Turn a Raspberry Pi 3B+ into a PriTunl VPN

PriTunl is a VPN solution for small businesses and individuals who want private access to their network.
261 readers like this.
Raspberries with pi symbol overlay

Dwight Sipler on Flickr

PriTunl is a fantastic VPN terminator solution that's perfect for small businesses and individuals who want a quick and simple way to access their network privately. It's open source, and the basic free version is more than enough to get you started and cover most simple use cases. There is also a paid enterprise version with advanced features like Active Directory integration.

Special considerations on Raspberry Pi 3B+

PriTunl is generally simple to install, but this project—turning a Raspberry Pi 3B+ into a PriTunl VPN appliance—adds some complexity. For one thing, PriTunl is supplied only as AMD64 and i386 binaries, but the 3B+ uses ARM architecture. This means you must compile your own binaries from source. That's nothing to be afraid of; it can be as simple as copying and pasting a few commands and watching the terminal for a short while.

Another problem: PriTunl seems to require 64-bit architecture. I found this out when I got errors when I tried to compile PriTunl on my Raspberry Pi's 32-bit operating system. Fortunately, Ubuntu's beta version of 18.04 for ARM64 boots on the Raspberry Pi 3B+.

Also, the Raspberry Pi 3B+ uses a different bootloader from other Raspberry Pi models. This required a complicated set of steps to install and update the necessary files to get a Raspberry Pi 3B+ to boot.

Installing PriTunl

You can overcome these problems by installing a 64-bit operating system on the Raspberry Pi 3B+ before installing PriTunl. I'll assume you have basic knowledge of how to get around the Linux command line and a Raspberry Pi.

Start by opening a terminal and downloading the Ubuntu 18.04 ARM64 beta release by entering:

$ wget http://cdimage.ubuntu.com/releases/18.04/beta/ubuntu-18.04-beta-preinstalled-server-arm64+raspi3.img.xz

Unpack the download:

$ xz -d ubuntu-18.04-beta-preinstalled-server-arm64+raspi3.xz

Insert the SD card you'll use with your Raspberry Pi into your desktop or laptop computer. Your computer will assign the SD card a drive letter—something like /dev/sda or /dev/sdb. Enter the dmesg command and examine the last lines of the output to find out the card's drive assignment.

Be VERY CAREFUL with the next step! I can't stress that enough; if you get the drive assignment wrong, you could destroy your system.

Write the image to your SD card with the following command, changing <DRIVE> to your SD card's drive assignment (obtained in the previous step):

$ dd if=ubuntu-18.04-beta-preinstalled-server-arm64+raspi3.img of=<DRIVE> bs=8M

After it finishes, insert the SD card into your Pi and power it up. Make sure the Pi is connected to your network, then log in with username/password combination ubuntu/ubuntu.

Enter the following commands on your Pi to install a few things to prepare to compile PriTunl:

$ sudo apt-get -y install build-essential git bzr python python-dev python-pip net-tools openvpn bridge-utils psmisc golang-go libffi-dev mongodb

There are a few changes from the standard PriTunl source installation instructions on GitHub. Make sure you are logged into your Pi and sudo to root:

$ sudo su -

This should leave you in root's home directory. To install PriTunl version 1.29.1914.98, enter (per GitHub):

export VERSION=1.29.1914.98
tee -a ~/.bashrc << EOF
export GOPATH=\$HOME/go
export PATH=/usr/local/go/bin:\$PATH
source ~/.bashrc
mkdir pritunl && cd pritunl
go get -u github.com/pritunl/pritunl-dns
go get -u github.com/pritunl/pritunl-web
sudo ln -s ~/go/bin/pritunl-dns /usr/bin/pritunl-dns
sudo ln -s ~/go/bin/pritunl-web /usr/bin/pritunl-web
wget https://github.com/pritunl/pritunl/archive/$VERSION.tar.gz
tar -xf $VERSION.tar.gz
cd pritunl-$VERSION
python2 setup.py build
pip install -r requirements.txt
python2 setup.py install --prefix=/usr/local

Now the MongoDB and PriTunl systemd units should be ready to start up. Assuming you're still logged in as root, enter:

systemctl daemon-reload
systemctl start mongodb pritunl
systemctl enable mongodb pritunl

That's it! You're ready to hit PriTunl's browser user interface and configure it by following PriTunl's installation and configuration instructions on its website.

User profile image.
I am a professional systems administrator specialising in Unix and Linux Systems. Since the early 90's I have worked with Enterprise Networking, Unix Systems, Network/Systems Security & Web Technologies, I've even learnt a thing or two about Windows.


Any advantages over the very easy setup of OpenVPN using PiVPN (http://www.pivpn.io/)?

I've not used PiVPN, but from what I can see it's just a simple command line tool. PriTunl gives you a web BUI, and there are advanced functions like Active Directory integration if you subscribe to the Enterprise version.

In reply to by Martin

Neat but unless you have an aes-ni processor you're going to suffer bandwidth loss.

Would there be a performance hit by only having the one ethernet port on the 3B+? Would it have better performance to add a USB-to-ethernet adapter to split the internal vs external networks? Or, is it likely that the CPU would be the bottleneck?

Sure you could do that, PriTunl uses NATting rather than a network route. What I have noticed is that the bottle neck tends to be the users internet connection rather than the Pi.

In reply to by Ethan Moe (not verified)

Looks like you now require `libssl-dev` in the list of packages in order for Cryptography to build.

I have followed your instructions but pritunl-web is not loading.

Check the status of the service with systemctl status pritunl.service

In reply to by Manap (not verified)

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.