I have several services that are served by a CDN (cloudfront) so they are public. The current setup is to have all VPN traffic go through the instance so the WAF can only allow that specific IP to a specific domain (like demo.companyinternal.com) on cloudfront. Saw the post below but wanted to verify that this is still not possible either on the server side or client side to only route traffic over the vpn when the domain matches.
1 Like
There’s still no option to route domains.
In my case, we needed only certain routes (specific domains) to go through the VPN. These routes were behind AWS load balancers (which change IP addresses from time to time).
We implemented monitoring on the LoadBalancer IPs using Zabbix, and as soon as a change is detected, a remote command is executed using the Pritunl API to shut down the server, remove the current routes (based on some comment, for example: “Route added via script”), resolve the LoadBalancer CNAME to the A record (IPs), and add these IPs as routes in the VPN.
It’s not the best of worlds, but it solved our problem.
Could you share the commands you used in the API to stop the server and change/add the route?