How to Configure Pritunl OVPN Config to Use NLB IP Instead of Individual Instance IPs?

Hello everyone,

I have a setup with three Pritunl servers running on AWS, all connected to a single MongoDB Atlas database (via VPC Peering). The three instances are part of an Auto Scaling Group (ASG) and are behind a Network Load Balancer (NLB).

When users download their OVPN configuration file, it currently includes the IP addresses of all three instances, as shown below:

remote a.b.c.d 1194 tcp-client
remote e.f.g.h 1194 tcp-client
remote i.j.k.l 1194 tcp-client

These IPs correspond to my three Pritunl hosts.

What I want to achieve is to have the OVPN configuration file contain only the NLB IP, since it is the load balancer managing the traffic. I did try setting the Sync Address in 3 of the Host I have. But when I open the OVPN file with that setting set I see sync_hosts param commented. The remote IP stay the same though.

# "sync_hosts": [
#  "https://z.x.c.v"
# ],
...
...
remote a.b.c.d 1194 tcp-client
remote e.f.g.h 1194 tcp-client
remote i.j.k.l 1194 tcp-client

Is there a way to configure Pritunl to include only the NLB IP in the OVPN config file instead of the individual instance IPs?

Any guidance or suggestions would be greatly appreciated!

Thanks!

Not sure if this will work or even recommended but, try and change all the “Public Address” under the Host Settings to the same NLB IP (Or better use the FQDN)
Make sure that the NLB stick to the same VPN server pr user, else the connection will fail.
If a user authenticate over port 443 to Server 1 the user need to use 1194 on Server 1 as well.