Hi team, we have a Pritunl Enterprise instance running in our AWS environment, and we use it to replace an OpenVPN one to give access to users to internal services.
We have configured the vpn with different organizations, each of which with their own server config. But we are facing an issue: in the same organization there are users able to access all services, others are able to access only some. It seems that in some cases the issue is with the route table of the user machine, as switching to a different network sometimes works. Other cases even though the routing is fine, connections are still timing out. The old OpenVPN used to work just fine.
Is there a way to see if Pritunl is blocking somehow some connections? Or how else we can debug this?
If there is a conflict with the local routes either the local network on the client will need to be changed or the server route can be remapped with NAT network mapping.
How do I see if there is a conflict? As far as I can see the local network and the VPN use different IP ranges, so I assume that means there is no conflict. As far as the server routes, they are all configured as NAT, apart from the virtual network one.
From AWS VPC flow logs I can see traffic from the user to the VPN instance, but then I’m not sure what happens on the pritunl side, looks like the traffic is dropped there. Any idea how to see what is happening there? We’ve been hitting this issue for a while and we are thinking on switching back to OpenVPN, but I’d really like to avoid that.
Check the client debugging documentation. If switching internet connections fixes the issue it may be an MTU issue.
Yes, it seems to be indeed that, changing the MTU on the server config, seem to have done the trick, thanks