Major updates for Pritunl, Pritunl Zero and Pritunl Cloud have been made available on the stable repositories. These updates include new features and Pritunl Endpoint, a new endpoint monitoring and management system.
Pritunl v1.30, the Python 3 version of Pritunl is now on the stable repositories. This update remained on the unstable repositories for several months to ensure there were no compatibility issues when upgrading from the Python 2 version. No configuration changes are required when upgrading to the latest version. In addition to migrating the codebase to Python 3 several improvements have been made including a fix for the Lets Encrypt certificate issue. The previous Pritunl release contains the expired Lets Encrypt CA certificates and this update is required to configure a working Lets Encrypt certificate.
Pritunl and Pritunl Link have been updated to add host-to-host connection validation. These checks are used to handle network partitions and allow the host selection to select more suitable hosts in complex outages. This feature is disabled by default and can be enabled by selecting Host Checking in the link settings. All link hosts must first be updated before enabling this feature. There are no compatibility issues with running outdated link hosts on an updated Pritunl server. Hosts will need access to TCP port 9790 between all hosts for the validation check.
Automatic firewall management has also been added to Pritunl Link. This will automatically adjust iptables rules to restrict access to the IPsec ports to only the IP addresses of other hosts. These rules will be automatically updated as hosts are added and removed or when a host IP changes. This allows configuring the link hosts external firewall to allow all IP addresses to access the IPsec ports then letting the Pritunl Link client permit access only to specific IP address. This supports use cases where the link hosts have frequent IP address changes without compromising strong firewall security.
These new features are documented in the Pritunl Link documentation.
Pritunl Endpoint is a new endpoint monitoring and management system added to Pritunl Zero. This initial release will only handle monitoring a few system metrics which will be graphed in the Pritunl Zero web console. This new platform will be used to build additional endpoint management, monitoring and security features. Currently only Linux hosts are supported, additional operating system support will be added in the future. A tutorial for Pritunl Endpoint is available in the documentation.
Several new features have been added to Pritunl Cloud and the initial configuration process has been significantly improved.
Pritunl Cloud Builder
Pritunl Cloud Builder has been released to automate the installation process. This will automatically install and optimize the host for running Pritunl Cloud. It is the fastest way to run Pritunl Cloud for single host configurations.
Vultr Bare Metal Automated Installation
The Pritunl Cloud Builder has been tested with Vultr Bare Metal and a new node initialization dialog has been added to quickly configure nodes running on Vultr Bare Metal. Pritunl Cloud can now be installed and configured on Vultr Bare Metal with only a few commands. A tutorial is available in the documentation.
A VNC client is now available from the Pritunl Cloud web console to quickly debug or manage instances. The VNC server is handled with a WebSocket that is proxied through the Pritunl Cloud web server. This allows the VNC client to function without opening additional ports and all VNC connections are authenticated using the Pritunl Cloud web session instead of a VNC username/password. For single host configurations running on non-private networks a node firewall should first be configured to block external access to the QEMU VNC port.
pritunl-cloud backup /mnt/destination has been added to export all local data such as instance disk images to a destination folder. This backup command uses the QEMU live backup to export consistent disk images from running instances.
UEFI and Secure Boot
By default new instances will now use UEFI and Secure Boot to improve the security of instances. Official UEFI instance images have also been made available in addition to non-UEFI images.
The instance networking system has been redesigned to support running Pritunl Cloud without requiring a network bridge to be configured on the host. The node network configuration has also been significantly improved and will automatically adjust to running with or without a network bridge.
Passthrough support for PCI devices is now available. This will allow running instances with direct access to the GPU on the server.
Support for USB passthrough is now available. This will allow supporting use cases requiring the instance to directly access USB devices. Additionally USB devices can be added or removed from running instances without requiring the instance to restart.
Any ISO images added to
/var/lib/pritunl/isos/ will be shown in the instance settings and will be available to be attached to the instance. This allows installing other operating systems in combination with the VNC client.
iSCSI Disk Support
iSCSI disks can now be directly attached to instances from the instance settings in the web console.
Direct Disk Passthrough
Physical disks can now be directly attached to instances to support use cases such as file servers.
Instance disks can now be quickly resized without needing to clone the disk image. This will reboot the instance and the instance will then automatically expand the partition.