Multiple Site VPN

Pritunl Pritunl VPN
1

Hi All,
Here I go again trying to get a “good” setup. We are a world-wide company with a complex setup, so of course nothing is simple. I want to provide all my users with a good experience so here is how I have everything setup right now.

I have 4 VMs running Pritunl + mongoDB. Each node has the ability to talk to all the other nodes freely through IPSec tunnels setup at the router level (literally IPSec, not through pritunl, not openvpn, not wireguard).

Sometimes, its great, and works perfectly for days. Today, for instance, the system has kicked everyone off 20-30 times. Each time its down for 5-10 seconds and automatically reconnects.

When I look at the logs it seems to tell the same story, pritunl has lost connection with Mongodb.

Yet when I look at our monitoring, our ping rates, etc there is no indication of network issue and other applications are running just fine through the tunnels.

Each MongoDB is part of a replica set, pretty much out of the box. When I look at the logs it basically says it lost communication and regained it (in terms of seconds, like a rekeying of the ipsec tunnel), AND only one node lost connection, AND not the primary MongoDB Node!

So as I did some more research and was looking through the “suggested” setups, I don’t see any where the MongoDB is across multiple DCs. So I got to thinking, maybe this isn’t the right way.

So maybe the kind folks here can suggest a “better” way of handling this.

I need multiple locations to have their own server, so that the latency doesn’t kill people. As an example we have people in India. If they want to connect to our DC in France, we have them connect to our Germany Pritunl Server → IPSec → France DC. If we only had one, say in USA, that traffic would go India → USA → France DC. latency would be 300ms+

I have considered having just one DC have a MongoDB replica set, secure it over SSL, and just have all the servers connect to it, but then Pritunl → MongoDB latency would be in the 120-200ms range in places, is that ok?

Really hoping we don’t have to give up on Pritunl as we really like it.
Signed, Please help :smiley:

2

The MongoDB replica set should be in one region, the best location for the database with global configurations is North Virginia datacenters. The MongoDB replica nodes cannot be spread across regions with high latency. MongoDB Atlas provides hosted databases. I’ve worked with a lot users who have global setups with high latency, the latency between Pritunl and the database won’t create issues.