We’re trying to set up a replicated (with 2 hosts) environment.
A requirement is the clients should not be able to communicate with each other - this is what we have set up:
in the server config:
- Inter-Client routing is disabled (un-checked)
- VXLan Routing is enabled (checked)
- Replication count is 2
- Restrict Routing is enabled (checked)
AWS SG is configured to be wide open for testing purposes, allowing all traffic from 0.0.0.0/0
And we have Cloud Advertise enabled on the virtual network in for the pritunl server. The other routes defined in the Pritunl Server are non-Nat without cloud advertise enabled.
In AWS the network interfaces used by the pritunl hosts have source/dest check disabled
At the VPC level in AWS, we can see pritunl has managed routes for the pritunl server as well as for vxlan networks.
So a generic configuration is as follows:
Priutnl Host 1 ip: 1.2.3.4
Pritunl Host 2 ip: 5.6.7.8
AWS VPC routes from pritunl:
10.10.10.0/24 using eni from pritunl host 1
10.20.20.0/24 using eni from pritunl host 2
and a route for vxlan, one over pritunl host 1 and one over pritunl host 2
if the pritunl client is connected to pritunl host 1, it can connect to 10.10.10.0/24 but not 10.20.20.0/24
if the pritunl client is connected to pritunl host 2, it can connect to 10.20.20.0/24 but not 10.10.10.0/24
if we enabled inter-client routing, it all seems to work but we really can’t have our clients able to communicate with each other.
Is there something we’re missing to use replication without inter-client routing being enabled?