The guide walks you through installing Pritunl Enterprise VPN on Debian or Ubuntu using Docker, starting with updating the system and adding Docker to your user group. It pulls the latest Pritunl image, sets up a persistent data directory, runs the container exposing port 443 for both HTTPS management and VPN traffic, and waits until the internal PostgreSQL database is ready. After accessing the web UI you create a server profile—typically OpenVPN—and then generate client configuration files that can be loaded into any compatible Open‑VPN client. Finally, it suggests basic hardening steps such as limiting firewall access to port 443, enabling automatic updates, and using Docker’s restart policy to keep the service running after crashes.

Installing Pritunl Enterprise VPN Server on Debian and Ubuntu

If you’re looking to spin up a secure, enterprise‑grade VPN on your own servers, Pritunl is one of the few solutions that actually delivers without drowning you in configuration files. Below is a straight‑up, no‑frills recipe for getting it running on either Debian or Ubuntu.

Why go with Pritunl Enterprise?

I’ve seen small businesses swap out clunky corporate VPNs for Pritunl because it’s Docker‑friendly, auto‑updates itself, and lets you manage everything through a slick web UI. If your current setup feels like a maze of config snippets and you’re ready to stop guessing where the firewall should sit, this is worth a shot.

1. Prepare the host

Make sure your system is up to date and has Docker installed; Pritunl runs inside a container so you’ll need that first.

sudo apt update && sudo apt upgrade -y          # keep things fresh
sudo apt install -y docker.io                  # grab Docker if it’s missing
sudo usermod -aG docker $USER                 # allow non‑root usage of Docker
newgrp docker                                 # apply group changes without reboot

Why this matters – Pritunl itself is a container, so having Docker ready means you can pull the latest image and manage it with simple commands instead of fiddling with system services.

2. Pull the Pritunl Enterprise image

docker pull pritunl/pritunl:latest

> The latest tag always pulls the newest stable release, which includes security patches you don’t want to miss.

3. Create a persistent data directory

Pritunl stores its database and configuration files in /etc/pritunl. Docker needs that to survive container restarts.

sudo mkdir -p /etc/pritunl
sudo chown $USER:$USER /etc/pritunl

4. Run the Pritunl container

docker run --name pritunl \
  -d \
  -e TZ=America/New_York \                     # adjust to your time zone
  -p 443:443 \                                 # HTTPS for UI and VPN traffic
  -v /etc/pritunl:/var/lib/pritunl \           # persistent storage
  --restart unless-stopped \
  pritunl/pritunl:latest

Why expose port 443? The web interface, which you’ll use to configure clients and servers, sits on HTTPS. VPN traffic also rides over TLS/UDP on that same port.

5. Wait for the database

Inside the container, Pritunl will spin up PostgreSQL and seed its schema automatically. Give it a minute.

docker logs -f pritunl | grep "Server listening"

When you see “Server listening”, the UI is ready at https://your‑server-ip.

6. Access the web interface

Open a browser and navigate to the server’s IP or domain on port 443:

https://YOUR_SERVER_IP

The first time you hit it, Pritunl will ask for an admin password. Pick something that isn’t the same as your root password—yes, I know, cliché, but it’s a good habit.

7. Create your first VPN

1. Login with the credentials you set up.

2. Click “Add Server” and select OpenVPN (the most compatible choice).

3. In the server settings:

- Keep the defaults unless you have a specific requirement.

- Under Authentication, choose LDAP if you already have an LDAP directory, or leave at Local for a quick start.

4. Hit Save.

> I’ve seen people hit “Save” and then immediately forget to set up client profiles—don’t let that happen. Proceed to the next section.

8. Export and install a client profile

1. In your server’s page, click “Users” => Add User.

2. Provide an email or username; Pritunl will generate a .ovpn file for you.

3. Download that file to the device you want to connect from.

4. Open it with any OpenVPN client (or use the built‑in “Connect” button if your OS supports it).

If all goes well, you’ll get “Connection Established” and your traffic will now be routed through your new VPN tunnel.

9. Harden the setup

• Firewall: Allow only port 443 from trusted IPs if you’re hosting in a public cloud.

  sudo ufw allow 443/tcp

• Automatic updates: Pritunl’s container will pull new images when you run docker pull, but consider adding a cron job to keep it fresh.

10. Keep the container healthy

If your server crashes or Docker restarts, the --restart unless-stopped flag ensures Pritunl comes back up automatically. If you need to rebuild:

docker stop pritunl
docker rm pritunl
docker run …   # same command as above

That’s all there is to it. You now have a production‑grade VPN server that updates itself, scales with Docker, and gives you a clean web UI for everyday management.