Servers can be replicated to several hosts to balance load and provide redundancy. When servers are replicated the VPN network will exist separately on each replica. To allow clients to communicate with clients on other replicas routes will be created for each client to the respective hosts local ip address. By default the local address will be automatically set for each host, it can also be manually set in the host settings.
For client-to-client traffic to work all replicas must have layer 3 connectivity. Firewalls should also allow communication between the replicas including UDP port 4789. If replicated servers cannot communicate on a local network Inter-Client Communication must be disabled in the server settings.
If non-NAT routes are using the servers must be replicated with the VXLan and route advertisement enabled. The VXLan UDP port 4789 must also be opened between Pritunl hosts.
Using replication on EC2 requires the source/dest check to be disabled for the network interfaces attached to the Pritunl servers. This will allow the servers to route traffic from the VPN network. This can be found in the Network Interfaces section of the EC2 Dashboard. In addition to this the security group for the Pritunl servers must allow traffic from the VPN network.
Updated over 4 years ago