Deploying Software

Hi guys. just lloking for the appropiate version of Pritunl.
We are trying to deploy a Software with Lansweeper (just a new .msi pakage) to our Clients, but over the free version is not possible to reach the Clients!
Do we need the Premium or the Enterprise Version of Pritunl?
Do anybody has the same problems?
Well, 10 bucks or 70, that’s the question !

J.A.

There’s nothing preventing the Pritunl server from accessing clients, it does not require a subscription. The server with the deployment system will need to access the clients by connecting to the VPN with the clients or by routing the VPN virtual network. The firewall on the clients will need to be configured to allow access from the VPN virtual network.

Well, the point is, the Free Version let all clients to the lan over the same IP from the VPN Server.
You cannot get to the Client directly.
That’s why I’m asking if we need to get the Premium or Enterprise version to get directly to the clients!

J.A.

To configure routes without NAT an enterprise subscription is required.

Can I update the running Free Server Version directly to the Enterprise ? Without loosing the online Users ? Is it possible to roll back ?

J.A.

Adding or removing a subscription will not effect the server.

Hi,

I find out, we need a direct connect to some authentication Servers to keep the subscription activated.

When I open the FW, I can activate it, but I would like to setup a Rule to restrict only the Server or Group of servers to be accesse to keep the Subscrition up !

I try to find the list of serveres in the Online Dokumentation, but no chance !

The FW monitor shows these hits but not the needed port (443 ? )!

3.125.103.71.

20.106.86.13

20.43.44.165

3.73.61.193

20.223.237.241

Any suggestions ?

Pritunl will at minimum need access to the domain app.pritunl.com on IP 129.213.195.176 to verify the subscription. The host public IPv4 and IPv6 address is automatically detected using app4.pritunl.com and app6.pritunl.com. The public IP address of the host will need to be manually configured if outbound connections are limited.

cool, now it’s up !
Due the fact, tht we have a very unapropiate setup, we cannot reach a client . Nat bring all clients over the ip from the server!

Firewall subinterface 172.168.168.1

Pritunl Sever 172.168.168.10

Pritunl Client 172.168.168.0/22

I was planning to change the Server ip into 172…168.167.10 , also the firewall to anoter subinterface 172.168.167.1, then we will reach every client when deactivate nat.

Will these affect the clients? I don’t want to have extra work generating new .tar’s for every user !

Thks’ in advance
J.A.

If the clients cannot access the server IP in their configuration it will need to be imported again. If the client can access the HTTPS port on at least one of the servers in the configuration then the client configuration sync will update the configuration.