Note: It is recommened to use the new linking system for site-to-site links view this tutorial
This tutorial will describe creating a site-to-site link with two Pritunl servers. The diagram below shows the network topology for this tutorial.
Both Pritunl servers will need to be able to access the same database server. This is used for inter-server communication. The Pritunl servers do not need direct access to other Pritunl servers. Services such as Compose can be used to deploy a secure high availability MongoDB cluster for Pritunl. Refer to Securing MongoDB for more information on connecting to a Compose cluster with SSL. Self hosted MongoDB clusters should not be used unless they are deployed by someone with MongoDB experience. An improperly configured MongoDB cluster can easily be accessed by attackers. When configuring a self hosted MongoDB cluster the instructions in Securing MongoDB should be followed to enable authentication and SSL on the MongoDB cluster.
After a MongoDB cluster has been deployed all the Pritunl servers must be configured to connect to the same MongoDB cluster. If a Pritunl server has already configured the MongoDB uri it can be reconfigured by running the command
pritunl reconfigure followed by restarting the Pritunl service.
Each site should have a VPN server with the correct routes added and organizations attached. The host for each site should be attached to the server for that site. Once the servers are configured select Link Servers and select both of the servers. For site-to-site links with more then two sites additional links should be created until all servers have a link to all the other servers.
Once the servers have been linked the server configuration should look similar to the example below.
After starting the servers links will be created between each server allowing users to access all the sites when connecting and site-to-site access between the sites.
With the site-to-site connection complete clients will be able to access all the sites but devices in the sites will not have access to other sites. To configure this static routes must be created on the router to route the adjacent sites networks to the Pritunl server in the site. When using AWS the routing table can be automatically configured and updated by following the AWS Route Advertisement tutorial.
When NAT is not used on AWS the source/dest check must be disabled for the network interface attached to the Pritunl EC2 instance.
Updated 2 years ago