Vultr

This section is for installing Pritunl Cloud on Vultr Bare Metal if you are using Azure or another provider skip to the next section.

Create VPC Network

First open the Network section of the Vultr web console and go to the VPC Networks section. Click Add VPC Network and select a Network Location.

Create Bare Metal Server

Pritunl Boot will be used to install the operating system on the Vultr Bare Metal server using iPXE. When installing the distribution either leave the Root Filesystem Size blank to use the full disk or use a 50GB root filesystem and create an encrypted XFS mount at /var/lib/pritunl-cloud with the remaining space. Follow the Pritunl Boot Vultr documentation to install Oracle Linux 10 or AlmaLinux 10 as the host operating system.

Install Pritunl Cloud

The Installation documentation has more information on the commands that will be run below. Refrence this for more information. This section also explains how to upgrade the MongoDB server. First install MongoDB inside Podman using the commands below.

sudo dnf -y install git-core podman

git clone https://github.com/pritunl/toolbox.git
cd toolbox/mongodb-container
sudo podman build --rm -t mongo .
cd

sudo mkdir /var/lib/mongo
sudo chown 277:277 /var/lib/mongo
sudo podman run -d --name mongodb --restart=always -e DB_NAME=pritunl-cloud -e CACHE_SIZE=1 --cpus 1 --memory 2g --user mongodb -v /var/lib/mongo:/data/db:Z -p 127.0.0.1:27017:27017 localhost/mongo

sleep 3
sudo cat /var/lib/mongo/credentials.txt

Then install and start Pritunl Cloud with the commands below. Pritunl Cloud will automatically read the credentials from the path above if it exists. If the MongoDB database is hosted in another way add the MongoDB URI to /etc/pritunl-cloud.json .

sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/almalinux/10/
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc
EOF

sudo dnf -y update

sudo dnf -y remove iptables-services
sudo systemctl stop firewalld.service
sudo systemctl disable firewalld.service

sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
sudo setenforce 0

sudo dnf -y install iptables net-tools ipset ipvsadm xorriso qemu-kvm qemu-img swtpm swtpm-tools
sudo dnf -y install pritunl-cloud
sudo systemctl enable --now pritunl-cloud

Configure Pritunl Cloud

First get the default password by running the command below. Then use this to login to the web console running on HTTPS port 443.

sudo pritunl-cloud default-password

In the Vultr bare metal server settings open the IPv6 settings. This information will be used in the next step.

Then open the IP Blocks tab in the Pritunl Cloud web console. Create a block for the public IPv6 addresses. Set the Network Mode to IPv6 and name the block. Then copy the Network from the previous step into the IPv6 Addresses and append the /64 CIDR. Then add the subnet and click Create.

Once the blocks have been configured open the node settings in the Nodes tab. Set the Network IPv6 Mode to Static. Remove the default pritunlhost0 internal interface then set Internal Interfaces to the internal interface and click Add Interface. This should display the private IPv4 address on the dropdown selection.

For the External IPv6 Block Attachments select the external interface. This interface should display the public IPv4 address on the dropdown selection. Then select the IP block that was created in the previous step.

Disable Default instance public IPv4 address and enable Default instance public IPv6 address. Then enable Jumbo frames internal option and disable Jumbo frames external.

Open the Datacenters tab and verify the Network Mode is set to VXLAN. Then set Jumbo Frames MTU to 8850.

Open the Authorities tab. These store SSH credentials that will be applied to instances based on matched roles. If an instance has a role that matches the authority role that SSH key will be added to the instance under the cloud username. The name of the authority does not change the username it will always be the cloud user. Select the pre-created authority and paste your public SSH key in the SSH Key field and click Save. When creating an instance or pod add the instance role to include this SSH key to allow for SSH access.

This completes the configuration for a Pritunl Cloud server on Vultr Bare Metal. The next section linked below will explain creating a pod. These sections assumes instance public IPv6 addresses are not available although with this configuration each instance will receive a public IPv6 address.

To provide public IPv4 addresses for instances repeat the previous steps adding a block for each reserved IP attached to the host. Set the Network IPv4 Mode to static and create a block attachment for each reserved IP block. All the bloock attachments should use the public interface.