Pritunl - Enterprise VPN Server

7 min read Original article ↗

Open Source Enterprise VPN Server

Enterprise Distributed OpenVPN WireGuard and IPsec Server

Virtualize your private networks across datacenters and provide simple remote access in minutes.

Simple Virtual Private Networks

Create a cloud vpn with complex site-to-site links, gateway links and provide local network access to remote users. Protect your network traffic and remote users connecting over public connections with secure encryption. All from a simple web interface.

Protected Datacenter

Multi-Cloud VPC Peering

Create multi-cloud WireGuard or IPsec site-to-site links with Pritunl Link. Available for AWS, Google Cloud, Azure, Oracle Cloud, Pritunl Cloud and Hetzner.

Explore VPC Peering Features

The Most Secure VPN Server

Pritunl provides innovative security features not available from any other provider. Including TPM and Apple Secure Enclave device authentication, a dynamic firewall, SELinux policies, dual web server design and self shutdown notification system.

Explore Security Features

Platform and Device Support

Pritunl supports all OpenVPN clients. Use the Pritunl Client on macOS, Windows and Linux for full functionality with support for both OpenVPN and WireGuard. Support for Chrome OS OpenVPN profiles also available.

Explore Platform Support

AWS VPN Server

Interconnect AWS VPC networks across AWS regions and provide reliable remote access with automatic failover that can scale horizontally.

Explore AWS Integration

Single Sign-On

Securely deploy remote access to thousands of users using their existing company account with support for several single sign-on providers.

See All Supported Providers

Plugin System

Highly customizable Python plugin system to allow expanding and modifying Pritunl. Plugins can be created to support custom authentication systems and custom access control systems.

Learn More About Plugins

Distributed and Scalable

Scale Easily
Pritunl servers can be easily distributed across multiple servers and different datacenters for improved performance, high availability and automatic failover when an instance fails.

Simple Distribution
All server communication and interconnecting is done with MongoDB allowing servers to be quickly connected without having to modify firewalls for inter-server communication.

High Availability
All Pritunl servers are equal in the cluster and can run independently in the event of other instances failing.

Pritunl Distributed Cluster

Self Hosted and Reliable

A self hosted VPN platform with over 10 years of proven reliability and security, trusted by thousands of organizations worldwide.

Explore Security Features

Open Source

All source code for Pritunl is publicly available on GitHub, allowing for complete transparency, community contributions and full customization to fit your environment.

Free to Use

Free and open source alternative to commercial VPN products such as Aviatrix, Pulse Secure and AnyConnect. Get started immediately with no registration or credit card required.

Easy Configuration

Manage users, servers and organizations from an intuitive web interface. Quickly handle complex multi-server configurations and large deployments without touching config files.

Security

All traffic between clients and servers is encrypted. Support for two-step authentication with TOTP, push notifications and device authentication using TPM and Secure Enclave.

Multiple Protocols

Support for both OpenVPN and WireGuard client connections. WireGuard and IPsec are used for high performance site-to-site links and VPC peering between datacenters.

REST API

Fully integrate Pritunl into your existing infrastructure and CI/CD pipelines using the REST API. Automate user provisioning, server management and configuration changes.

Connect Infrastructure

Provide secure remote access to your corporate infrastructure for users across your organization and interconnect sites.

Explore Infrastructure Features

WireGuard and IPsec Links
Create high performance site-to-site links between datacenters and on-premise networks using WireGuard and IPsec with support for both hub-and-spoke and mesh topologies.

Replication and Automated Failover
All servers in the cluster operate as equal peers with no single point of failure. When an instance fails, connected clients are automatically routed to a healthy node with no manual intervention.

Advanced Auditing
Capture detailed audit events in structured JSON format for integration with SIEM systems. Track user connections, authentication events and configuration changes across the entire cluster.

Open Source Alternative

Pritunl is the best open source alternative to proprietary commercial vpn products such as Aviatrix, Ivanti Secure Access, Pulse Secure and AnyConnect. Create larger cloud vpn networks supporting thousands of concurrent users and get more control over your vpn server without any per-user pricing.

Explore GitHub Repository

Ivanti Secure Access Alternative

Lower cost and more customizable alternative to Ivanti Secure Access with transparent pricing.

OpenVPN Access Server Alternative

Open source low cost alternative to OpenVPN Access Server with no per-user pricing.

Tailscale Alternative

Lower cost and more customizable WireGuard server alternative to Tailscale.

Single Sign-On

Securely deploy remote access to thousands of users using their existing company account with support for several single sign-on providers and protocols.

Explore Single Sign-On Features

Pricing

Simple per-host pricing with unlimited users and connections on every plan.

Community

Free

Single server with unlimited users.

