Skip to content

OCI VPN Server PriTunl for clients

Sometimes you need more than a bastion for reaching your cloud resources. Bastions are great for SSH and RDP tunneling but really more limited to admins and administration. Of course site to site can be solved with OCI CPE and tunnels between colo/client networks.

There are several options for VPN servers and I use LibreSwan for testing site to site OCI tenancy VPN tunnels. LibreSwan could also work in a case of many users needing access to cloud resources but it is not easy to administer users etc.

So this time I tried a product called pritunl ( )

You should be able to use normal OpenVPN and I think even IPsec clients to connect. Pritunl also provide clients but ideally you should just be able to use anything generic.

Admin can easily add users and send an import file which includes your cert etc.. For me this worked well under Linux just using the generic network manager openvpn plugin but I need to verify Windows and Macs also.

$ sudo -s
# tee -a /etc/yum.repos.d/mongodb-org-3.4.repo << EOF
> [mongodb-org-3.4]
> name=MongoDB Repository
> baseurl=
> gpgcheck=1
> enabled=1
> gpgkey=
name=MongoDB Repository

# tee -a /etc/yum.repos.d/pritunl.repo << EOF
> [pritunl]
> name=Pritunl Repository
> baseurl=
> gpgcheck=1
> enabled=1
name=Pritunl Repository

# yum -y install epel-release

# grep disabled /etc/selinux/config 
#     disabled - No SELinux policy is loaded.

# gpg --keyserver hkp:// --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
# gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
# yum -y install pritunl mongodb-org

# systemctl start mongod pritunl
# systemctl enable mongod pritunl
Created symlink from /etc/systemd/system/ to /etc/systemd/system/pritunl.service.

Connect to web interface...

# firewall-cmd --zone=public --permanent --add-port=12991/udp
# systemctl restart firewalld

On VPN Server Removed route and add
Install network-manager-openvpn on my Linux desktop and import file exported on vpn server
Connect to VPN server

# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=46.4 ms

$ ssh -I /media/ssh-keys/OBMCS opc@
Last login: Fri Dec 15 16:50:24 2017
Published inOCIOracleOracle Bare Metal Cloud ServicesVPN