Version 1.28 of Pritunl has been released. This release adds a new site-to-site linking system using IPsec. The new AES-GCM ciphers are now available with OpenVPN 2.4 and the latest Pritunl Client. Several web console interface improvements have also been made.
IPsec Linking
Previous releases of Pritunl used OpenVPN for site-to-site links. A new linking system using IPsec with a small link client is now available. The link client uses HTTPS to communicate with the Pritunl cluster to retrieve the state of the IPsec links. This allows deploying the small link client to remote sites without needing to delegate access to the MongoDB server or running a full Pritunl server. The IPsec link clients only need HTTPS access to the Pritunl cluster. The diagram below shows the infrastructure design with the link clients on the bottom connecting to the Pritunl cluster with HTTPS. The documentation has a tutorial for configuring links.
VPC Peering
The new site-to-site linking system includes automatic support for AWS and Google Cloud. This allows automatically managing the VPC routing tables for simple VPC peering and fast automated failover. An AWS tutorial and Google Cloud tutorial is available in the documentation.
Ubiquiti Unifi
The link client also includes support for Unifi Security Gateways. This allows automatic management of the routing table and port forwarding. The port forwarding management allows for automatic failover even when both link clients are behind the same public IP address. A Unifi tutorial is available in the documentation.
OpenVPN AES-GCM Ciphers
The new AES-GCM ciphers added to OpenVPN 2.4 improve security and performance. The new ciphers are enabled by default and require the Pritunl server to have version 2.4 of OpenVPN installed. The latest macOS and Windows Pritunl Client includes OpenVPN 2.4.
@pritunl
Follow Pritunl on Twitter | Find us on GitHub | Subscribe to our mailing list
