Network Links
Create site-to-site network gateway connection
Network links known as a routed LAN or iroute in OpenVPN allow routing a local network from a Pritunl client to the VPN server. In the diagram below the EdgeRouter will run an OpenVPN client connected to the Pritunl Server and to local network 10.100.0.0/16
will be routed to the VPN server. The devices on the VPN network 192.168.230.0/24
will have access to the devices on the EdgeRouter network 10.100.0.0/16
.
If you intend on having devices on the Pritunl servers network 10.150.0.0/16
an IPsec link should be used instead. If a network link is used you will need to add the 10.150.0.0/16
network to the VPN server routes and disable NAT. Then either use VPC route advertisement or manually create a static route on the Pritunl servers network to 192.168.230.0/24
and 10.100.0.0/16
with the Pritunl server 10.150.30.189/16
as the next-hop.
First create a user for the router that will be connecting to the VPN server, in this example an EdgeRouter. Set the Network Link field to local network that will be routed through the user. For this example the network 10.100.0.0/16
will be used.
Once the user is created and attached to the VPN server you will need to configure the VPN client. Refer to the Ubiquiti EdgeRouter for using the Pritunl plugin.
In this example the VPN client will be running on the router of the 10.100.0.0/16
network, the required routes will be automatically created when the router connects to the VPN server. If a VPN client is used behind the router you will need to manually create a static route. The static route will route the VPN network 192.168.230.0/24
using the VPN clients local address 10.100.0.120/16
as the destination. Refer to the router documentation on adding static routes.
After the router has been configured the server should look similar to the example below, showing the network link in the routes and the EdgeRouter user online.
Once done any users connected to the VPN server will have access to devices on the 10.100.0.0/16
network and devices on the 10.100.0.0/16
network will also have access to the VPN clients.
Updated over 6 years ago