Hi,
Due to several reasons we are using Fedora Silverblue in our company. We would like to switch to Pritunl however, I did not find any information in your website on installing Pritunl on Fedora Silverblue!
It would be great if you would be able to publish your client on Flathub for example, so that we can easily install your client from any distro.
There’s currently no plans on packaging it on Flathub. A custom build system is used to package all the Pritunl software for Linux and it would require significant changes to add Flathub support.
If you only want the CLI it only requires Go. This can be built and installed using the commands below. The build process for the GUI version is more complex, the build file is available in the pritunl/pritunl-pacur repository.
sudo dnf -y install git-core golang openvpn wireguard-tools
GOPATH="~/go" go install -v github.com/pritunl/pritunl-client-electron/service@latest
GOPATH="~/go" go install -v github.com/pritunl/pritunl-client-electron/cli@latest
sudo cp /home/cloud/go/bin/service /usr/local/bin/pritunl-client-service
sudo cp /home/cloud/go/bin/cli /usr/local/bin/pritunl-client
sudo tee /etc/systemd/system/pritunl-client.service << EOF
[Unit]
Description=Pritunl Client Daemon
[Service]
ExecStart=/usr/local/bin/pritunl-client-service
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable --now pritunl-client
Thank you for your reply.
That is the problem here, Fedora Silverblue does not use DNF package manager.
It has a layered package manager called rpm-ostree. This is really sad to see it. Immutable distros are great for Enterprise environments. Then we should be looking for an alternative solution.
Thank you anyways.
I may in the future start using Flatpak and then start publishing packages to it. The Pritunl Client requires a background service with system network access. It would require extensive changes to the client to run inside a Flatpak container.
But the issue with almost all Flatpak packages and Flatpak in general is without extensive changes it isn’t really achieving any additional system security. Almost all the packages have nearly the same permissions the software would have before Flatpak. I started running desktop software in containers and Xephyr 10 years ago with custom scripts. But desktop performance and virtualization has improved significantly since then and I transitioned to isolating software into QEMU/KVM virtual machines. I currently run a RHEL 10 desktop with 6 Fedora virtual machines using Pritunl Cloud, a QEMU GTK build and clipboard sharing. This provides true isolation between different groups of software and required file access.
I completely understand your point.
Having VPN clients to work as a Flatpak package is not that easy.
We are also using Mullvad for instance, and for Mullvad we found a solution on this website:
Of course it is not the cleanest way. Because for each update we have to remove the software, reboot, and then install it again. But it works!
If you can offer such a solution till you move to a Flatpack package, it would be great. In Fedora Silverblue, repositories are completely removed from the package manager. Therefore, we can only install .rpm files as it is explained in the above website. So I think it would be great if you can publish the .rpm file in addition to the repo so that we can test it.
I also noticed an another issue, I am not sure if this is the right topic to talk about it. When we connect to the VPN via WireGuard, our main DNS is still leaking. Could you please recommend a way to avoid it? Maybe I have missed something in the configurations.
Thank you for your support.
There are still a lot of DNS configurations that don’t work on Linux. It will depend on the support of what DNS system the Linux distribution is using.
Check that the DNS server is shown in sudo cat /etc/wireguard/wg0.conf and verify the DNS server is included in the server routes.