Connecting to Pritunl VPN

Purpose#

This procedure describes the steps to connect to a TSP Pritunl VPN, a user-friendly open-source VPN server and client.

Procedure#

Preparation#

1. IT Ops Team will provide the following credentials via Bitwarden Share Link connect to Pritunl Link:

   1. VPN Link
   2. VPN PIN

Download and Installation#

1. Navigate to the given Pritunl user profile (eg: - https://vpn.tsp.sg/k/xxxxxx). Click Download Client

2. Download and install the Pritunl client to your device (Choose OS accordingly)

   

3. Click Show More in the user profile

   

4. Click Download Profile (It will download a .ovpn file)

   

Connecting to VPN#

Method 1: Import Profile through URI#

1. Open pritunl client. Click Import

   

2. Copy the Profile URI from the user profile

   

3. Paste it in Enter Profile URI in Pritunl client and click Import

4. Click on the Connect button

   

5. Click Connect. Enter the pin.

6. You are successfully connected to the VPN

   

Method 2: Import Profile through .ovpn file#

1. Click the Browse button under Import Profile in Pritunl client.

   

2. Browse and select the downloaded .ovpn file from

3. Click on the menu toggle

   

4. Click Connect. Enter the pin (Provided in the Bitwarden Link)

   

5. You are successfully connected to the VPN

   

Troubleshooting#

Issue: Connection Timeout/Error#

The VPN client fails to establish a connection or an error message is displayed.

Solution#

1. Check your internet connection to ensure it’s stable.
2. Verify that you have entered the correct server address and port number.
3. Temporarily disable any firewall or antivirus software that may be blocking the VPN connection.
4. Try connecting to a different VPN Tunnel if available.

Issue: Authentication Failure#

Unable to authenticate or login to the VPN.

Solution:#

1. Double-check the given PIN number.
2. Contact YouTrack TSP Helpdesk to reset your VPN credentials if necessary

Issue: DNS or Internet Access Issues#

After connecting to the VPN, if you are unable to access the internet, TSP internal resources, or specific websites/services.

Solution#

1. Check your network settings and ensure that the VPN client is configured to use the correct DNS servers.
2. Verify that your VPN profile does not have any specific restrictions or routing rules that may be causing the issue.
3. Try accessing websites or services using their IP addresses instead of domain names to bypass DNS-related problems. Check with IT support for the IP addresses to use.

Issue: TSP Internal Resources Access Issues#

After connecting to the VPN, if you are unable to access TSP internal resources.

Solution#

1. Open a terminal or command prompt and enter ping git.tsp.dev. If unable to resolve DNS, try to ping the IP address instead. You can check with IT ops for the IP addresses to use.

2. If able to reach git.tsp.dev, try entering ping -f -l 1400 git.tsp.dev

3. If you see packet fragmentation like in the screenshot above or a request timeout, try lowering the number in the previous command until you get a successful response. For example, try entering ping -f -l 1300 git.tsp.dev. A successful response will look like the screenshot below. Keep adjusting until you find the threshold where it fails.

4. When you get a successful response, use netsh interface ipv4 show subinterfaces to check the MTU value for your Pritunl connection interface. You should see something similar to the screenshot below.

5. If the MTU value for your Pritunl connection interface is higher than the value for the successful response in step 3, use the following commands to manually set the MTU value for your Pritunl connection interface (replace 1350 with the highest MTU value that worked for you in step 3):

netsh interface ipv4 set subinterface "Pritunl 1" mtu=1350 store=persistent
ipconfig /release
ipconfig /renew

6. Run netsh interface ipv4 show subinterfaces again to verify that the MTU value has been updated.

7. Try accessing the TSP internal resources on your browser again.

8. If this solution worked for you, please note that you will have to run the commands from step 5 again every time you encounter the issue when connecting to the Pritunl VPN.

Issue: Corrupted OpenVPN File#

The OpenVPN configuration file has been corrupted or lost.

Solution:#

1. Contact YouTrack TSP Helpdesk to obtain a new Pritunl profile URL.

Issue: Client Compatibility#

The Pritunl VPN client is not compatible with your operating system or device.

Solution:#

1. Ensure that you have downloaded the correct version of the Pritunl VPN client for your operating system.
2. Check the system requirements and supported platforms on the Pritunl website.

Issue: Lost Internet Access after Connecting to VPN#

Your internet provider might have IPs in the same range with TSP VPN server.

Verify IP range of internet provider#

• For Windows: Select Start > Settings > Network & internet > Wi-Fi and then select the Wi-Fi network you’re connected to. Under Properties, look for your IP address listed next to IPv4 address.
• For Mac: Go to System Preference > Network and select your active connection. Select Advanced > TCP/IP tab. Your IP address will be listed in the settings window

Alternatively, you can use following commands to get the IPs:

# Windows
Get-NetIPConfiguration or Get-NetIPConfiguration –InterfaceAlias "Wi-Fi"
# Mac/Linux
ifconfig | grep "inet " | grep -v 127.0.0.1 

Solution:#

1. Use a different internet provider, or
2. In your VPN profile file (.ovpn), add following line after line 66. Warning: consult with IT team first before applying this solution.

...
<ca>
redirect-gateway [def1 local bypass-dhcp bypass-dns] # add this line!
-----BEGIN CERTIFICATE-----
...