Create site-to-site network gateway connection
Network links known as a routed LAN or iroute in OpenVPN allow routing a local network from a Pritunl client to the VPN server. In the diagram below the EdgeRouter will run an OpenVPN client connected to the Pritunl Server and to local network
10.100.0.0/16 will be routed to the VPN server. The devices on the VPN network
192.168.230.0/24 will have access to the devices on the EdgeRouter network
If you intend on having devices on the Pritunl servers network
10.150.0.0/16 an IPsec link should be used instead. If a network link is used you will need to add the
10.150.0.0/16 network to the VPN server routes and disable NAT. Then either use VPC route advertisement or manually create a static route on the Pritunl servers network to
10.100.0.0/16 with the Pritunl server
10.150.30.189/16 as the next-hop.
First create a user for the router that will be connecting to the VPN server, in this example an EdgeRouter. Set the Network Link field to local network that will be routed through the user. For this example the network
10.100.0.0/16 will be used.
Once the user is created and attached to the VPN server you will need to configure the VPN client. Refer to the Ubiquiti EdgeRouter for using the Pritunl plugin.
In this example the VPN client will be running on the router of the
10.100.0.0/16 network, the required routes will be automatically created when the router connects to the VPN server. If a VPN client is used behind the router you will need to manually create a static route. The static route will route the VPN network
192.168.230.0/24 using the VPN clients local address
10.100.0.120/16 as the destination. Refer to the router documentation on adding static routes.
After the router has been configured the server should look similar to the example below, showing the network link in the routes and the EdgeRouter user online.
Once done any users connected to the VPN server will have access to devices on the
10.100.0.0/16 network and devices on the
10.100.0.0/16 network will also have access to the VPN clients.
Updated almost 5 years ago