We have been running Pritunl for a while at a dedicated cloud host to access some machines on that network. We are moving our infra to AWS, and need to move our Pritunl server.
I was able to install pritunl, activate the license, and restore from the DB. I set up the virtual network to run on a different subnet, but with all the same routes. It is working great.
We have ~25 users on our dedicated webhost server that have installed certificates into the pritunl client. It seem like even if i update the DNS record we use when the users authenticate and import their profiles, it still connects to the old server.
Is there a best practice for moving these without having the end user re import their certificate?
It’s likely the public address field in the host settings or for non-enterprise installations the public address in the top right settings was never set to a DNS name. All the clients will still have the IP address in the profiles. Configuration sync that is available with the enterprise subscriptions will be able to sync updates to the configuration but it would still need to access at least one host to get the new settings. If only IP addresses were used in the original configuration that would require keeping one host online to allow the sync.
If the profiles still don’t work after importing a new profile it’s likely the public address is still set to the old IP address in the settings or host attachment is incorrect. For enterprise open the hosts tab and delete the host that is offline then in the servers tab attach the online host to the servers. This occurs if the host ID in /var/lib/pritunl/pritunl.uuid isn’t transferred when restoring the database. For non-enterprise it can still happen even though it’s not visible but it will automatically correct when the service is restarted.
We do have an enterprise license. I have updated the host address to our domain name. So are you saying as the users connect the config will sync to the domain name? Once all of them are synced, then I can change the DNS to the new host and everything should work?
Open the client and click settings on the profile. Then check the hosts under Configuration Sync Hosts. The client will need to be able to access the Pritunl web server at that address for the sync to occur. Configure the server in a way where access will remain available at the address then update the public address and sync address in the host settings. On the next connection these will sync to client.