Pritunl Site-to-Site / Link Client


I have a question about the Enterprise Link function. As I understood it according to the documentation, the Link Client is installed for example on two hosts (regardless of the Pritunl VPN server) which establishes an IPSec connection.

This has worked so far, ipsec statusall shows that the connections have been established and they are also shown as active in the web interface.

But how does the connection work? To test, I tried to reach an IP address from the other network on both link hosts, which was not possible. Only the default route exists on the servers, obviously no adjustments were made by the Pritunl client, should that be the case?

Then another question about the Pritunl VPN server. For a VPN user, how would this connect to a remote network over the link host? Do the VPN server and Pritunl Link Host have to be in the same internal network so that direct conenction is possible and from this link client it then goes via site-to-site to the remote link client?

Thank you for an explanation.

Pritunl Link is for connecting networks. Once the networks are connected a VPN server can be placed on the network to access both networks. To get access to clients from the other networks a non-NAT configuration will be needed and the VPN virtual network can be added to the Pritunl Link routes.

Thank you. I have now evaluated this further and after traffic analysis I was able to find the errors.

The following questions arose:

  • For a static host without Pritunl Link Client it is specified that only one route is supported. Is it correct that only one subnet, e.g., can run over it and not an additional I had tested this and at least there was no error when adding it.

  • A static IPsec router only supports dh-group15, dh-group19 is specified in the configuration, is it possible to adjust this? Is that a problem at all or could this option be set to PFS “none” on the router?

Static hosts can have multiple routes.