# Routes

The server routes configure which networks vpn clients will send traffic to. By default a server will route all internet traffic to the vpn server. This is done with the `0.0.0.0/0` route.

### Settings

| Setting                        | Description                                                                                                                                                      |
| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Network                        | The network address with cidr subnet that will be routed.                                                                                                        |
| NAT Route                      | Enable NAT for the route to NAT traffic from vpn clients to the network. This is required unless a static route is configured on the router for the vpn network. |
| VPC Route Advertisement Region | AWS region for route advertisement.                                                                                                                              |
| VPC Route Advertisement ID     | The VPC ID for the route advertisement. The EC2 server hosting the server must be connected to this VPC.                                                         |

### Amazon Web Services VPC Route Advertisement

Route advertisement allows Pritunl to automatically add a static route for a network on the VPC routing table. This will route traffic for the network to the current EC2 hosting the vpn server. This is useful for automatic configuration and fail over configurations. When route advertisement is used and a vpn server fails the static route will be updated to a healthy vpn server host. The source/dest check must be disabled for the network interfaces attached to the Pritunl servers. This will allow the servers to route traffic from the vpn network. This can be found in the Network Interfaces section of the EC2 Dashboard. In addition to this the security groups for servers on the VPC must be configured to allow traffic from the vpn subnet. When creating the AWS credentials the *AmazonVPCFullAccess* policy should be the only policy attached to the credentials.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pritunl.com/kb/vpn/servers/routing.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.