I was looking at the Pritunl Enterprise edition product and wondered if we could set up the following scenario using it:
- Our AWS environment consists of a number of VPCs in different AWS regions.
- We want to use Pritunl Enterprise to provide private IP connectivity to all our AWS VPCs, regardless of which Pritunl server clients establish their VPN connection to.
- All our Pritunl servers will be in one Pritunl cluster. They will share the same MongoDB database.
- We plan to deploy at least one Pritunl server in us-east-1 and at least one Pritunl server in us-west-2 in a VPC in each region designated as the "hub" VPC.
- We plan to AWS VPC peer all of our VPCs in one region to the "hub" VPC for that region (shown as dashed green links in the diagram below).
- We would like inter-region VPC private IP connectivity between our "hub" VPCs using Pritunl (shown as a dashed red link in the diagram below).
I found a Pritunl AWS site-to-site setup guide here: https://medium.com/pritunl-tutorials/pritunl-advanced-tutorial-2be5cc57dff8, but it looks like they are creating two VPN servers. This means that clients will need to connect to different port numbers depending on the Pritunl server they are connecting to. Ideally, we'd like to use the same server on each Pritunl host in us-east-1 and in us-west-2 so that the port numbers that clients connect to are the same.
Best Answer
Amazon VPC peering connections don't allow for transitive connections across VPC networks. You would have to create a tunnel/vpngw for each and every VPC.
http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/invalid-peering-configurations.html
I currently have the same issue with 7 VPCs across three different consolidated billing accounts and can't have just one tunnel between our remote site and our accounts. I would be forced to create a peering connection from our sites router, to each VPC. It makes the cost unbelievable. It's a large failure on AWS's part that they can't adhere to standard layer 3 routability between VPCs.