Pritunl mirror

I decided to create my own mirror for Pritunl due to the fact that their repository isn't reachable via IPv6, and I really need IPv6 access because I have numerous IPv6-only servers and virtual private servers.

As a consequence of my services requiring IPv6 connectivity, I therefore mirrored both Pritunl and MongoDB. They are both accessible through IPv6 now. My repositories are updated once every day.

The installation instructions for Pritunl are the same as those found on their site, with the exception of using my mirror instead of the official ones.

In nearly every case where I deploy Pritunl I end up using Debian 8, it therefore follows logically that I only mirror Debian 8 — it saves me space and bandwidth ;)

Pritunl server on Debian 8

The below instructions are intended to be used on a server running Debian 8 (Jessie). It's a straightforward installation with no hassles at all. It doesn't get any simpler than this.

$ nano /etc/apt/sources.list.d/mongodb-org-3.0.list
deb wheezy/mongodb-org/3.0 main

$ nano /etc/apt/sources.list.d/pritunl.list
deb jessie main

$ apt-key adv --keyserver hkp:// --recv 7F0CEB10
$ apt-key adv --keyserver hkp:// --recv CF8E292A
$ apt-get update
$ apt-get install pritunl mongodb-org
$ systemctl start mongod pritunl
$ systemctl enable mongod pritunl

Note: once you've successfully installed the Pritunl server you can typically access it by visiting https://your_ip:9700 using the default credentials:

Username: pritunl
Password: pritunl

At that point you can begin customizing your instance the way you want it (e.g, DH Param Bits, Encryption Cipher, Hash Algorithm and much else).

Hint: to completely turn off logging for the VPN server you can issue this command pritunl set vpn.log_lines 0. I haven't found a way to disable generation of bandwidth graphs, however, that's not really a great concern as it doesn't violate our privacy; it is merely taking up unnecessary resources. Furthermore, you can edit the file /etc/pritunl.conf which by default stores values that should look more or less identical to what is produced below:

    "mongodb_uri": "mongodb://localhost:27017/pritunl",
    "log_path": "/var/log/pritunl.log",
    "static_cache": true,
    "temp_path": "/tmp/pritunl_755479bb69b245c39bb2e8408da849f5",
    "bind_addr": "",
    "debug": false,
    "www_path": "/usr/share/pritunl/www",
    "local_address_interface": "auto",
    "port": 9700

The log file pritunl.log does not contain any sensitive information and doesn't contain anything of value for us, and it also doesn't fill itself up with tons of useless information — hence we can keep it.
pritunl.log typically looks like this:

[undefined][2016-02-27 17:54:48,171][INFO] Starting setup server
[undefined][2016-02-27 17:54:48,174][INFO] Generating setup server ssl cert
[undefined][2016-02-27 17:54:48,234][INFO] Running 1.17 database upgrade
[undefined][2016-02-27 17:54:48,315][INFO] Setting db version
  new_ver = ''
  cur_ver = u'1.14.842.11snapshot'
[undefined][2016-02-27 17:54:48,354][INFO] Setting db version
  new_ver = '1.17.892.18snapshot'
  cur_ver = u''

You could naturally redirect this output to /dev/null if you want, as there is practically nothing of value for us in this log anyway. That's what I did.

As for the Pritunl WebUI, here is what the enumeration of users looks like:

The bandwidth graphs looks like this:

As for the WebUI itself; it's written in Python and has been styled with Bootstrap 3.

The Pritunl client

I also carry the GTK client along with the headless client in the repository hosted on my server; these can be downloaded and installed by following the instructions below:

Pritunl GTK client

$ nano /etc/apt/sources.list.d/pritunl.list
deb jessie main

$ apt-key adv --keyserver hkp:// --recv CF8E292A
$ apt-get update
$ apt-get install pritunl-client-gtk

The GTK based client has a extremely lean and basic interface:

Pritunl headless client

$ nano /etc/apt/sources.list.d/pritunl.list
deb jessie main

$ apt-key adv --keyserver hkp:// --recv CF8E292A
$ apt-get update
$ apt-get install pritunl-client

That's all. Enjoy!