How to Set Up an Enterprise-Grade VPN Quickly with KeepSec
Introduction
In today’s world, secure remote access to company resources is essential, especially with distributed teams and cloud-based infrastructure. Setting up a Virtual Private Network (VPN) provides a secure, encrypted tunnel for your data, protecting it from prying eyes. At KeepSec, we make it simple to deploy Pritunl, a robust and flexible VPN solution, with a few straightforward steps.
In this guide, we'll go through each step, from selecting a server to configuring your VPN, allowing you to set up an enterprise-grade VPN in no time.
What is Pritunl VPN?
Pritunl is an open-source VPN server offering high-grade security and scalability. Designed for simplicity and flexibility, Pritunl supports multiple VPN protocols and allows users to connect easily with clients like OpenVPN and WireGuard.
Pritunl VPN Plans
Pritunl offers three tiers to suit various needs, including a Free tier and two paid options: Premium and Enterprise. While the free plan is more than adequate for most companies, it’s always good to see how your VPN can evolve as your business grows. Here’s an overview of each tier:
Free Tier
- Single VPN Server: Allows setup of one VPN server, ideal for small teams or personal use.
- Unlimited users and Unlimited devices: No restrictions on the number of users or devices that can connect.
- WireGuard and OpenVPN compatibility: Supports both WireGuard and OpenVPN protocols for secure connections.
- Easy-to-use Dashboard: Intuitive dashboard with robust user management features.
- Tunable VPN server route: Offers flexibility in configuring VPN routing according to specific needs.
Premium Plan – $10/month
- Billing per host: Charges based on the number of hosts, allowing flexible cost management.
- Unlimited users and Unlimited devices: No restrictions on user or device numbers.
- Port forwarding and Gateway links: Enables specific port forwarding and multi-gateway support.
- Failover gateway links: Ensures connectivity with automatic failover for gateway links.
- Configuration sync: Synchronizes configuration across devices.
- Chromebook support: Compatibility with Chromebook devices.
- Bypass secondary authentication: Option to bypass secondary authentication in specific cases.
- Email user keys: Allows emailing VPN keys to users for easy setup.
- Additional themes: Customizable interface themes for personalization.
Enterprise Plan – $70/month
Includes all Premium features, plus advanced capabilities for larger organizations:
- Single sign-on (SSO) and TPM device authentication: Enhances security with SSO and Trusted Platform Module (TPM) support.
- Automatic failover and Replicated servers: High availability with failover and server replication.
- VXLan support and AWS VPC integration: Expands network compatibility with VXLan and AWS VPC.
- Site-to-site VPN and Server route NAT control: Supports secure site-to-site connections and NAT control.
- DNS mapping and DNS forwarding: Advanced DNS configuration options.
- Monitoring and Advanced auditing: Tools for tracking VPN usage and enhancing security.
- Bridged VPN mode and Multiple administrators: Options for network bridging and multi-admin setups.
- User pin policy and Plugin system: Enhanced control with PIN policies and plugins.
- IPsec site-to-site links: Secure connections between sites using IPsec.
- Multi-Cloud VPC peering and Automated link failover: Robust cloud compatibility with failover options.
- API access: Allows integration with external systems.
- Long-term subscriptions: Subscription flexibility with potential savings.
Step-by-Step Guide: Installing Pritunl on KeepSec's Cloud
1. Create a VPS on KeepSec Cloud
Start by creating a VPS instance in your KeepSec account. This VPS will serve as your Pritunl VPN server.
2. Install Pritunl Using KeepSec’s Blueprint
- Go to the Manage section of your VPS.
- Navigate to the Blueprints tab.
- Select the Pritunl Blueprint and confirm by clicking Yes, Install.
- After installation begins, copy the console output to keep a record of any important information, especially your initial access credentials.
3. Configure the Networking
- Return to the Manage section and open the Networking tab.
- Open the following ports to ensure VPN connectivity:
- 80/tcp and 443/tcp for HTTPS access.
- 1194/tcp and 1194/udp for OpenVPN.
- 1195/udp for WireGuard.
4. Set Up Your Domain for Easy Access
- Log in to your DNS provider and create an A record for
vpn.your_domain.com
, pointing to your VPS IP address. - This will allow users to access the VPN via
vpn.your_domain.com
.
5. Access the Pritunl Web Interface
- After installation, visit the URL provided in the console output to access the Pritunl web interface.
- Log in with the initial credentials you copied during installation.
6. Configure Admin and Domain Settings
- Once logged in, change the default password to a secure one.
- Set the domain to
vpn.your_domain.com
in the configuration to ensure consistent access for users.
- Log back in with the new credentials.
7. Setting Up Organizations and Users
- In the Users tab, create a new Organization. This grouping helps manage user access easily.
- Add as many users as needed under the User tab within the organization.
8. Configure the VPN Server
- Go to the Servers tab and add a new server for your VPN:
- Expand the advanced settings to configure options.
- Set a name for the server (e.g., "Company VPN").
- Enable DNS Routing (recommended for full traffic tunneling).
- Enable WireGuard for enhanced performance and security.
- Set the following parameters:
- Port: 1194, Protocol: UDP
- WireGuard Port: 1195
- DNS Server: Enter your preferred DNS, such as Cloudflare’s
1.1.1.1
or Google’s8.8.8.8
. - DH Param Bits: Set this to 2048 (or 4096 for greater security, though this increases setup time).
- HASH Algorithm: Set to SHA-512 for enhanced security.
- Max Clients: Define based on your usage needs.
- Restrict Routing: Check this option to limit routing to VPN-only traffic.
- Save the server configuration and attach the organization you created earlier to this server.
- Wait for the DH parameters to finish generating.
- Start the server once it’s ready.
9. Distribute VPN Profiles to Users
- Return to the Users tab to retrieve VPN connection links.
- We recommend using the Temporary URL option to generate profile links, which will expire after 24 hours.
- Send these links to your users so they can download the Pritunl client, set up a PIN, and download their VPN profile securely.
Here is what looks like the URL you will send to your clients:
Step-by-Step Guide: How can a client connect to the VPN
In this example, we’ll use the Pritunl Client, which supports OpenVPN and WireGuard connections. The client’s profile import functionality makes setup fast and easy.
1 - Open the Pritunl Client after installation.
2 - Click on Import Profile URI
3 - Paste the URI you got from your VPN administrator
4 - Click the VPN profile’s menu (Hamburger icon) to open additional options.
5 - Connect to the VPN. We recommend using the WireGuard option, as it generally provides better performance than OpenVPN.
Conclusion
With KeepSec's cloud platform, setting up an enterprise-grade VPN is seamless and secure. Pritunl’s flexibility combined with KeepSec’s infrastructure provides the perfect balance of security, scalability, and ease of use. Whether you need a VPN for a small team or an enterprise, KeepSec and Pritunl have you covered.
If you’re ready to secure your data and keep unauthorized access at bay, follow the steps above and start your VPN journey today!