Device authentication implementation


We are very interested by the device authentication feature, especially to better manage the way some users could use unauthorized device to connect to VPN.

When enabled, all users will have to request VPN admin to enroll the device, however admin have no information at all about the device users is requesting for. Is there a way to have more information about the device directly in the interface ? Such as Mac Address, Dell S/N, Hostname, etc…

Moreover, is there a way to initiate TPM key creation on all our devices, and enroll them before users requesting for ? It looks complicated to manage a global enrollment at the same time for hundreds of users.

Thanks for helping!

The system hostname is used as the device name when registering the device. Other information may be added but it wouldn’t be possible to verify information like the mac address or serial numbers so this information shouldn’t be relied on as verification.

The process of verifying the 4 digit code is important to prevent approving unknown devices. Two servers can be initially created. One with device authentication and one without. This will allow users to connect while the device verification is being completed.

Hi @zach , thanks for your answer.
When you mention system hostname, which hostname are you refering to ?
For example, a Pritunl device name is “thriving-plateau-1234”, which is not the computer hostname set in windows.
Does it mean something is not properly configured on my side ?


The Go function os.Hostname() in pritunl-client-electron/service/utils/utils.go to get the hostname. Only the Pritunl Client v1.3.3484.2 release will use this. There were some older releases that used the randomly generated profile ID.