Each route added to a server will result in several iptables rules being added for that route. When adding a significant number of routes to a server (50+) the server will timeout during startup due to the time required to add the iptables rules. This can be solved by using the iptables library and increasing the timeouts using the commands below. These commands will be stored in the database and only need to be run once on one host in a cluster. The iptables library although faster then the iptables cli is disabled by default because it is prone to randomly causing segmentation faults that crash the Pritunl process. All servers should be stopped before running this command. This should allow 100-200 routes on a server, if more routes are needed the Restrict Routing option can be disabled in the advanced server settings. This will significantly reduce the number of iptables rules needed. The restrict routing option should not be needed if the server does not need to prevent VPN clients from potentially accessing networks that are not routed. Only a Red Hat based linux distribution such as Amazon Linux 2, Oracle Linux, CentOS or Red Hat Enterprise Linux should be used when running these configurations.
sudo pritunl set vpn.lib_iptables true sudo pritunl set vpn.op_timeout 120 sudo pritunl set vpn.startup_timeout 900
Updated over 3 years ago