A guide to remote enterprise application access…. Part B | SolarBI

A guide to remote enterprise application access…. Part B

VPN access with Pritunl - SolarBI
James Daley

James Daley

Co-Founder @ SolarBI

It’s been a week, and COVID-19 is still spreading throughout the world.  If you’re still working from home, and in need of remote enterprise access to your organisation’s network, a VPN has long been the answer.  In this Part B post, we walk through the fundamentals of setting up Pritunl VPN in your environment.

My preferred enterprise application access solution has long been Pritunl VPN.  It can be entirely free, runs on a wide range of operating systems, and is intuitive, stable, and secure.  Fundamentally Pritunl VPN is a wrapper for OpenVPN, and yes, it’s free.  

OpenVPN has been around for years, with a strong supporter base of devs.  Pritunl is a wrapper to simplify and extend its functionality while remaining open source.  

Here at SolarBI, we’ve been using Pritunl VPN since day dot, and for good reason!  Spin it up in your environment, and you’ll understand what I’m talking about. You’ll have remote enterprise access to your network within, well realistically, about half an hour.  Anyone who says 5 minutes is lying.

Pritunl VPN has many configurations to suit all environments, from high-availability with multiple hosts, to linked servers, IPSEC links…. you name it, Pritunl VPN has got it.

This guide will walk you through the basics, but it’s not a comprehensive how-to.  The official doco by Pritunl is far-reaching and covers everything you need to know.

Let's get started

Let’s presume you have some basic networking and server knowledge to get this beast operating. We’ll start by following this installation guide. 

The essential ingredients of Pritunl are a web server and a MongoDB database that can co-exist on the same server.  Another important point when selecting your chosen operating system, it needs to support SELinux, so go with either; Red Hat Enterprise Linux, Oracle Linux or CentOSSELinux allows these two processes to securely co-exist on the same server. That’s pretty nice for a basic setup.

If you’re thinking of heading to a hosted database model, then Pritunl VPN has doco on that too, which is straightforward (I’ve set up that config before also).

Now, when provisioning the networking side, it is also necessary to understand whether you want a Bridge or NAT mode.  More info is here on this, and I usually recommend NAT while experimenting.  

The necessary steps are:

  1. Spin a Linux server
  2. Run the install commands from here to install the web app and MongoDB (or configure this on a hosted platform)
  3. Update the server and point to the database server

Configuration

The next steps are to get the web app communicating with MongoDB and then tweaking the settings to your taste.  Start by following this guide.  I won’t walk you through every configuration possibility within Pritunl VPN but experiment with what works for you. 

Once you’re comfortable with your setup, you’ll need to enable access from the internet to your server through your firewall. You’ll need to open the ports for your Pritunl VPN server at a minimum.  And it’s also worthwhile reading this on securing your Pritunl environment before it becomes production.

At SolarBI, we’ve configured our Pritunl setup with the paid Enterprise plan, (less free) but offers extended authentication functionality.  We authenticate with Active Directory and run a few VPN servers (within Pritunl) for different sets of users.  These all attach within the same organisation, and it allows us to control routes for enhanced security.  We also use groups, a commercial SSL, custom web server and VPN Ports, two-factor authentication with DUO, and we use our own internal DNS for name resolution.

Pritunl provides a free (yes genuinely free) OpenVPN client for Pritunl.  It supports many client operating systems, has clean UI, and is straightforward to use.  Its as simple as downloading a user configuration profile, then importing this profile into the Pritunl VPN client.  Once you’re connected, you’ve now extended your organisation’s network to those working from home.

The Pritunl VPN Client now also supports Wireguard, a new lightweight VPN protocol still in development with a promising outlook.

We’ll leave it there.  My objective was to bring your attention to an impressive piece of software that we’ve used for years. It’s provided us with a stable and high performing VPN server for our team to access our network.

Spin it up and gain remote enterprise application access quickly for your organisation.  As always, stay safe during these challenging COVID times.

Share on whatsapp
Share on twitter
Share on linkedin
Share on email