Pritunl Documentation

Welcome to the Pritunl developer hub. You'll find comprehensive guides and documentation to help you start working with Pritunl as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Site-to-Site Configuration

Create a secure site-to-site connection between networks

Note: It is recommened to use the new linking system for site-to-site links view this tutorial

This tutorial will describe creating a site-to-site link with two Pritunl servers. The diagram below shows the network topology for this tutorial.

MongoDB Server

Both Pritunl servers will need to be able to access the same database server. This is used for inter-server communication. The Pritunl servers do not need direct access to other Pritunl servers. Services such as MongoDB Atlas can be used to deploy a secure high availability MongoDB cluster for Pritunl. Refer to Securing MongoDB for more information on connecting to a Compose cluster with SSL. Self hosted MongoDB clusters should not be used unless they are deployed by someone with MongoDB experience. An improperly configured MongoDB cluster can easily be accessed by attackers. When configuring a self hosted MongoDB cluster the instructions in Securing MongoDB should be followed to enable authentication and SSL on the MongoDB cluster.

Initial Setup

After a MongoDB cluster has been deployed all the Pritunl servers must be configured to connect to the same MongoDB cluster. If a Pritunl server has already configured the MongoDB uri it can be reconfigured by running the command pritunl reconfigure followed by restarting the Pritunl service.

Configure Servers

Each site should have a VPN server with the correct routes added and organizations attached. The host for each site should be attached to the server for that site. Once the servers are configured select Link Servers and select both of the servers. For site-to-site links with more then two sites additional links should be created until all servers have a link to all the other servers.

Once the servers have been linked the server configuration should look similar to the example below.

After starting the servers links will be created between each server allowing users to access all the sites when connecting and site-to-site access between the sites.

Router Configuration

With the site-to-site connection complete clients will be able to access all the sites but devices in the sites will not have access to other sites. To configure this static routes must be created on the router to route the adjacent sites networks to the Pritunl server in the site. When using AWS the routing table can be automatically configured and updated by following the AWS Route Advertisement tutorial.

Amazon Web Services Routing

When NAT is not used on AWS the source/dest check must be disabled for the network interface attached to the Pritunl EC2 instance.

Updated about a year ago

Site-to-Site Configuration

Create a secure site-to-site connection between networks

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.