Hey there! I’m evaluating pritunl to be used as non-Nated VPN Platform on AWS. I was wondering if using Google SSO & Groups there is a way to set a subnet CIDR (segment of server CIDR) to be used with users of a organization. We want manage our client access control using the network.
Thanks
Pritunl will add the user to an existing Pritunl organization if the name matches one of the Google groups. These organizations can then be attached to different servers which will each have a subnet.
There is a more advanced mode that can be enabled with sudo pritunl set app.sso_google_mode '"groups"'. Only one organization should exist when using this. The groups will also need to be set in the server settings.
Hi Zach! Thanks for your answer, so are you proposing to create a server per segment and attach an organization with a specific group to each server, rigth?
I was thinking about use a single server with multiples organizations / groups and manage virtual ip address for each organization.
For example:
Server:
Attahced Organizations:
So I was expecting when user with a specific organization / group connect to the server an ip address of his organization is assigned. If this can not be done natively with pritunl, do you know if can be accomplish with a home made plugin? or similar?
Thanks in advance
Multiple servers must be used to assign different subnets.
Hi,
I was able to partially achieve this. I have added secondary interface to my ec2 running pritunl. Then in pritunl server configuration i marked one server to use eth0 and second eth1. After that i have setup a source based routing to ensure that whatever will use eth1 will be going out via eth1 ip. Then there was a biggest pain - autogenerated pritunl entries in iptables nat were conflicting with each other for me (as my routes in both servers included overlapping networks). I had to manually remove and update nat rules, and this will get damaged whenever i will restart pritunl server from admin gui… I just came here looking for some solution for that 