Pritunl VPN Server DR Plan on AWS

Pritunl Pritunl VPN
1

Hi Pritunl Community,

We are currently using the Pritunl VPN freeware version with 200+ active VPN users connected daily.

Considering the current global situation, having a Disaster Recovery (DR) plan is mandatory for our environment.

Our biggest concern and tension point is that these 200+ users are business-critical, and any interruption during failover directly impacts live user sessions and productivity.

The most critical challenge is that all end clients are configured to connect using the current Pritunl server VPN public IP address. Because AWS public IPs are region-specific, during a cross-region DR failover the VPN endpoint IP changes, which means all client connectivity breaks until users manually reconnect using the new IP.

Due to this regional IP limitation in AWS, the current DR planning is not practical for us.

We are looking for an alternative architecture or automatic failover strategy that can preserve client connectivity with minimal or zero interruption, even when the primary AWS region becomes unavailable.

Our key requirements are:

  • Automatic cross-region failover

  • No manual end-user reconfiguration

  • Minimum disruption for 200+ live VPN users

  • Same stable public endpoint for clients

  • Support for clients currently using server VPN IP address

Please suggest the best DR/failover design for Pritunl in AWS, especially where clients are already hardcoded with the server VPN public IP.

Looking forward to your response.

2

pritunl is designed with independent nodes that get award of each other when they are connected to the same database. To achieve cross-region failover, you could use mongodb atlas cluster with read and write databases in different regions, then connect your pritunl node to its closer database and set up replication. Replication | Pritunl VPN | Pritunl Documentation you will need pritunl entreprise for this.

3

If multiple hosts are configured it will require an enterprise subscription also included in the subscription is the configuration sync. Before the client connects it will use the HTTPS port on the Pritunl server to sync configuration changes including host changes. This will sync any new IP addresses into the configuration.

The client will also handle automatic failover to connect to the other hosts when one is offline. There is also the additional geo sort host selection option which will have the client connect to the nearest host based on location.