Unsupported Routers Link

Pritunl Link client on unsupported routers

The link client can be run behind unsupported routers as long as only one client is running behind the router. The routing table and port forwarding must be manually configured on the router. Run the commands below on the server to install the pritunl-link package.

sudo tee -a /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/7/
gpgcheck=1
enabled=1
EOF

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
sudo yum -y upgrade
sudo yum -y install pritunl-link

Next run the first command if your Pritunl server does not have a signed HTTPS certificate. The data will be signed and encrypted with AES independently an unsigned certificate will not effect security. Then run the the second command to clear all host URI's, this should be run to ensure previously configured URIs are removed. The third command will add the URI, this needs to be replaced by clicking Get URI in the Pritunl web console. This command can be run multiple times if more then one link is configured. The sudo pritunl-link verify-off line can be left out if the Pritunl server is configured with a valid SSL certificate. It is not necessary to verify the SSL certificate, the sensitive data is encrypted with AES-256 and signed with HMAC SHA-512 using the token and secret in the URI.

sudo pritunl-link clear
sudo pritunl-link verify-off
sudo pritunl-link add pritunl://token:secret@test.pritunl.com

Once done you will need to forward UDP ports 500 and 4500 to the server for IPsec traffic. Then you need to add a static route for each network that is linked. This can be done easily by configuring the port forwarding and all the other clients, once everything is configured and connected the subnets that need to be routed will be stored in the file below. All these subnets should be statically routed to the local IP address of the Pritunl Link client.

cat /var/lib/pritunl_link/routes
10.150.0.0/16
10.160.0.0/16
10.170.0.0/16
PreviousMultiple Pritunl ServersNextTutorials

Last updated