Pritunl Cloud Link

For a more detailed tutorial refer to Site-to-Site with IPsec

Pritunl Cloud has built in support for Pritunl Link by adding the link host URI to the VPC settings in Pritunl Cloud. It will be more reliable and secure to isolate the Pritunl Link client in an instance as documented below.

First create a firewall policy for the Pritunl Cloud instance to allow traffic from UDP port 500 and 4500. Traffic from the Pritunl Cloud VPC going through the IPsec tunnel will also need to be allowed, this can be done by allowing all traffic from the Pritunl Cloud VPC subnet or specifying the required ports.

If the Pritunl Cloud instances are behind a NAT port forwarding will need to be used to forward the IPsec ports to the Pritunl Link instance.

Create a new user and set the Type to API. Then generate a token and secret, this will be used by Pritunl Link to automatically update the VPC routing table. Currently only administrator users can be used with Pritunl Link.

Next create a new Oracle Linux instance in Pritunl Cloud and add the role for the IPsec firewall policy created above. Then install Pritunl Link and run the commands below to configure the link. The pritunl-hostname should be set to admin domain of the Pritunl Cloud URL.

The commands below can be run to check the logs and status of the link. The pritunl-link service will already be running and connected once the URI is added.