Post

Managing Enterprise VPN using Pritunl API CLI

Introduction

When you are in the advanced field of system administration, you always think, “Is there a CLI feature for this?” in a scenario where simple tasks like adding or modifying having a repeating process are relatively less attractive throughout the period. With the help of the Command line interface and mild scripting, we can accomplish primary things in terms of automating simple repetitive tasks.

In this post, we can manage an enterprise VPN using the Pritunl API CLI, such as creating, retrieving, and updating users and a few other CLI features.

Quick Demo

AWS Console Access Portal AWS Console Access Portal

Recorded with asciinema asciinema

Installation

Pritunl API CLI is already part of the Pritunl API Client for Python; to enable it, we all need to allow extra CLI during the PIP installation. The PIP extra cli will install the necessary libraries for our CLI feature.

Install via PyPI Package

1
pip install pritunl-api[cli]

The CLI will automatically be available in your distribution $PATH. Try to validate that the CLI distribution is accessible by invoking the command.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
pritunl-api-cli --help
Usage: pritunl-api-cli [OPTIONS] COMMAND [ARGS]...

  Pritunl API CLI

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  api
  user

pritunl-api-cli --version
pritunl-api-cli, version x.x.x

Configuration

API Endpoint and Credentials Setup

Set the Pritunl API CLI environment variables.

1
2
3
export PRITUNL_BASE_URL="https://vpn.domain.tld/"
export PRITUNL_API_TOKEN="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
export PRITUNL_API_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

Test the connection to see if the API endpoint and credentials work correctly.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
pritunl-api-cli api status
{
  "org_count": 1,
  "users_online": 0,
  "user_count": 0,
  "servers_online": 1,
  "server_count": 1,
  "hosts_online": 1,
  "host_count": 1,
  "server_version": "1.30.3354.99",
  "current_host": "XXXXXXXXXXXXXXXXXXXXXX",
  "public_ip": "###.###.###.###",
  "local_networks": [
    "172.31.80.0/20"
  ],
  "notification": ""
}

CLI Usage

User Feature

1
2
3
4
5
6
7
8
9
10
11
pritunl-api-cli user
Usage: pritunl-api-cli user [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  create
  delete
  get
  update

Create User

1
2
3
4
5
6
7
8
9
10
11
12
13
pritunl-api-cli user create
Usage: pritunl-api-cli user create [OPTIONS]

  Pritunl Create User

Options:
  --org-name TEXT
  --user-name TEXT
  --user-email TEXT
  --pin TEXT
  --yubikey-id TEXT
  --from-csv PATH
  --help             Show this message and exit.
Create a Single User
1
2
3
4
pritunl-api-cli user create \
  --org-name pritunl-dev \
  --user-name john.doe \
  --user-email [email protected]
Create a sets of User from CSV file
1
2
pritunl-api-cli user create \
  --from-csv ./users.csv

Get User

1
2
3
4
5
6
7
8
9
10
11
pritunl-api-cli user get
Usage: pritunl-api-cli user get [OPTIONS]

  Pritunl Get User

Options:
  --org-name TEXT
  --user-name TEXT
  --all-users
  --show-advanced-details
  --help                   Show this message and exit.
Get a Single User
1
2
3
pritunl-api-cli user get \
  --org-name pritunl-dev \
  --user-name john.doe

Showing the advanced details of a user in JSON output.

1
2
3
4
pritunl-api-cli user get \
  --org-name pritunl-dev \
  --user-name john.doe \
  --show-advanced-details
Get Users from an Organization
1
2
3
pritunl-api-cli user get \
  --org-name pritunl-dev \
  --all-users

Showing the advanced details of a users in JSON output.

1
2
3
4
pritunl-api-cli user get \
  --org-name pritunl-dev \
  --all-users \
  --show-advanced-details

Update User

1
2
3
4
5
6
7
8
9
10
11
12
pritunl-api-cli user update
Usage: pritunl-api-cli user update [OPTIONS]

  Pritunl Update User

Options:
  --org-name TEXT
  --user-name TEXT
  --pin TEXT
  --yubikey-id TEXT
  --disable / --enable
  --help                Show this message and exit.
Update a User for a New PIN
1
2
3
4
pritunl-api-cli user update \
  --org-name pritunl-dev \
  --user-name john.doe \
  --pin 123456
Disable a User
1
2
3
4
pritunl-api-cli user update \
  --org-name pritunl-dev \
  --user-name john.doe \
  --disable
Enable a User
1
2
3
4
pritunl-api-cli user update \
  --org-name pritunl-dev \
  --user-name john.doe \
  --enable

Delete User

1
2
3
4
5
6
7
8
9
pritunl-api-cli user delete
Usage: pritunl-api-cli user delete [OPTIONS]

  Pritunl Delete User

Options:
  --org-name TEXT
  --user-name TEXT
  --help            Show this message and exit.
Delete a User
1
2
3
pritunl-api-cli user delete \
  --org-name pritunl-dev \
  --user-name john.doe

Connection and Testing

Pritunl Client

Install the Pritunl Client for our Pritunl API CLI created users and the keys it generated.

Pritunl Client CLI

The pritunl-client package is available when installing the Pritunl Client

Add a Profile
1
pritunl-client add pritunl://vpn.domain.tld/ku/8u2KK6rZ
List of Profiles
1
pritunl-client list
Start a Connection
1
pritunl-client start zmza0w2jbqidtp5f --mode wg
Stop a Connection
1
pritunl-client stop zmza0w2jbqidtp5f
Delete a Profile
1
pritunl-client delete zmza0w2jbqidtp5f

Validate Connection

This a neat and quick way to test if your connection routes to your Local ISP or in the VPN Cloud Vendor.

1
curl -s ipinfo.io/`curl -s ifconfig.me` | jq
This post is licensed under CC BY 4.0 by the author.