  • Single server

    Run a single Pritunl instance

  • Unlimited users

    No limit on the number of users created or users connected

  • Unlimited devices

    No limit on the number of devices that each user has connected

Enterprise

$70/month

All Premium features plus SSO, failover and site-to-site links.

  • All Premium features

    All of the features included with a Premium subscription

  • Billing per host

    Each Pritunl host is billed at $70/month. The host can contain an unlimited number of VPN servers and unlimited number of users or connections

  • Single sign-on

    Single sign-on with SAML, Google Apps, Duo Security and Radius

  • TPM device authentication

    Device authentication with TPM and Apple Secure Enclave

  • Automatic failover

    When a Pritunl instance fails the vpn servers running on the instance will automatically failover to another available Pritunl instance

  • Replicated servers

    Replicate a vpn server across multiple Pritunl instances to easily scale horizontally to handle more user connections

  • VXLan support

    Automatic VXLan management for replication across availability zones without layer 2 connectivity while still maintaining client-to-client communication

  • AWS VPC integration

    Integrate with AWS VPC to allow Pritunl to dynamically control the VPC routing table

  • Site-to-site VPN

    Easily create a site-to-site link between two Pritunl instances without any complicated configuration

  • Server route NAT control

    Enable or disable NAT for server routes

  • DNS mapping

    Map connected vpn clients to dns domains such as user0.org0.vpn using a custom dns server that runs along with the Pritunl server

  • DNS forwarding

    Forward dns queries to a dns server on a remote network such as a consul server on an AWS VPC

  • Monitoring

    Monitor server and user metrics with InfluxDB

  • Advanced auditing

    Optional advanced auditing of user and administrator related events for improved security and intrusion detection

  • Bridged VPN mode

    Create tap servers that bridge the vpn clients to the servers local network interface. Allowing vpn clients to get an ip address on the servers local network

  • Multiple administrators

    Allow multiple administrators to manage the Pritunl server

  • User pin policy

    Control over requiring users to set a pin before they are able to connect to a vpn server

  • Plugin system

    Integrate Pritunl with other systems using plugins written in Python

  • API access

    Manage Pritunl cluster using RESTful API with support for multiple API keys

  • IPsec site-to-site links

    Site-to-site links with IPsec using pritunl-link client. Link client does not require database connection

  • Multi-Cloud VPC peering

    Simple VPC peering and hybrid cloud with Pritunl link client

  • Automated link failover

    Link failover with automated routing table management and automated port forwarding for Unifi links

Subscribe

Premium

$10/month

Per-host billing with advanced features.

  • Billing per host

    Each Pritunl host is billed at $10/month. The host can contain an unlimited number of VPN servers and unlimited number of users or connections

  • Unlimited users

    No limit on the number of users created or users connected

  • Unlimited devices

    No limit on the number of devices that each user has connected

  • Port forwarding

    Forward ports to vpn clients

  • Gateway links

    Create a gateway link to route traffic for a local network to a vpn client. Allowing the vpn clients to access the remote network that is available to the linked vpn client

  • Failover gateway links

    Connect multiple gateway links to a Pritunl server and when a link goes down another available link will automatically be used

  • Bypass secondary auth

    Per-user option to bypass secondary authentication such as two-factor authentication. For server users that can't provide a two-factor code

  • Chromebook support

    Easily connect Chromebook users with ChromeOS compatible vpn profiles

  • Configuration sync

    When clients connect with a Pritunl client, vpn setting changes such as port/protocol will be updated to allow the client to connect without needing to download a new configuration

  • Email user keys

    Email users a link to download vpn profiles using a configured SMTP server

  • Additional themes

    Change the interface to light or dark theme

Subscribe

Installation

Select your distribution to view installation instructions.

Arch Linux

sudo tee -a /etc/pacman.conf << EOF
[pritunl]
Server = https://repo.pritunl.com/stable/pacman
EOF

curl -fsSL https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc \
  | sudo pacman-key --add -
sudo pacman-key --lsign-key 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo pacman -Sy
sudo pacman -S --noconfirm pritunl wireguard-tools

sudo systemctl enable mongodb pritunl
sudo systemctl start mongodb pritunl

OpenVPN and WireGuard Client

Free and open source cross platform OpenVPN and WireGuard client. Connect to any OpenVPN server with a secure open source client. Additional integration available when connecting to a Pritunl server. Free and open source alternative to Viscosity.

Pritunl Client

Client Installation

Select your distribution to view client installation instructions.

Arch Linux

sudo tee -a /etc/pacman.conf << EOF
[pritunl]
Server = https://repo.pritunl.com/stable/pacman
EOF

curl -fsSL https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc \
  | sudo pacman-key --add -
sudo pacman-key --lsign-key 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo pacman -Sy
sudo pacman -S --noconfirm pritunl-client-electron