Optimizing Pritunl VPN for AWS: Separating Private and Public Networks and Automating Route Addition

Hello Pritunl community,

I need assistance in optimizing my VPN structure for AWS using Pritunl. Here’s an overview of the current setup and the issues I’m facing:

Current Setup:

  • Pritunl VPN is running on EC2 with Okta SSO integration.
  • Several VPCs are connected via peering in different AWS regions.
  • I’m using specific routes for accessing each VPC, excluding the 0.0.0.0/0 route, and only including subnets like 10.1.0.0/24.
  • AWS networks are uploaded to Pritunl using a Python script (API documentation).

Issue:

  • The number of AWS networks is overloading the route table, which affects the performance and management of client connections.

Questions:

  1. Can Pritunl be used separately for private and public AWS networks? For example, could a dedicated Pritunl instance in Kubernetes be set up for private networks (e.g., 10.1.0.0/24)?
  2. Can two Pritunl clients be used in parallel—one for public AWS networks and another for private VPC networks?
  3. Are there automation mechanisms for adding routes in Pritunl, with the configuration stored in Git?

I’d appreciate your recommendations and advice on how to address these issues efficiently.

Thank you,
Dmitry
DevOps at Betterme

The tools/add_aws_ranges.py script in the repository can be used to add routes, there isn’t any example of storing the routes on GitHub. The server is tested with 950 routes if there are issues with fewer routes it may help to upgrade the server. Older versions from several years ago could not handle a lot of routes if it is an older release it should be updated.

The client can connect to multiple servers at the same time with different sets of rotues.