Top Categories


todayMarch 6, 2021

industry + cloud Jake

Critiquing cloud lockin

I hear a lot of talk about cloud lockin. I hear it from people with self funded startups, authors on tech blogs and developers. The argument I hear most is that if you start using cloud native tooling, you’ll become dependent on it, accumulate tech debt and be forever burdened. [...]

Trying Pritunl Zero

vendor guides Jake todayMay 31, 2020 331

share close

Pritunl is an open source OpenVPN and IPSec solution that comes with a somewhat popular VPN client. Pritunl Zero fills in a few more gaps by providing zero trust access to SSH and Web Services similar to products such as Akamai EAA and Zscaller.

I installed an individual server using this guide. It was relatively easy although I had to open up a private browsing window to get past an initial HSTS error, and the default credentials mentioned in the documentation were not up to date (the solution is to run pritunl-zero default-password). From there, setting up an internal service to proxy took about 5 minutes. One thing that I’d like to try out is the API for automatic registration of web-services. EAA and ZScaller for some reason still require manual setup.

Zero also offers a way to authenticate for SSH. It uses an SSH Certificate Authority to sign a users public key, the user then uses that key to access other servers. This approach allows for authorization without the need for Zero to ever talk to those servers. I’m a big fan of using SSH Certificate Authorities and have used Hashicorp’s Vault in the past to accomplish it. For network segregation, Zero can automatically create fleets of SSH bastions to route connections to internal resources. Zero provides a CLI tool pritunl-ssh which takes care of the accompanying config on the client side.

All in all, I’m cautiously optimistic. Zero-Trust web-application proxies have long been one of my go to solutions for deploying secure internal applications. Having a solid open source option would be a great resource for companies that want the additional security but don’t want to purchase an enterprise license.

This post was origionally published on

Written by: Jake

Tagged as: , , .

Rate it