Multiple POPs for one system

HI,
I have two questions to ensure we are doing things correctly. We have a distributed team around the world, and systems around the world. We started pritunl in our USA office, and it works great for USA folks. So when USA people try to connect to servers in London, we go from laptop in USA → USA Pritunl → london server (via IPSec).

Now when our people in the London try to connect to the london server they go Laptop in London → USA Pritunl → London server (via IPSec).

This adds an amazing amount of latency, as you can expect, that is not needed. So we decided to put a “POP” in London for these folks. We added a second vm, with server and pointed it to MongoDB and it works great. So how it works Laptop In London → UK Pritunl → London Server (via IPSec).

Now the questions :slight_smile:
IS this the proper way of doing it? It seems to be working, but the one thing we did notice is for each “Pop” we create (hopefully just 1-2 total) we need to create all the IPSec tunnels between them and the server areas. Is this where Pritunl peering comes in?

Current in the client this shows up as 2 servers, is there a way to automagically direct them to the closer “POP” ? Via external dns, load balancing or otherwise?

Is there a better way to do it?

Secondary question: we have setup “syncing address” but our clients always say “last synced: Never” what does this do? As I have seen by pushing new servers and such, we have to have the user delete the profile and readd it.

Pritunl Link is an IPsec based site-to-site VPN, this can be used to link the networks using the Pritunl servers. The linked servers option on the servers page will not allow linking the servers without first having a database connection.

The client configuration will only sync if a change is made. Changing the server name will trigger a configuration sync without needing to change important options relevant to the connection.

Hi Zach,
Thanks for the response, ok I will try changing a server name and see if that triggers the update. Can you please let me know where I can find documentation around Pritunl Link and how we can achieve what we want? When doing Pritunl Link will that route all the needed subnets to there? How do we tell it what is where? Hopefully all in the documentation!

Thanks,!

The link configuration has information on configuring Pritunl Link.

Hi Zach,
OK So that makes sense, back to the “Last Synced: Never”, we added a new server to help folks in the other region to connect. I would have thought that the profiles would have automatically showed up for our folks, but they didn’t.
Users then have to delete their profiles, and then reimport them and the new server options show up and work. Is this not the “sync” feature supposed to do?

The sync functionality won’t send sensitive information. When a profile is synced the keys are extracted from the profile by the client and merged with the updates from the server. Syncing entire profiles would require sending sensitive information over the sync.

1 Like