Pritunl Tutorial

Site-to-Site VPN Gateway with EdgeMax


This tutorial will show you how to setup a site-to-site gateway vpn with two EdgeRouters. The site-to-site link will allow both networks to access the other network using the gateways, connected vpn clients will also have access to both networks. This tutorial can also be used to add additional networks to the Pritunl server using the same steps. Below is the topology for this example where the two local networks and 10.50.0/24 will be linked allow inter-communication between the two networks over the vpn connection. This will not require opening any ports or modifying the firewall on the router. A Premium or Enterprise license is required for this configuration.


This tutorial will use either the Ubiquity EdgeRouter X a $50 5-port gigabit router, the faster Ubiquity EdgeRouter Lite a $100 3-port gigabit router or the Ubiquity EdgeRouter POE a $170 5-port POE gigabit router. The routers can be purchased on Amazon using the links below.

EdgeRouter Initial Setup

First connect a computer to the eth0 port on the EdgeRouter and give the computer a static IP address of with subnet. The gateway does not need to be set. Once connected go to and login using the default username and password ubnt. This should be repeated for both EdgeRouters.

EdgeRouter System Settings

In the EdgeRouter web console for each gateway open the System settings and set the host name to Pritunl. Set the gateway address and name server, in this example and is used. Then go to the Users tab and choose the Config action for the ubnt user and set a password.

EdgeRouter IP Address

Once the system settings are configured go the dashboard and choose the Config action of the eth0 interface. Give the interface an IP address that is available on your local network. In this example the local network is or and the address or will be used. Once the address is set you will no longer be able to access the web console at After the address is set, connect the eth0 port of the EdgeRouter to your local networks router or switch. Then remove the static IP on your desktop and connect it to the local network. Then go to the address you gave the EdgeRouters which is or in this example and login to the web console.

Create Pritunl Users

Login to the Pritunl web console and stop any running servers on that are attached to the Organization that you will be using for the EdgeRouter users. Then add a user for each router with a network link to or and start the server.

Install Pritunl EdgeRouter Plugin

Download and install the Pritunl EdgeRouter Plugin this will allow adding and managing Pritunl vpn profiles from the EdgeRouter web console. After downloading the plugin go to the Wizards section and select the + in the sidebar. Then name the wizard Pritunl and upload the plugin package.

Import Pritunl Profile

Download the profile for the new user and then open the Pritunl plugin that was added earlier and click Add New. Set the Interface to vtun0 then open the downloaded profile and copy the contents to the Profile field. Once done click Apply. After the profile has been added the vtun0 interface should show as Connected on the dashboard.

Add Static Routes

Clients on the Pritunl server will now have access to the and network but the devices on the network will not know where to route responding traffic. To allow the networks to reach each other and the vpn network a static route to and to the other network must be added on the EdgeRouters at or This process will depend on what router you are using and the topology and configuration of your network. Alternatively you can use a NAT described below. If you are also using an additional EdgeRouter for the and network router the settings below will add the static routes. These settings should be run on the router at or not on the EdgeRouter at or


Once the gateways are setup vpn clients will then be able to access the and network. Devices on the and network will be able to access the other network and the vpn network.


Follow Pritunl on Twitter | Find us on GitHub | Subscribe to our mailing list

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.