# Pritunl — Enterprise VPN Server with Web Management

> Pritunl is an open-source VPN server that provides a web-based management interface for OpenVPN and WireGuard, making it straightforward to create and manage VPN networks.

## Install

Save in your project root:

# Pritunl — Enterprise VPN Server with Web Management

## Quick Use
```bash
# On Ubuntu/Debian
sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb https://repo.pritunl.com/stable/apt focal main
EOF
sudo apt-get update && sudo apt-get install pritunl
sudo pritunl start
# Open https://your-server-ip in a browser
```

## Introduction
Pritunl is a self-hosted VPN platform built on OpenVPN and WireGuard. It offers a clean web dashboard for managing users, servers, and organizations, removing the need to edit configuration files manually. It targets teams and businesses that want a private VPN without relying on a third-party service.

## What Pritunl Does
- Deploys OpenVPN and WireGuard VPN servers through a web UI
- Manages users, organizations, and multi-factor authentication from the dashboard
- Supports multi-server and multi-cloud VPN peering across regions
- Provides client profiles that users can import with one click
- Logs connection events and bandwidth usage per user

## Architecture Overview
Pritunl is written in Python and uses MongoDB as its configuration and session store. The web dashboard runs on a built-in HTTPS server. Each VPN server instance is managed as a subprocess, with Pritunl handling certificate generation, IP assignment, and routing rules. WireGuard and OpenVPN run side by side and can serve the same user base.

## Self-Hosting and Configuration
- Install from the official repository on Ubuntu, Debian, CentOS, or Amazon Linux
- Requires a MongoDB instance (local or hosted) for storing configuration
- Access the web UI on port 443 and complete the initial setup wizard
- Create an organization, add users, and attach them to a server
- Distribute generated .ovpn or WireGuard profiles to end users

## Key Features
- Supports both OpenVPN and WireGuard protocols on the same server
- Built-in two-factor authentication with TOTP and Duo integration
- Site-to-site VPN peering for linking cloud VPCs and on-premise networks
- Single sign-on via SAML, Okta, OneLogin, and Azure AD
- Horizontal scaling with linked servers across multiple hosts

## Comparison with Similar Tools
- **WireGuard (raw)** — lightweight protocol but no management UI; Pritunl adds user management and a dashboard
- **OpenVPN Access Server** — commercial product with similar features; Pritunl is open-source
- **Headscale** — self-hosted Tailscale control plane using WireGuard; Pritunl also supports OpenVPN and has a richer admin UI
- **Firezone** — WireGuard-only VPN with web UI; Pritunl supports both WireGuard and OpenVPN

## FAQ
**Q: Is Pritunl free?**
A: The core server is open-source and free. Enterprise features like SSO and advanced logging require a paid subscription.

**Q: Which VPN protocol should I choose?**
A: WireGuard offers better performance and lower latency. OpenVPN provides broader compatibility with older devices.

**Q: Can I run Pritunl in Docker?**
A: Community Docker images exist, though the official recommendation is native package installation for production.

**Q: How many users can a single server handle?**
A: A single Pritunl server can handle hundreds of concurrent VPN connections depending on hardware and bandwidth.

## Sources
- https://github.com/pritunl/pritunl
- https://pritunl.com

---
Source: https://tokrepo.com/en/workflows/asset-08ae5abc
Author: AI Open Source