Site-to-Site Configuration

Create a secure site-to-site connection between networks

Note: It is recommened to use the new linking system for site-to-site links view this tutorial

This tutorial will describe creating a site-to-site link with two Pritunl servers. The diagram below shows the network topology for this tutorial.


MongoDB Server

Both Pritunl servers will need to be able to access the same database server. This is used for inter-server communication. The Pritunl servers do not need direct access to other Pritunl servers. Services such as MongoDB Atlas can be used to deploy a secure high availability MongoDB cluster for Pritunl. Refer to Securing MongoDB for more information on connecting to a Compose cluster with SSL. Self hosted MongoDB clusters should not be used unless they are deployed by someone with MongoDB experience. An improperly configured MongoDB cluster can easily be accessed by attackers. When configuring a self hosted MongoDB cluster the instructions in Securing MongoDB should be followed to enable authentication and SSL on the MongoDB cluster.

Initial Setup

After a MongoDB cluster has been deployed all the Pritunl servers must be configured to connect to the same MongoDB cluster. If a Pritunl server has already configured the MongoDB uri it can be reconfigured by running the command pritunl reconfigure followed by restarting the Pritunl service.


Configure Servers

Each site should have a VPN server with the correct routes added and organizations attached. The host for each site should be attached to the server for that site. Once the servers are configured select Link Servers and select both of the servers. For site-to-site links with more then two sites additional links should be created until all servers have a link to all the other servers.


Once the servers have been linked the server configuration should look similar to the example below.


After starting the servers links will be created between each server allowing users to access all the sites when connecting and site-to-site access between the sites.

Router Configuration

With the site-to-site connection complete clients will be able to access all the sites but devices in the sites will not have access to other sites. To configure this static routes must be created on the router to route the adjacent sites networks to the Pritunl server in the site. When using AWS the routing table can be automatically configured and updated by following the AWS Route Advertisement tutorial.

Amazon Web Services Routing

When NAT is not used on AWS the source/dest check must be disabled for the network interface attached to the Pritunl EC2 instance.