Skip to content

How to create a VPN Server: Pritunl

Goal

To create a VPN server to access all the private networks (or at least, those ones "peered" to the VPN one) in the Organization.

Assumptions

We are assuming the binbash Leverage Landing Zone is deployed, apps-devstg and shared were created and region us-east-1 is being used. In any case you can adapt these examples to other scenarios.

How to

As per binbash Leverage Landing Zone defaults, the VPN server will be created in a public network of the shared base-network VPC.

It is a "Pritunl" server.

All the networks that should be accessible from the VPN must:

  • be "peered" to the shared base-network VPC
  • their CIDR have to be added to the "Pritunl VPN" server

This Pritunl server will be deployed in an EC2 instance.

Note this instance can be started/stopped in an scheduled fashion, see here for more info. (Note also, if no EIP is being used, when the instance is stopped and then started again the IP will change.)

DEPLOYMENT STEPS

  1. Create the EC2 instance with Terraform
  2. Deploy Pritunl VPN Server with Ansible
  3. Configure Pritunl from its web GUI interface