The server routes configure which networks vpn clients will send traffic to. By default a server will route all internet traffic to the vpn server. This is done with the
|Network||The network address with cidr subnet that will be routed.|
|NAT Route||Enable NAT for the route to NAT traffic from vpn clients to the network. This is required unless a static route is configured on the router for the vpn network.|
|VPC Route Advertisement Region||AWS region for route advertisement.|
|VPC Route Advertisement ID||The VPC ID for the route advertisement. The EC2 server hosting the server must be connected to this VPC.|
Route advertisement allows Pritunl to automatically add a static route for a network on the VPC routing table. This will route traffic for the network to the current EC2 hosting the vpn server. This is useful for automatic configuration and fail over configurations. When route advertisement is used and a vpn server fails the static route will be updated to a healthy vpn server host. The source/dest check must be disabled for the network interfaces attached to the Pritunl servers. This will allow the servers to route traffic from the vpn network. This can be found in the Network Interfaces section of the EC2 Dashboard. In addition to this the security groups for servers on the VPC must be configured to allow traffic from the vpn subnet. When creating the AWS credentials the AmazonVPCFullAccess policy should be the only policy attached to the credentials.
Updated about 4 years ago