Question using Pritunl DNS Server

macsire · October 11, 2025, 7:12pm

We have a scenario where we want a k8s Deployment to communicate to our devices (i.e. raspberry pis) using the VPN Client Mapping that pritunl-dns provides. The only way we can access 11d2dd3d3.foo.vpn dns is by connecting into the Pritunl server then accessing the dns names. How we used to access our devices was by sshing into our openvpn server and then sshing into the device.

Which brings me to my question: How can we access the DNS server from a k8s Deployment to then access other devices? I was looking into adding an initContainer to connect to the server then accessing the devices.

Would like guidance if this anyone has had to do this.

zach · October 11, 2025, 8:53pm

The Pritunl server would need to run on the Kubernetes network or have a site-to-site link on the network. This would then allow the DNS server and containers to be accessed. When running Pritunl in a container the /var/lib/pritunl/pritunl.uuid must be persistent.

macsire · October 12, 2025, 8:11pm

The pritunl server and the k8s cluster live within the same VPC. However, I was able to connect to our devices by sshing from my K8s pod into my pritunl server where I ran dig in the server and had it connect to one of my devices that should be registered in the DNS server with the virtual network’s private ip: dig @ec2-35-15-215-22o.us-east-1.compute.amazonaws.com 22f2fhhgfgf.foo.vpn +short

This is what allows me to ssh into our devices. This is a start. I’ll need to create a script where it can be highly available. Maybe this can help anyone out there finding a way to connect to devices.

macsire · October 25, 2025, 5:19pm

@zach qq on this. Is it possible to use the DNS server from the Pritunl server itself to ssh into my devices? For example, I am trying to access my devices using ssh 11d2dd3d3.foo.vpn on the Pritunl server itself but every time I get an error:

ubuntu@ip-10-10-40-220:~$ ssh 11d2dd3d3.foo.vpn ssh: Could not resolve hostname 11d2dd3d3.foo.vpn: Name or service not known

However, I am able to ssh if I connect with my own profile on my local workstation.

zach · October 26, 2025, 11:23pm

No the DNS server in Pritunl determines the address based on the source IP to match it to a VPN network. If the source IP isn’t on a VPN network it will not resolve.

macsire · October 26, 2025, 11:32pm

All good @zach. I was able to get this on my side with a hacky maneuver. The commands I did were the following:

sudo mkdir -p /etc/systemd/resolved.conf.d/

sudo tee /etc/systemd/resolved.conf.d/vpn-dns.conf << EOF
[Resolve]
DNS=10.100.80.187
Domains=foo.vpn
EOF

sudo systemctl restart systemd-resolved

The layout of my CIDR is like so:

AWS VPC CIDR is 10.100.0.0/16
I added the DNS Server of 10.100.0.2/32
Everything works with the VPN Client when I connect to it but the server itself was not grabbing the DNS server.
- This is where I added the Private IP specifically (i.e. 10.100.80.137) of my Pritunl EC2 instance into systemd and with this worked.

Thanks for the help though.