General Info
This covers the application pritunl, the host can be found at pritunl
Installation/Updates
The pritunl installation is configured and managed by Ansible.
To get some features such as local email, https://github.com/simonmicro/Pritunl-Fake-API is used. After updating, setup.py should be run again to point it back to the fake API.
This does come with some fun side effects, like the logo flipping and a watermark. The things we do to be a haxxor!
This setup is also handled by Ansible in the pritunl role, with the install_fake_api: true var set.
Creating New Users
-
Go to vpn.utat.space. Log in using the Admin credentials that you were provided.
-
Go to Users → Add User
- Enter their name and email (if available)
-
To send the key, select the user (either by searching or by sorting by Last Active), then hit “Email Users” on the top right. Reply to the user’s Slack message with “emailed!” or something like that
-
(OLD, do if emailing doesn’t work) Find the user in the user list, and click on the link icon
-
Copy the link to the User Profile .zip file (the first link downloads a tarball, which isn’t super compatible)
-
Send this link IN A DM to the user requesting it
New Nov. 2023: emailing!
Due to UofT IT constraints, Reid installed a UTAT mail server proxy on his own hardware. The proxy is connected on the VPN, so the flow is UTAT server sends mail to proxy on VPN IP, which forwards the email to the Internet on Reid’s private, unrestricted IP. Sending emails to that IP will route them to smtp2go, which actually send the email.
10.0.7.58:587, *@utat.space
Now, all you need to do for distributing the VPN keys is select the user, and then hit “Email Selected”.
Check status of pritunl: sudo service pritunl status
Check status of mongoDB (dependency of pritunl): sudo service mongod status
In order to enable the internal network to connect to VPN machines, you need to add a static route on the ERX to 10.0.7.0/24 via 10.0.1.151 (gateway route) and in Pritunl, disable NAT on the route to the LAN.