Pritunl v1.30.3333.72

Pritunl v1.30.3333.72 and Pritunl Client v1.3.3329.81 has been released. This update adds a new connection single sign-on authentication option. An IP pool issue that caused the dynamic address pool for multi-device connections to run out has also been fixed.

Single sign-on connection authentication

Single sign-on connection authentication provides a new way to add additional authentication to each VPN connection. In addition to the current profile certificate and single sign-on API checks. This option will require the user to complete a single sign-on authentication from the web browser for each VPN connection. Authentication cache can be enabled to reduce the frequency of this.

conn_sso2645×781 70.3 KB

When a user attempts to connect to a server with single sign-on authentication enabled a web browser will open. This will prompt them to complete authentication with the single sign-on provider and once complete the VPN connection will authenticate. If a system default web browser isn’t configured a link can be copied from the prompt. More information on configuring this feature can be found in the single sign-on connection authentication documentation.

Disable default gateway option

An option to override the routing of internet traffic on a VPN profile that is configured to route internet traffic has been added. This option can be found in the profile settings on the latest client release.

This requires https to be fully exposed to the internet?

Yes the web server will need to be available on the internet. The Pritunl web server has significant security hardening to allow this to be done safely. This is documented in the security documentation.