5 comments

[ 6.5 ms ] story [ 27.3 ms ] thread
I self-host three VPNs to protect my infrastructure heavy startup https://quantale.io

I am a big fan of Pritunl which is opensource and provides network security with a lot of ease. I am in no way affiliated with them. I use Pritunl to limit access to servers and web applications for my different teams. For each user, you can generate a profile and assign the servers and port they have access to on the server. For eg:

- Only dev team can access ssh port(22) on stage server and not open to internet.

- Any one in the team can access stage version(port 443) for testing purpose.(Not open to internet)

- Only I can access all ports on all Prod servers(only 443 open to public)

What hackers can't see, they can't attack. Especially the port 22 on your servers should only be accessible to you and not the internet.

I self-host one instance each of OpenVPN and Wireguard with Pi-Hole which is then used to access my Pritunl Server adding extra layer of security.

Each of these 3 servers can be hosted on Hetzner $2/month instance. With a mere $6, you can add an extra layer of security to your infrastructure. Pritunl itself also provides subscription so that is also an option.

*Quantale is a stock market analytics tool that helps users discover trending stocks using real-time market sentiment from social media

pritunl appears to require MongoDB, that is off-putting and a little strange for a VPN server
the mongodb itself can be hosted with in the same server, I guess it's just a matter of choice when the developer developed it.
we moved from OpenVPN AS to PRITUNL and so far it has been good.

It has a few annoying quirks, but generally happy with it. Stability and reliability very good so far.

The documentation is frustratingly terse in places and does not clearly state which features are available in which license tiers.

The management interface being on the same port as the interface you use to onboard new users is annoying, especially when there is no 2FA available for the admin user unless you are on the most expensive plan, when security should be baked in from the start for even entry level use.

but otherwise pretty good.

I have been running/hosting Pritunl for myself and a few other organizations and so far no one has had any issue. I am currently using it to provide security to an organization and its 300 employees.

> especially when there is no 2FA available for the admin user

I host 2 other VPNS, one each instance of OpenVPN and Wireguard to secure my Pritunl setup. This way only I can access the Pritunl port 22 and the interface. I could just use one OpenVPN setup to do this but the other wireguard server acts as backup server to access the pritunl incase I loose access to OpenVPN server for some reason.