Ubiquiti EdgeRouter

This documentation will configure a Pritunl Link client running on a Linux server connected to a EdgeRouter network. Refer to the Ubiquiti EdgeRouter Static documentation for connecting to Pritunl Link directly from the EdgeRouter.

Create a CentOS 7 server in the EdgeRouter network. The Pritunl Link client will automatically adjust port forwarding to allow failover with multiple hosts behind a single EdgeRouter. Next create a new administrator user for the Pritunl Link client. This will be used to modify the routing table.

Open the Firewall/NAT tab and select Port Forwarding. Then set the WAN interface to the internet interface and add any LAN interfaces to LAN interface. This will configure the required options for the Pritunl link client to add port forwarding rules.

Run the commands below on the instance to install the pritunl-link package. The firewalld service must also be disabled.

Next run the first command if your Pritunl server does not have a signed HTTPS certificate. The data will be signed and encrypted with AES independently an unsigned certificate will not effect security. Then run the second command to manually set the provider to edge. The next three commands are used to set the EdgeRouter username, password and hostname. The third command will clear all host URI's, this should be run to ensure previously configured URIs are removed. The fourth command will add the URI, this needs to be replaced by clicking Get URI in the Pritunl web console. This command can be run multiple times if more then one link is configured. The sudo pritunl-link verify-off line can be left out if the Pritunl server is configured with a valid SSL certificate. It is not necessary to verify the SSL certificate, the sensitive data is encrypted with AES-256 and signed with HMAC SHA-512 using the token and secret in the URI.

The commands below can be run to check the logs and status of the link. The pritunl-link service will already be running and connected once the URI is added.