# Site-to-Site Configuration **Note: It is recommened to use the new linking system for site-to-site links** [**view this tutorial**](https://docs.pritunl.com/kb/vpn/tutorials/broken-reference) This tutorial will describe creating a site-to-site link with two Pritunl servers. The diagram below shows the network topology for this tutorial. ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FYyZnbpysmHGYSDIlypfx%2Fsite_to_site_link.png?alt=media\&token=f609f571-3962-47b0-8b68-c14be55b8c84) ### MongoDB Server Both Pritunl servers will need to be able to access the same database server. This is used for inter-server communication. The Pritunl servers do not need direct access to other Pritunl servers. Services such as [**MongoDB Atlas**](https://www.mongodb.com/cloud/atlas) can be used to deploy a secure high availability MongoDB cluster for Pritunl. Refer to [**Securing MongoDB**](https://docs.pritunl.com/kb/vpn/security/securing-mongodb) for more information on connecting to a Compose cluster with SSL. Self hosted MongoDB clusters should not be used unless they are deployed by someone with MongoDB experience. An improperly configured MongoDB cluster can easily be accessed by attackers. When configuring a self hosted MongoDB cluster the instructions in [**Securing MongoDB**](https://docs.pritunl.com/kb/vpn/security/securing-mongodb) should be followed to enable authentication and SSL on the MongoDB cluster. ### Initial Setup After a MongoDB cluster has been deployed all the Pritunl servers must be configured to connect to the same MongoDB cluster. If a Pritunl server has already configured the MongoDB uri it can be reconfigured by running the command `pritunl reconfigure` followed by restarting the Pritunl service. ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2Fcurk5RJ6JyboIM5iIkT8%2Fdatabase_setup1.png?alt=media\&token=5e957404-7cd4-4a46-bf55-977958b0da3d) ### Configure Servers Each site should have a VPN server with the correct routes added and organizations attached. The host for each site should be attached to the server for that site. Once the servers are configured select *Link Servers* and select both of the servers. For site-to-site links with more then two sites additional links should be created until all servers have a link to all the other servers. ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FAm5Umm9sb8J8mwkCIId6%2Flink_servers0.png?alt=media\&token=566a32a7-e583-4226-ae62-e14cb5833fa4) Once the servers have been linked the server configuration should look similar to the example below. ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2F0U9tt5JZHZq8tQsij3N7%2Fserver_link0.png?alt=media\&token=a5a4906d-b3f5-4818-b04e-e4228d23eae1) After starting the servers links will be created between each server allowing users to access all the sites when connecting and site-to-site access between the sites. ### Router Configuration With the site-to-site connection complete clients will be able to access all the sites but devices in the sites will not have access to other sites. To configure this static routes must be created on the router to route the adjacent sites networks to the Pritunl server in the site. When using AWS the routing table can be automatically configured and updated by following the [**AWS Route Advertisement**](https://docs.pritunl.com/kb/vpn/tutorials/aws-route-advertisement) tutorial. ### Amazon Web Services Routing When NAT is not used on AWS the source/dest check must be disabled for the network interface attached to the Pritunl EC2 instance. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pritunl.com/kb/vpn/tutorials/site-to-site-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.