Getting Started with Pilvy VPN Server

This page will help you get started with Pilvy VPN Server. We will setup an instance of the VPN server that routes all client traffic through the VPN server.

Prerequisites

You will need root access on a server running Ubuntu Linux 16.04 or later. Although any Debian-based Linux distribution should work, we recommend Ubuntu Linux at this time. Note that systemd is required.

Download and Install

Go to the Pilvy VPN Server site to obtain the latest version of the server installation package.

# wget https://www.pilvy.com/downloads/pilvy-vpnserver_x.y.z_amd64.deb
# dpkg -i pilvy-vpnserver_x.y.z_amd64.deb

The installer will automatically generate a public key infrastructure (PKI), with a root and intermediate certificate authority (CA), as well as a signed client keypair.

For production use, you should regenerate the PKI on a secure machine, not connected to the network, as maintaining the security of the PKI private keys is of paramount importance. If you have an existing PKI, you may of course use that as well.

Create Users

Pilvy VPN Server supports a number of different authentication methods, but the simplest is to use a SQLite database. You can manage users from the command line with the vpnadmin tool. Let's create our first user:

# vpnadmin users create alice

Default PKCS12 Identity Password

The default password to decrypt the PKCS12 identity is: secret

Connect to the Server

At server installation time, a sample configuration profile is generated. You can find it in the /etc/vpnserver/pki-tools/clients directory on the server. Transfer the client.vpntoolkit file to a client machine (or email it to yourself).

Using the iOS App

  1. Download Pilvy VPN from the App Store
  2. Open the Mail app and find the email containing the client.vpntoolkit attachment
  3. Open the attachment with Pilvy VPN
  4. Flip the switch to connect
  5. Enter the credentials you created above when prompted

Using Mac or Windows Apps

After download the desktop app, click on the tray menu app icon, navigate to the Advanced menu, and click Import Configuration. Browse to the client.vpntoolkit file you downloaded from the VPN server and open it. Finally, select the Connect menu item.

Using the Command-Line Interface

Download one of the CLI apps from the website, and connect:

Administrative Privileges Required

You will need to use the sudo command on Mac and Linux since the client needs to modify the machine's network configuration. On Windows, you should first install the tray app before using the CLI tool, as a network driver needs to be installed.

# vpnclient --profile client.vpntoolkit --username alice

You will be asked to enter the password.

At this point, you will be connected, and all traffic will be routed through the VPN server.

Congratulations! You have successfully deployed a VPN server that's ready for action. Next up, see how you can customize the Server Configuration to suit your specific needs.