Map Groups to Static Outbound IP on EC2

I have an enterprise subscription and want to setup as follows.

User U1 belongs to Group G1
User U2 belongs to Group G2
EC2 Machine has 2 Ips on eth0, IP1 and IP2

After doing the necessary settings for Server and such, when user U1 connects I want the outgoing IP to be IP1, and for user U2 it to be IP2.

What I have been able to do:
Set up 2 Servers, S1 and S2 on single Host H1.
S1 Binds to Address IP1
S2 Binds to Address IP2

UI connects to S1 and when connecting to external server ES1 shows it’s IP as IP1
U2 connects to S2 and when connecting to external server ES2 shows it’s IP as IP1

The last bolded line above is the error. I want it to show it’s IP as IP2 (as gotten from Bind_addr of Server it is connecting to)

Let me know if I have understood anything incorrect and how to do this?

If each IP is on a separate interface enterprise has an option in the route settings to set the NAT interface name for that route.

Thanks for the idea. I would try this today and report back.

I have added a NAT interface to Route like this.

image

The route is not working. Another similar route where I put down the NAT Interface as eth0 works. I have added new interface after installing and setting up pritunl. I have reset service/reboot server/added new users/re-downloaded profiles etc to rule out those things.

Any help would be appreciated. Let me know if what I am trying to do is not possible, so that I can try to find any alternate products or solutions.

It may be a limitation of the current design, I haven’t tested this configuration.

Hi @zach Are you from Pritunl? Is this an official answer that this is an unsupported right now? If so, can I know the purpose of that particular field, or in what scenarios it would work?

I have an enterprise license and currently doing an POC to understand the features and limitations. It is crucial to know the limitations and maturity of the product.

Yes that would be the official answer. I would need to replicate the configuration to verify what is occurring but the recommended configuration has always been to create separate hosts when multiple default gateways are desired.

It is not recommended to forward all internet traffic on AWS. This will result in significant bandwidth charges and many websites will block AWS IP ranges assuming the client is a web crawler.

Hi @zach Thanks for the reply.

Can you provide more details about the suggested configuration using multiple hosts?

We are not forwarding all traffic through AWS, only specific external client sites.

Open the server settings and change the replication count to equal the number of hosts attached to the server. Leave NAT enabled on the routes unless a non-NAT configuration is required.