I am doing a research project related to affordable security. This is irrelevant when it comes to the issue, but I think it is important for the society as a whole. Nowadays privacy is under attack, hacking and social hacking is commonplace, phishing attacks are constant. The existing VPN providers can barely be trusted, especially when it comes to high-value targets (e.g. political dissidents, celebrities, finance and business actors). My goal is having a fully hosted VPN service at a minimal cost. Most of the SBC’s are ARM based and can run the latest LTS Ubuntu releases.
I have been experimenting with deploying Pritunl Server and, since there is no existing package for ARM64, I tried using 2 guides to build the stack. First guide is an old one: https://opensource.com/article/19/1/pritunl-vpn-raspberry-pi
Second one is from the github readme about installing Pritunl from source.
Unfortunately whatever approach I take, the build fails with errors. Some errors are related to the Go package, some are related to the newest Python versions and some fail due to dependency conflicts. I tried both Ubuntu 20.04 and Ubuntu 22.04, Python 2.7 and Python 3.10, etc. After spending a day on this issue I understand that I need your guidance.
I was wondering if it would be possible to create a guide for Installing From Source on Ubuntu. I will try helping as much as possible when it comes to documentation and testing.
Please let me know if you have experience with something similar!
It’s unlikely a Raspberry Pi will have enough resources to run the MongoDB server and the Pritunl server. The ARM servers available from cloud providers will be slower than x86 due to AES-NI being available in x86 and the improved single thread performance of x86.
There shouldn’t be anything preventing building pritunl-web and pritunl-dns with Golang. Golang is available on ARM and there are no CGO modules used.
For security reasons the hashes of all Python PyPI requirements are set in
requirements.txt, these hashes will likely need to be removed when building on other platforms.
The build files for Pritunl are available in the pritunl/pritunl-pacur repository. There are some platform specific patches such as the removal of
dataclasses on Ubuntu from the PyPI requirements with the line
sed -i -e '/^dataclasses==0.8/,+2d' requirements.txt.
I am actually using the latest OrangePi5 for testing and the performance does seem promising. I will come back with a more detailed feedback after a thorough testing.
Here’s what I have so far:
wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | gpg --dearmor | sudo tee /usr/share/keyrings/mongodb.gpg > /dev/null
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
sudo apt update && sudo apt install mongodb-org
sudo systemctl start mongod && sudo systemctl enable mongod
sudo apt install python3 python3-distutils net-tools openvpn openssl iptables ipset ca-certificates psmisc gcc python3-dev python3-setuptools python3-virtualenv libssl-dev libffi-dev golang-go
mkdir pritunl && cd pritunl
tar xf 1.30.3388.46.tar.gz && rm 1.30.3388.46.tar.gz
tee -a ~/.bashrc << EOF
sed -i "s/’/'/" LICENSE
sed -i -e '/^dataclasses==0.8/,+2d' requirements.txt
virtualenv --python=python3 /usr/lib/pritunl
/usr/lib/pritunl/bin/pip install -U pip
/usr/lib/pritunl/bin/pip install -U setuptools
/usr/lib/pritunl/bin/python setup.py build
/usr/lib/pritunl/bin/pip install --require-hashes -r requirements.txt
go install github.com/pritunl/pritunl-dns@latest
go install github.com/pritunl/pritunl-web@latest
sudo ln -s ~/go/bin/pritunl-dns /usr/bin/pritunl-dns
sudo ln -s ~/go/bin/pritunl-web /usr/bin/pritunl-web
sudo /usr/lib/pritunl/bin/python setup.py install
sudo systemctl start pritunl && sudo systemctl enable pritunl
The only thing I’m missing is the pritunl cli. In order to run the setup, I had to do
sudo /usr/lib/pritunl/bin/pritunl setup-key
sudo /usr/lib/pritunl/bin/pritunl default-password
Installing Go from the Ubuntu repositories will likely not work, the release is incompatible with newer codebases. The parameter
--require-hashes may need to be removed from the PyPI command.
Just to be clear - the app is perfectly functional, from what I’ve tested so far.
The only thing missing is “pritunl” cli shortcut.
Would --require-hashes help with this?
The command is available in
/usr/lib/pritunl/bin/pritunl. This can be linked to the
/usr/bin directory to make it available to the system.