Pritunl Zero

DustinB3403

~BeyondCorp is a Zero Trust security framework modeled by Google that shifts access controls from the perimeter to individual devices and users. The end result allows employees to work securely from any location without the need for a traditional VPN.~

coliver

That's fine for marketing speak. But does it use a certificate on the local machine? I may have to setup one of these just to see how it is supposed to work.

DustinB3403

It looks a lot like a proxy. In that you manage all of your public facing services to it, and let it manage the connects back into your network.

Not really sure how it works specifically besides that.

DustinB3403

Going to their Gitlab website : gitlab.pritunl.com

lol. . uh didn't they say NO VPN?!

coliver

@dustinb3403 said in Pritunl Zero:

Going to their Gitlab website : gitlab.pritunl.com

lol. . uh didn't they say NO VPN?!

Right, I'm curious how this is supposed to work.

DustinB3403

Looking at the demo, they are managing the connections by passing everything through this service. The client devices than need to be setup with a certificate or 2FA device to allow you to login.

At least that's what it seems like to my coffee lacking brain.

coliver

@dustinb3403 said in Pritunl Zero:

Looking at the demo, they are managing the connections by passing everything through this service. The client devices than need to be setup with a certificate or 2FA device to allow you to login.

At least that's what it seems like to my coffee lacking brain.

Ok that's what I was thinking. Not necessarily a bad thing but not altogether revolutionary.

Alex Sage

My understanding is that a user visits a webpage, logs in, and they are able to reach internal web services.

At least that's what I am getting by looking at this:

https://docs.pritunl.com/docs/pritunl-zero-service

You can use it for SSH as well, too.

coliver

@aaronstuder said in Pritunl Zero:

My understanding is that a user visits a webpage, logs in, and they are able to reach internal web services.

At least that's what I am getting by looking at this:

https://docs.pritunl.com/docs/pritunl-zero-service

You can use it for SSH as well, too.

So it's a secure proxy with a landing page? Interesting. If you could tie 2FA into this I think that could an interesting tool.

Alex Sage

@coliver That's my understanding but I could be completely wrong.

0_1539263340118_791eb3ee-879f-4500-b5a3-1b375391ddf1-image.png

Alex Sage

@coliver Sadly, that's only available in the paid editions:

0_1539263417300_780bb61d-88cd-4661-b8a5-a1f8cb0dbe9f-image.png

Alex Sage

It's a open source (free?) alternative to CloudFlare Access.

https://www.cloudflare.com/products/cloudflare-access/

scottalanmiller

@aaronstuder said in Pritunl Zero:

It's a open source (free?) alternative to CloudFlare Access.

https://www.cloudflare.com/products/cloudflare-access/

I wasn't aware of that product, either.

stacksofplates

It looks like Vault or CloudFlare Access but less functionality.

stacksofplates

@coliver said in Pritunl Zero:

@aaronstuder said in Pritunl Zero:

My understanding is that a user visits a webpage, logs in, and they are able to reach internal web services.

At least that's what I am getting by looking at this:

https://docs.pritunl.com/docs/pritunl-zero-service

You can use it for SSH as well, too.

So it's a secure proxy with a landing page? Interesting. If you could tie 2FA into this I think that could an interesting tool.

I don't believe that's what this is. From their guide it sounds like this works similarly to Vault. Instead of pushing out individual keys to servers you use this CAs pub key on each server. Users thrn request a cert from the CA that they use to log in.

Ah my bad. I thought he was saying that's how it works for SSH.