the openVPN official website to download the OpenVPN connection tool: https://openvpn.net/community-downloads/, for windwos 64-bit we download the first one
After downloading, just install and open it. Then we download the connection configuration file, open the pritunl web interface, click on the user above, and then click to download the connection configuration file of the user we created above.
You can see this configuration file after decompression
After downloading the configuration file, we import the configuration file and right-click the openVPN icon in the lower right corner
Select configuration file to import
Just select the configuration file we downloaded
Then we right-click the icon again and select the configuration file connection we imported. After the connection is successful, a prompt will pop up in Windows to indicate that the connection is successful, and the LAN connection indicates that it is OK.
6.Install cpolar
Above we installed pritunl on local Linux and the LAN test was ok. Next we installed the cpolar intranet penetration tool. Through cpolar's http public network address, we can easily achieve remote connection without registering a domain name and purchasing a cloud server. The following is Install cpolar steps
- Use one-click script installation command
curl -L https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash
- token authentication
Log in to the cpolar official website backend, click Verify on the left to view your authentication token, and then paste the token into the command line:
cpolar authtoken xxxxxxx
- Add services to the system
sudo systemctl enable cpolar
- Start cpolar service
sudo systemctl start cpolar
7. Configure a fixed public network access address
In cpolar, the temporary tcp port address and the generated public network address are random temporary addresses. The public network address will change randomly within 24 hours. We use it to configure a fixed TCP port address, which will not change. After setting it, there is no need to modify the address repeatedly every day.
Configuring a fixed TCP port address requires upgrading cpolar to the Professional Edition package or above.
Reserve a fixed TCP address. Log in to the cpolar official website . Click Reserve on the left to find the reserved TCP address. Let’s reserve a fixed TCP address for Minecraft:
- Region: Select China vip
- Description: It is a note, which can be customized
Click保留
After the address is successfully reserved, the system will generate the corresponding fixed public address and copy it.
*Then we access the Linux LAN IP address + port 9200 on the browser and log in to the cpolar web UI management interface. After successfully logging in, click Tunnel Management - Create Tunnel on the left dashboard:
Tunnel name: It can be customized. Be careful not to duplicate the existing tunnel name.
- Protocol: tcp
- Local address: 12324 (note this port, you need to fill in the port corresponding to the address reserved on the official website)
- Domain name type: fixed tcp port
- Region: Select China VIP
- Reserved tcp address: fill in the address successfully reserved by the official website,
Click创建
Then open the online tunnel list and check the public network address of the tcp protocol. Here we can see that the local address port number and the public network ip port number are consistent.
8. Remote connection test
Above we created a tcp public IP address through the cpolar tool. We copy the first section of the address: 5.tcp.vip.cpolar.cn, open the pritunl web interface, click settings, and change our Public Address.
After setting up, click stop server, then click the service name to enter the modification service port
Change the port to the port corresponding to the public network address 5.tcp.vip.cpolar.cn:12324 we created with cpolar above: 12324
After the change, we start the service
Then download the configuration file again. Because we changed the address, we need to download the connected configuration file again.
After downloading, import it and select the import configuration file.
You will be prompted whether to replace the previous file, click Yes.
Then we select the connection with the same name as the configuration file to connect
We can see that it is connected in the window prompt interface, indicating a successful connection.
Reprinted from cpolar pole cloud article: Pritunl OpenVPN remote connection