# Install Pritunl Server

Below are several methods available for installing Pritunl.

### OpenVPN Authentication Errors

Newer OpenVPN clients may send the password in an encoded format. This format will not be recognized by the Pritunl server resulting in authentication errors. This issue has been fixed in an update and can be fixed by updating to the latest Pritunl package.

### SELinux Support

Pritunl includes full SELinux polices which cover both the main `pritunl` process and the isolated `pritunl-web` web server process. Running Pritunl with a Linux distribution that supports SELinux will significantly improve security. It is recommend to only use AlmaLinux, Rocky Linux or Red Hat Enterprise Linux for Pritunl servers. The first log message shown when the Pritunl server is started will indicate the SELinux context. It should look similar to the log message below, if it is none or unconfined the SELinux policy is not functioning.

```shell
[pritunl0][2018-12-16 07:45:03,406][INFO] Starting server
  selinux_context = "system_u:system_r:pritunl_t:s0"
```

### AlmaLinux

All development and testing of Pritunl software is done on Alma Linux and it is the recommended distribution to use for Pritunl software. It will provide the highest level of compatibility, reliability and security. If AlmaLinux isn't available Rocky Linux can be used which will provide good compatibility and full support for the SELinux profiles.

### Enterprise Clusters

If you intend on creating a Pritunl cluster with multiple hosts all the hosts will need to connect to the same MongoDB database. For cluster configurations it is best to have a dedicated server that is not running Pritunl for the MongoDB database. Single host configurations can run MongoDB with Pritunl on the same server.

### Recommended Instance Types

For the MongoDB database instances with high memory should be used. For Pritunl nodes high CPU with high base clock speeds are best, these are typically the AMD (C7a, C6a) instance types. For large deployments several small nodes with fewer connections per node is better then fewer larger nodes with more connections per node. For the best performance it is recommended to spend $0.50-$1.00 per concurrent connection each month on server costs. More information on AWS recommendations can be found in the [**Scaling**](https://docs.pritunl.com/kb/vpn/system/scaling) documentation.

### \[AWS] Amazon Linux Install

**Pritunl has full support and dedicated builds for Amazon Linux but support for the Pritunl SELinux profiles are only available on 1:1 RHEL distributions such as AlmaLinux or Rocky Linux. To install Pritunl with AlmaLinux on AWS refer to the next section.**

The AWS community AMI and marketplace sections contain public images that can be uploaded without any verification. These sections contain several packages with names containing Pritunl. Using these unverified images could compromise the security of the installation. Pritunl does not publish any AMIs or marketplace images.

After creating the EC2 instance SSH to the server with the username `ec2-user` and run the commands below to install Pritunl and MongoDB.

```shell
sudo tee /etc/yum.repos.d/mongodb-org.repo << EOF
[mongodb-org]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/amazon/2023/mongodb-org/8.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-8.0.asc
EOF

sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/amazonlinux/2023/
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc
EOF

sudo dnf -y update

sudo dnf -y install pritunl pritunl-openvpn wireguard-tools mongodb-org
sudo systemctl enable mongod pritunl
sudo systemctl start mongod pritunl
```

### \[AWS] AlmaLinux Install

Using AlmaLinux on AWS provides the benefit of supporting the SELinux profiles packaged with Pritunl. These SELinux policies help isolate the Pritunl web server process and provide better exploit protection. AlmaLinux is available for free in the AWS Marketplace labeled *AlmaLinux OS 9*.

```shell
sudo tee /etc/yum.repos.d/mongodb-org.repo << EOF
[mongodb-org-8.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/8.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-8.0.asc
EOF

sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/almalinux/9/
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc
EOF

sudo dnf -y update

sudo dnf -y remove iptables-services
sudo systemctl stop firewalld.service
sudo systemctl disable firewalld.service

sudo dnf -y install pritunl pritunl-openvpn wireguard-tools mongodb-org
sudo systemctl enable mongod pritunl
sudo systemctl start mongod pritunl
```

### \[Other Providers] AlmaLinux/Rocky Linux/RHEL

Run the commands below to install Pritunl on any other provider with AlmaLinux 9 or any other RHEL based distribution.

```shell
sudo tee /etc/yum.repos.d/mongodb-org.repo << EOF
[mongodb-org-8.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/8.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-8.0.asc
EOF

sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/almalinux/9/
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc
EOF

sudo dnf -y update

sudo dnf -y remove iptables-services
sudo systemctl stop firewalld.service
sudo systemctl disable firewalld.service

sudo dnf -y install pritunl pritunl-openvpn wireguard-tools mongodb-org
sudo systemctl enable mongod pritunl
sudo systemctl start mongod pritunl
```

### \[Other Providers] Ubuntu 24.04

**Older versions of Ubuntu have encountered issues with outdated OpenVPN builds. The Pritunl repository provides continuous testing and updates only for RHEL distributions to ensure future support. Future support with Ubuntu installations is not tested or guaranteed.**

Run the commands below to install Pritunl on any other provider with Ubuntu 24.04

```shell
sudo tee /etc/apt/sources.list.d/mongodb-org.list << EOF
deb [ signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse
EOF

sudo tee /etc/apt/sources.list.d/openvpn.list << EOF
deb [ signed-by=/usr/share/keyrings/openvpn-repo.gpg ] https://build.openvpn.net/debian/openvpn/stable noble main
EOF

sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb [ signed-by=/usr/share/keyrings/pritunl.gpg ] https://repo.pritunl.com/stable/apt noble main
EOF

sudo apt --assume-yes install gnupg

curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmor --yes
curl -fsSL https://swupdate.openvpn.net/repos/repo-public.gpg | sudo gpg -o /usr/share/keyrings/openvpn-repo.gpg --dearmor --yes
curl -fsSL https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc | sudo gpg -o /usr/share/keyrings/pritunl.gpg --dearmor --yes
sudo apt update
sudo apt --assume-yes install pritunl openvpn mongodb-org wireguard wireguard-tools

sudo ufw disable

sudo systemctl start pritunl mongod
sudo systemctl enable pritunl mongod
```

### OpenVPN Update

The Pritunl RHEL repositories provide the `pritunl-openvpn` package that replaces the `openvpn` package from the EPEL. This package provides a newer version of OpenVPN than is available on the EPEL. This package is currently required on RHEL distributions such as AlmaLinux due to the issue explained in [**RHEL Connection Fix**](https://docs.pritunl.com/kb/vpn/system/rhel-connection-fix). The command below will install the `pritunl-openvpn` package and replace the existing `openvpn` package.

```shell
sudo yum swap openvpn pritunl-openvpn
```

```shell
sudo yum --allowerasing install pritunl-openvpn
```

### Linux Repositories

Pritunl is packaged for several Linux distributions. All available distributions can be found on the [**Repositories**](https://docs.pritunl.com/kb/vpn/repositories) page.

### Configuration

[**Continue to Configuration**](https://docs.pritunl.com/kb/vpn/getting-started/configuration)