Pritunl and Pritunl Link Release Announcement

Pritunl v1.30.3098.52 and Pritunl Link v1.0.2296.34 have been released in the stable repository. These releases improve link reliability and cipher configuration. The drop permissions option has also been added to the Pritunl server.

Preferred Cipher Option

The IPsec preferred ciphers can now be set from the Pritunl server link configuration. The preferred cipher can also be forced to configure IPsec to exclusively accept the provided ciphers.

This allows using newer ciphers such as the AES 128 GCM cipher that is capable of multi-gigabit link speeds. Below is a speed test of the aes128gcm128-x25519 cipher on an Oracle Cloud BM.Optimized3.36 bare metal server using an Intel Xeon Gold 6354 processor with 50 gigabit/sec Mellanox ConnectX-6 DX adapters. Additionally with CPU AES-NI offloading these ciphers will use minimal CPU resources on the system.

The test below is a single connection iperf3 -t 10 test measuring a 12.8 gigabit/sec speed.

The test below is a 10 connection iperf3 -t 10 -P 10 test measuring a 13.2 gigabit/sec speed.

The base network speed between these servers without an IPsec connection is 32.6 gigabit/sec.

Multiple Hosts in Pritunl Link URI

The Pritunl Link client will now accept multiple Pritunl server hostnames in the URI. When multiple hostnames are provided the link client will simultaneously send update requests to all the hosts and use the first response from an online host. Although links will currently remain online even if the Pritunl server cannot be reached due to the caching functionality this update provides additional reliability to keep links online even during significant outages. Below is an example URI with two hostnames.

pritunl://ID:SECRET@pritunl0.domain.com,pritunl1.domain.com

Drop OpenVPN Permissions

An option to drop OpenVPN permissions is now available in the Pritunl settings interface. This will configure the OpenVPN server process to drop to the Linux nobody user after initializing. This will provide additional security to the OpenVPN process and restrict the possibility of RCE exploits on the process.

@pritunl

Follow Pritunl on Twitter | Find us on GitHub | Subscribe to our mailing list

--

--

--

Enterprise Distributed VPN Server

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Exits of Cybersecurity Companies Increase 15-fold Over Five Years

Top 3 Reasons Why Digital Marketers Need to Be Cyber-Aware

Innosilicon A10 Pro 500MH/S Ethash Miner

10 of the Biggest Cybersecurity Threats to Watch for in 2017

Cyber Terrorism: understanding and preventing acts of terror within our cyber space

5 browser extensions to protect your privacy online.

Straight Dive to become a Hacker.

💎 Get prepared for the Trace Network's Treasure Hunt, starting tomorrow July seventh at 12 PM UTC…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Pritunl

Pritunl

Enterprise Distributed VPN Server

More from Medium

Dappled Petunias

22–02–03 Announcement-February 3 2022 Program Guidelines Update

How To Make National Hotdog Day Official Hotdog Cupcakes | Recipe

The Cincinnati Roebling Suspension Bridge